|
CISA: Certified Information
Systems Auditor www.isaca.org
06/11/05
CISM: Certified Information Security
Manager, www.isaca.org
02/01/04
CISSP: Certified Information
Systems Security Professional,
International Information Systems Security Certification Consortium,
(ISC)2 – www.isc2.org
03/31/02
Computer Forensics Training, New Technologies, Inc., Professional
Certification by Oregon State University
Graduate Studies / Computer Science, Polytechnic University, Brooklyn,
NY
B.S. in Computer Science, Lebanon Valley College, Annville, PA
Classes and conventions attended:
CISA Review Course
A structured approach to incident response.
Hacking by numbers.
Microsoft Ninjutsu: Securely Deploying MS Technologies
Interconnecting Cisco Network Devices
Blackhat Training and Briefings
NetSEC - Computer Security Institute
FBI Infargard http://www.sfbay-infragard.org/
ISACA http://www.isaca.org
CISA – Certified Information
Systems Auditor
Management,
Planning and Organization of IS
Evaluate the strategy, policies, standards, procedures and related
practices for the management, planning and organization of IS.
Technical
Infrastructure and Operational Practices
Evaluate the effectiveness and efficiency of the organization's
implementation and ongoing management of technical and operational
infrastructure to ensure that they adequately support the organization's
business objectives.
Protection of
Information Assets
Evaluate the logical, environmental and IT infrastructure security
to ensure that it satisfies the organization's business requirements for
safeguarding information assets against unauthorized use, disclosure,
modification, damage or loss.
Disaster
Recovery and Business Continuity
Evaluate the process for developing and maintaining documented,
communicated and tested plans for continuity of business operations and
IS processing in the event of a disruption.
Business
Application System Development, Acquisition, Implementation and
Maintenance
Evaluate the methodology and processes by which the business
application system development, acquisition, implementation and
maintenance are undertaken to ensure that they meet the organization's
business objectives.
Business
Process Evaluation and Risk Management
Evaluate business systems and processes to ensure that risks are
managed in accordance with the organization's business objectives.
CISM – Certified Information Security
Manager
Tests the ability to manage, design, and oversee an enterprise’s
information Security. To Pass the CISM Test, along with several years of
experience, you must have knowledge in the following areas.
Information Security Governance
Establish and maintain a framework to provide assurance that information
security strategies are aligned with business objectives and consistent
with applicable laws and regulations.
Risk Management
Identify and manage information security risks to achieve business
objectives.
Information Security Program Management
Design, develop and manage an information security program to implement
the information security governance framework.
Information Security Management
Oversee and direct information security activities to execute the
information security program.
Response Management
Develop and manage a capability to respond to and recover from disruptive
and destructive information security events.
CISSP - Certified Information Systems
Security Professional
To pass the CISSP test, you must have knowledge in the following
areas:
Access Control Systems and Methodology
Applications and Systems Development Security
Business Continuity Planning (BCP) and Disaster Recovery Planning
(DRP)
Cryptography
Law, Investigation and Ethics
Operations Security
Physical Security
Security Architecture and Models
Security Management Practices
Telecommunications and Network Security
|
