Certification Programs for Network Security Personnel
As most professionals are aware, professional certification is available in just
about every area of network security. The following sections cover several applicable
certifications. Whether you're a security professional, computer programmer, database
administrator, or wide area network (WAN) specialist, professional organizations
offer enough certifications and exams to keep you busy for the rest of your career.
The following sections cover the most popular IT security certifications and describe
some exam requirements briefly. You should have already earned, at minimum, CompTIA
Security+ certification or have equivalent knowledge, which assumes networking
competence at the CompTIA Network+ level of knowledge, a prerequisite for the
Security+ certification. For more details, visit the CompTIA Web site (www.comptia.org).
Certified Ethical Hacker
The International Council of Electronic Commerce Consultants (EC-Council) has
developed a certification designation called Certified Ethical Hacker (CEH). Currently
the multiple-choice CEH exam is based on 22 domains (subject areas) the tester must
be familiar with. Knowledge requirements change periodically, so if you're interested
in taking this exam, visit EC-Council's Web site (www.eccouncil.org) for the most
up-to-date information. The 22 domains tested for the CEH exam are as follows:
[] Ethics and legal issues
[] Footprinting
[] Scanning
[] Enumeration
[] System hacking
[] Trojans and backdoors
[] Sniffers
[] Denial of service
[] Social engineering
[] Session hijacking
[] Hacking application vulnerabilities
[] Web application vulnerabilities
[] Web-based password-cracking techniques
[] Structured Query Language (SQL) injection
[] Application - Password cracking, containment measures
[] Verification - Problem solving, security testing
The exam requires testers to not only answer multiple-choice questions, but also
conduct security testing on an attack network successfully. This practical-application
portion of the exam ensures that testers can apply their knowledge to a real-world
setting. For more information on this certification visit www.isecom.org.
Certified Information Systems Security Professional
The Certified Information Systems Security Professional (CISSP) certification for
security professionals is issued by the International Information Systems Security
Certification Consortium (ISC2). Even though the CISSP certification isn't geared
toward the technical IT professional, it has become one of the standards for many
security professionals. The exam doesn't require testers to have technical knowledge
in IT; it tests security-related managerial skills. CISSPs are usually more concerned
with policies and procedures than the actual tools for conduction security tests or
penetration tests, so they don't need the skills of a technical IT professional. ISC2
requires exam takers to have five years experience before taking the five-hour exam,
so don't rush into it until you've been in the industry a while. The exam covers
questions from the following 10 domains:
[] Access control systems and methodology
[] Telecommunications and network security
[] Security management practices
[] Applications and systems development security
[] Cryptography
[] Security architecture and models
[] Operations security
[] Business continuity planning and disaster recovery planning
[] Laws, investigations, and ethics
[] Physical security
For more information on this certification, visit www.isc2.org
| 
About BTH
User Agreement
Privacy
Site Map
Contact
News Feeds
RSS Feed
Follow @Stephen Bucaro
Basics and Certification
