What are some of the industry standard certifications that exists. Which ones are the most sought after in the IT security field?
post should be in 350 words
There are mainly five in the industry-standard certifications.
The Certified Ethical Hacker (CEH) is an intermediate-level credential offered by the International Council of E-Commerce Consultants (EC-Council). It's a must-have for IT professionals pursuing careers in ethical hacking. CEH credential holders possess skills and knowledge on hacking practices in areas such as footprinting and reconnaissance, scanning networks, enumeration, system hacking, Trojans, worms and viruses, sniffers, denial-of-service attacks, social engineering, session hijacking, hacking web servers, wireless networks and web applications, SQL injection, cryptography, penetration testing, evading IDS, firewalls, and honeypots. To obtain a CEH certification, candidates must pass one exam. A comprehensive five-day CEH training course is recommended, with the exam presented at course conclusion.
The Certified Information Security Manager (CISM) is a top credential for IT professionals responsible for managing, developing and overseeing information security systems in enterprise-level applications, or for developing best organizational security practices. The CISM credential was introduced to security professionals in 2003 by the Information Systems Audit and Control Association (ISACA).
ISACA's organizational goals are specifically geared toward IT professionals interested in the highest quality standards with respect to audit, control and security of information systems. The CISM credential targets the needs of IT security professionals with enterprise-level security management responsibilities. Credential holders possess advanced and proven skills in security risk management, program development and management, governance, and incident management and response.
Holders of the CISM credential, which is designed for experienced security professionals, must agree to ISACA's Code of Professional Ethics, pass a comprehensive examination, possess at least five years of security experience, comply with the organization's continuing education policy and submit a written application. Some combinations of education and experience may be substituted for the experience requirement.
CompTIA's Security+ is a well-respected, vendor-neutral security certification. Security+ credential holders are recognized as possessing superior technical skills, broad knowledge and expertise in multiple security-related disciplines.
While Security+ is an entry-level certification, successful candidates should possess at least two years of experience working in network security and should consider first obtaining the Network+ certification. IT pros who obtain this certification possess expertise in areas such as threat management, cryptography, identity management, security systems, security risk identification and mitigation, network access control, and security infrastructure. The CompTIA Security+ credential is also approved by the U.S. Department of Defense to meet Directive 8140/8570.01-M requirements. In addition, the Security+ credential complies with the standards for ISO 17024.
4. CISSP: Certified Information Systems Security Professional:
The Certified Information Systems Security Professional (CISSP) is an advanced-level certification for IT pros serious about careers in information security. Offered by the International Information Systems Security Certification Consortium, known as (ISC)2 (pronounced "ISC squared"), this vendor-neutral credential is recognized worldwide for its standards of excellence.
CISSP credential holders are decision-makers who possess expert knowledge and technical skills necessary to develop, guide and then manage security standards, policies and procedures within their organizations. The CISSP continues to be highly sought after by IT professionals and is well recognized by IT organizations. It is a regular fixture on most-wanted and must-have security certification surveys.
CISSP is designed for experienced security professionals. A minimum of five years of experience in at least two of (ISC)2's eight Common Body of Knowledge (CBK) domains, or four years of experience in at least two of (ISC)2's CBK domains and a college degree or an approved credential, is required for this certification.
Another fine entry-level credential is the GIAC Security Essentials (GSEC), designed for professionals seeking to demonstrate that they not only understand information security terminology and concepts but also possess skills and technical expertise necessary to occupy "hands-on" security roles.
GSEC holders have the knowledge and technical skills in areas, such as identifying and preventing common and wireless attacks, access controls, authentication, password management, DNS, cryptography fundamentals, ICMP, IPv6, public key infrastructure, Linux, network mapping and network protocols.
The Most Sought After Information Security Field:
Vulnerability Analysis
The ability to identify vulnerabilities within an enterprise system, as well as to propose and implement effective remediations and responses to those vulnerabilities.
Malware Analysis
Knowledge of how the malware operates and infects systems, as well as how to recover from a malware infestation.
Risk Assessment Analysis
The ability to identify risks, and determine appropriate mediations for those risks.
Attack Vector Knowledge
An understanding of current attack vectors - from both the standpoint of what's happening today, and on an ongoing basis - and anticipate what may surface in the future.
Enterprise Security Skills
The ability to plan and implement information security strategies to protect the enterprise, its critical information, and its assets.
Strategic and Tactical Information Security Skills
The ability to bridge the gap between policy-driven information assurance and technical implementation in order to increase operator and administrator effectiveness and organizational agility.
Contextual and Systematic Security Analysis
The ability to go beyond the individual component and area perspective to develop a more holistic and contextual view of information security that incorporates networks, systems, and human-oriented processes.
What are some of the industry standard certifications that exists. Which ones are the most sought...