Top 3 IT Security Certifications

SecurityCerts.org, an organization that provides security certification information to security professionals, has chosen its top three security certifications for 2009.

The Certified Information Systems Security Professional (CISSP) came out on top. Offered by the International Information Systems Security Certification Consortium (ISC(2)), the well-known certification covers a wide area of information security.

Coming in at No. 2 was the SANS Institute Security Essentials Certification (GSEC). This certification focuses on security skills that can be leveraged in a security environment.

The Security+ certification came in at No. 3, and is considered to be for entry-level security professionals.

IT Security Certifications

IT Security Certifications are becoming more and more popular and necessary as the job economy becomes tougher. IT Security Professionals are trying to distant themselves from their competition while companies are looking for the best and brightest in the field. Below are some of the certifications I am researching for a bigger IT Security Certifications project.

CCSA -- Certification in Control Self-Assessment
The CCSA demonstrates knowledge of internal control self-assessment procedures, primarily aimed at financial and records controls. This cert is of primary interest to those professionals who must evaluate IT infrastructures for possible threats to financial integrity, legal requirements for confidentiality and regulatory requirements for privacy.
Source: Institute of Internal Auditors

CFE -- Certified Fraud Examiner
The CFE demonstrates ability to detect financial fraud and other white-collar crimes. This cert is of primary interest to full-time security professionals in law, law enforcement or those who work in organization with legal mandates to audit for possible fraudulent or illegal transactions and activities (such as banking, securities trading or classified operations).
Source: Association of Certified Fraud Examiners

CFSA -- Certified Financial Services Auditor
The CFSA identifies professional auditors with thorough knowledge of auditing principles and practices in the banking, insurance and securities financial services industries. Candidates must have a four-year degree or a two-year degree with three years of experience in a financial services environment, submit a character reference and show proof of at least two years of appropriate auditing experience. To obtain this certification, candidates must pass one exam.
Source: The Institute of Internal Auditors

CGAP -- Certified Government Auditing Professional
The CGAP identifies public-sector internal auditors who focus on fund accounting, grants, legislative oversight and confidentiality rights, among other facets of internal auditing. Candidates must have an appropriate four-year degree or a two-year degree with five years of experience in a public-sector environment, submit a character reference and show proof of at least two years of direct government auditing experience. To obtain this certification, candidates must pass one exam.
Source: The Institute of Internal Auditors

CIA -- Certified Internal Auditor
The CIA cert demonstrates knowledge of professional financial auditing practices. The cert is of primary interest to financial professionals responsible for auditing IT practices and procedures, as well as standard accounting practices and procedures to insure the integrity and correctness of financial records, transaction logs and other records relevant to commercial activities.
Source: Institute of Internal Auditors

CISA -- Certified Information Systems Auditor
The CISA demonstrates knowledge of IS auditing for control and security purposes. This cert is of primary interest to IT security professionals responsible for auditing IT systems, practices and procedures to make sure organizational security policies meet governmental and regulatory requirements, conform to best security practices and principles, and meet or exceed requirements stated in an organization's security policy.
Source: Information Systems Audit and Control Association

ECSP -- EC-Council Certified Secure Programmer
The ECSP identifies programmers who can design and build relatively bug-free, stable Windows- and Web-based applications with the .NET/Java Framework, greatly reducing exploitation by hackers and the incorporation of malicious code. Candidates must attend a Writing Secure Code training course and pass a single exam.
Source: EC-Council

Security5
Security5 certification identifies non-IT office workers and home users who understand Internet security terminology, know how to use defense programs such as antivirus and antispyware applications, can implement basic operating system security and follow safe Web and e-mail practices. Candidates must attend a two-day course and pass one exam.
Source: EC-Council

CISA and CISSP Information

Below are some security information that will help you in the CISA and CISSP certifications

Understanding the Threat

• Protecting information assets is a significant challenge for IT Security Professionals

• To protect information assets IT Security Professionals must use:

1. Administrative Controls
2. Physical Controls
3. Technical ControlsReasons for Security Issues

• Technology Weaknesses
o Each network & computing technology has inherent security problems.
• Configuration Weaknesses
o Even the most secure technology can be misconfigured exposing security problems.
• Policy Weaknesses
o A poorly defined, implemented or managed security policy can make the best security infrastructure open for abuse.

Security Definitions
• Threats
o A threat is any potential danger to information or systems

• Vulnerabilities
o A vulnerability is a software, hardware or procedural weakness that may provide an attacker a way to access information or systems.

• Attacks
o An attack is a technique used to exploit a vulnerability.

Information on the Certified Information Systems Security Professional

Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by theInternational Information Systems Security Certification Consortium (commonly known as (ISC)²).

As of April 11, 2007, (ISC)² has reported certifying 48,598 information security professionals in more than 120 countries. In June, 2004, the CISSP program earned the ANSI ISO/IEC Standard 17024:2003 accreditation, the first IT certification to have done so.

It is formally approved by the U.S. Department of Defense (DoD) in both their Information Assurance Technical (IAT) and Managerial (IAM) categories.

The CISSP has been adopted as a baseline for the U.S. National Security Agency's ISSEP program, which further extends the CISSP significantly.

Taken from: http://en.wikipedia.org/wiki/CISSP