Top 3 IT Security Certifications

SecurityCerts.org, an organization that provides security certification information to security professionals, has chosen its top three security certifications for 2009.

The Certified Information Systems Security Professional (CISSP) came out on top. Offered by the International Information Systems Security Certification Consortium (ISC(2)), the well-known certification covers a wide area of information security.

Coming in at No. 2 was the SANS Institute Security Essentials Certification (GSEC). This certification focuses on security skills that can be leveraged in a security environment.

The Security+ certification came in at No. 3, and is considered to be for entry-level security professionals.

CCNA Secuity Certification

CCNA Security Certification meets the needs of IT professionals who are responsible for network security. It confirms an individual's skills for job roles such as Network Security Specialists, Security Administrators, and Network Security Support Engineers. This certification validates skills including installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security structure.

Students completing the recommended Cisco training will gain an introduction to core security technologies as well as how to develop security policies and mitigate risks. IT organizations that employ CCNA Security-holders will have IT staff that can develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats.

Exam Description

The 640-553 IINS Implementing Cisco IOS Network Security exam is associated with the CCNA Security certification. This exam tests a candidate's knowledge of securing Cisco routers and switches and their associated networks. It leads to validated skills for installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security infrastructure.

Candidates can prepare for this exam by taking the Implementing Cisco IOS Network Security (IINS)course.

The EnCase Evidence File Format

The EnCase Evidence File Format

The EnCase evidence file can also be referred to as a forensic image file. The concept of an image file is where the entire drive contents of a target media is copied to a file and checksum values are calculated to verify the integrity (useful in court cases) of the image file (often referred to as a “hash value”). Forensic images are acquired with the use of software tools such as the UNIX “dd’ and FTK Imager as well as hardware were cloning devices such as the Solo Masster and Logicube’s MD5 have added forensic functionality.

One major difference between the above mentioned techniques to acquire image files and the EnCase image files is the “bag-and-tag” concept. The UNIX “dd” and many of the hardware cloning devices only provide the bit-for-bit information during acquisition. EnCase on the other hand provides the bit-for-bit data as well as additional data such as case information; data block integrity and file integrity to name a few. These functions are built into the EnCase imaging process for interoperability and ease of use. If the same function were to be implemented using the UNIX “dd” or the hardware options, this process would require many different tools and multiple steps to obtain the same results.

My next posting will be on the "EnCase Evidence File Components and Functions".

What are the phases of the EnCE® exam?

What are the phases of the EnCE® exam?
The EnCE® exam has two phases:

• Phase I of the EnCE® exam is a computer-based test administered by Prometric. Students must obtain a grade of 80% or higher to pass and proceed to Phase II.
• Phase II is a practical test requiring students to examines computer evidence that is sent to them via CD-Rom. Students must submit their findings report to the certification coordinator within 60 days and receive a grade of 85% of higher to pass. A 30-day extension may be granted in certain circumstances. Candidates successfully passing Phase I and II of the process are awarded the EnCE® designation.

How much does the EnCE® program cost?
The total cost for the EnCE® program is $200.00(USD) in the USA and $225.00(USD) internationally . This fee is paid to Prometric to take the Phase I computer-based test. When you register for Phase I of your EnCE® test with Prometric, you will notice the price is listed from $750.00 to $1000.00 (USD). After you enter in your voucher number provided by the Guidance Software certification coordinator, the test price will change to the discounted price. EnCE® certification is inexpensive compared to other professional and IT certifications. The cost was intentionally kept low, as Guidance Software understands many users, especially in the public sector, will not be reimbursed for the fee.

What materials can I use to study for the EnCE® computer-based test?
Guidance Software offering free EnCase® Certified Examiner Study Guides for the computer-based test administered by Prometric. All EnCE® candidates whose applications are approved by the Certification Coordinator will receive a free EnCE® Study Guide by mail. The study guide covers the four parts of the test administered by Prometric including: Examining Computer Based Evidence With Encase®, Computer Knowledge, Good Forensic Practices, and Legal.

If your application for the EnCE® program has been approved and you have received a Prometric voucher number, but have not received you EnCE® Study Guide, please fill out our online Study Guide Request or contact the Guidance Software Certification Coordinator at (626) 229-9191, ext. 513, or email us at certification@guidancesoftware.com

We recommend candidates familiarize themselves with information contained in the following publications:

• EnCase® Legal Journal by Guidance Software
• EnCase® User's Manual by Guidance Software

The EnCase® Forensic Methodology Training manuals also serve as helpful study material. The EnCase® Legal Journal can be downloaded in Adobe Acrobat Reader from Guidance Software's Web site. The EnCase® User's Manual can also be downloaded from Guidance Software's Web site (EnCase® software user name and password required). Some suggested resources for the Computer Knowledge and Good Forensic Practices sections are:

• How Computers Work by Ron White
• Handbook of Computer Crime by Eoghan Casey

What topic areas does the EnCE® computer-based test cover?

• Examining computer based evidence with EnCase®
• The EnCase® Evidence File
• EnCase® Concepts
• The EnCase® Environment
• Searching
• File Signature and Hash Analysis
• Computer Knowledge
• Understanding Data and Binary
• The BIOS
• Computer Boot Sequence
• File Allocation Table Systems
• Computer Hardware Concepts
• Good Forensic Practices
• First Response
• Acquisition of Digital Evidence
• Operating System Artifacts
• Legal (North American EnCE® candidates only)

How do I renew my EnCE®?
The EnCE® designation is valid for two years from the date it is earned. EnCase® Certified Examiners are required to earn sixty-four (64) credit hours of documented continuing education in Computer Forensics or Incident Response every two years to maintain their certification. The training should either be from Guidance, your agency, or an accredited source. You can earn one credit hour for each classroom hour of training and 1/2 credit hour for each one hour of instruction as a Computer Forensics or Incident Response curriculum instructor. Your expiration date is listed on your wallet card. In order for training to qualify for renewal it needs within the two year time period. (Example: If you were certified on 1/1/2005, only training taken between 1/1/2005 and 1/1/2007 would qualify for renewal credits.)

If you were not given certificates, please put the following information in a letter.

Date of the Class
Number of hours
Name of the class
Who provided the training
Short description of the class

When you are ready to submit your renewal credit, please fill out the EnCE® Renewal Form, attach renewal documentation and either mail, fax, or scan/email to:

Certification Coordinator
Guidance Software, Inc.
215 N. Marengo Ave. 2nd floor
Pasadena, CA 91101
Email: certification@guidancesoftware.com
Fax: (626) 432-9558

What if my voucher expires or did not finish my Phase II test before the due date?
- If the Phase I voucher expires, simply contact the Certification Coordinator to obtain a new voucher.
- If anyone does not turn in the Phase II practical with in the time allotted them, they will be required to wait 2 month from the date that the test would have been due and then start the EnCE® process over starting at Phase I.

What if I fail the test?
- Anyone who does not obtain a grade of 80% to pass the Phase I test will be required to wait 2 months before a new voucher will be issued.
- Anyone who does not obtain a grade of 85% to pass the Phase II Practical will be required to wait 2 months before they will be allowed to retest. Those who fail the Phase II will be required to start over at Phase I .
- A new application will be needed if organization of personal information has changed during the 2-month wait period.

Contact Guidance Software's EnCE® certification coordinator at:
Guidance Software
Certification Coordinator
215 North Marengo Avenue
Second Floor
Pasadena, CA 91101
Tel: (626) 229-9191 x 513
certification@guidancesoftware.com

Apple Certified System Administrator 10.5

Apple Certified System Administrator (ACSA) 10.5 certification verifies an in-depth knowledge of Apple technical architecture and an ability to install and configure machines; architect and maintain networks; enable, customize, tune, and troubleshoot a wide range of services; and integrate Mac OS X, Mac OS X Server, and other Apple technologies within a multi-platform networked environment. ACSA certification is intended for full-time professional system administrators and engineers who manage medium-to-large networks of systems in complex multiplatform deployments.

Required Exams:

• Mac OS X Server Essentials v10.5 Exam (9L0-509)

• Directory Services v10.5 Exam (available mid-2008)

• Advanced Administration v10.5 Exam (available mid-2008)

• Deployment v10.5 Exam (available mid-2008)

As the Apple certification program continues to evolve, TestKing will continue to change and update our content to reflect those changes. Most of those who have earned one or more Apple certifications have done so through self-study, mainly because of the cuts in IT training budgets in recent years. With that in mind, TestKing has developed high quality and affordable study materials that will help you pass your certification exams quickly and easily, the very first time.

CWSP - Certified Wireless Security Professional

The CWSP exam is an advanced level wireless LAN certification developed by Planet3 Wireless. This exam is a part of the Certified Wireless Network Program (CWNP). The exam tests your ability on how well you are able to protect your company’s valuable data from hackers. For anyone desiring a career in IT or Security this is a certification you cannot afford to be without.

The CWSP is the first nationally recognized wireless security exam offering in the United States. While this exam is has been around for several years, it is probably one of the best kept secrets. However when securing employment with major corporations in the area of wireless security, you will find that employers are looking for this certification.

One of the great fears around wireless is security. The one thing that beats fear is education. I applaud Planet3 Wireless on the job they have done in providing an exam that is both comprehensive and accurate. This vendor neutral exam really outlines the security solutions that are available today and more importantly how the solution should be utilized. The exam looks at the customer’s infrastructure and not the vendor’s product. You will find that the exam leaves no stone unturned.

Test Preparation:
The best study material to date other than real world experience is a combination of the following

1. CWSP Instructor-led Training
2. CWSP Study Guide
3. Practice Test

Ideally, your chances are better for passing the exam when you combined all three of these methods. However, money and time constraints sometimes prevent this from happening.

Exam Prerequisites:
There is only one prerequisite. Individuals attempting to take this exam must be CWNA certified. (Certified Wireless Network Administrator (CWNA) is another wireless certification through Planet3 Wireless which deals with wireless administration). While not a requirement, it is recommended that testers have their Security+ and/or SCP certification.


Exam Registration #:
PW0-200


Exam Cost:
The exam can be purchased for $175.00 USD.


Exam Format:
The CWSP exam is a 90 minute timed exam which consists of 60 scenario based questions. You are required to obtain a passing score of 70%. Should you have an interests in being an instructor, the passing score requirements are a little more stringent. A passing score of 80% is required.


Exam Content
You will find that the exam covers three basic areas; Wireless LAN Security Solutions, Wireless LAN Intrusion, and Wireless LAN Security Policies. The exam goes into deeper detail by highlighting the topic below:

* Wireless Security Principles
* Intrusion Techniques
* How Networks are Compromised
* Intrusion Detection Systems
* Layer 2 Wireless VPNs
* SOHO/SMB 802.1X/EAP Security
* Enterprise Wireless Gateways
* Secure Wireless Bridging
* Wireless LAN Switching
* Wireless VLANs and EAP Types
* Secure Wireless LAN Management
* Wireless VPN Routers


Exam Location:
The exam is nationally recognized and can be taken through any Authorized Thompson Prometric Testing Center. For locations in your area, check out http://www.2test.com.

I highly recommend anyone who is going into the field of security wired or wireless to take this exam.

Information on the Certified Information Systems Security Professional

Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by theInternational Information Systems Security Certification Consortium (commonly known as (ISC)²).

As of April 11, 2007, (ISC)² has reported certifying 48,598 information security professionals in more than 120 countries. In June, 2004, the CISSP program earned the ANSI ISO/IEC Standard 17024:2003 accreditation, the first IT certification to have done so.

It is formally approved by the U.S. Department of Defense (DoD) in both their Information Assurance Technical (IAT) and Managerial (IAM) categories.

The CISSP has been adopted as a baseline for the U.S. National Security Agency's ISSEP program, which further extends the CISSP significantly.

Taken from: http://en.wikipedia.org/wiki/CISSP

The Computer Information Systems Auditor (CISA) Certification

The Computer Information Systems Auditor (CISA) Certification

I recently sat for the Certified Information Systems Auditor (CISA) certification exam in December of 2007. We were told that the results from the exam will take about 8 weeks to come back to let us know if you have pass it or not.


This CISA certification is extremely popular with over 30,000 certified security professional from all over the world. The CISA certification exam is offered once per year at multiple testing locations worldwide and allows those who need to display knowledge of IT auditing, security, and control to set them at a higher level in the industry.

The CISA certification test your knowledge of the six core competencies:

1. The IS Audit Process
2. Protection of Information Assets
3. IT Governance
4. Systems and Infrastructure Life Cycle Management
5. IT Service Delivery and Support
6. Business Continuity and Disaster Recovery

The exam is four hours long consisting of 200 multiple-choice questions. A person aiming to obtain the CISA certification must show five years of verifiable experience in IS auditing, control or security is required, agree to the ISACA code of ethics and agree to adhere to the Information Systems Auditing Standards as adopted by ISACA.

The cost of taking the exam for ISCA members ranges from $300 to 385 depending upon when you register and if you do so online and $420 to 505 for non-members.

I will let you know status once my results are in…