Top 3 IT Security Certifications

SecurityCerts.org, an organization that provides security certification information to security professionals, has chosen its top three security certifications for 2009.

The Certified Information Systems Security Professional (CISSP) came out on top. Offered by the International Information Systems Security Certification Consortium (ISC(2)), the well-known certification covers a wide area of information security.

Coming in at No. 2 was the SANS Institute Security Essentials Certification (GSEC). This certification focuses on security skills that can be leveraged in a security environment.

The Security+ certification came in at No. 3, and is considered to be for entry-level security professionals.

SANS OnDemand training free GIAC Certification attempt

Sign up for SANS OnDemand training before December 8, 2008, and you'll
receive the corresponding GIAC Certification attempt for free (a $499
value)! To register for this offer, go to
http://www.sans.org/info/35724 and use the discount code ODEY_GIAC.

Also for this limited time, receive free GIAC Certification attempts
with any OnDemand Flex Pass! Go to http://www.sans.org/info/35924 for
information on our OnDemand Flex Passes.

Sometimes the realities of limited travel budgets, or the difficulty of
being out of the office or home for a week, make it impossible to attend
a live training event. With SANS OnDemand online training and assessment
program, you have access to SANS' high quality, intensive, immersion
training at your convenience - anytime, anywhere. And according to
student feedback, OnDemand is simply one of the best tools to prepare
for GIAC exams.

"I have several GIAC certs. My highest exam scores are from when I use
OnDemand training." - Brad Fulton, SMS Data Products

Not sure online training is for you? Try any of our OnDemand course
demos at http://www.sans.org/info/35724

.

With SANS OnDemand, students receive:
- Up to 4-months access to our 24/7 online training and assessment system
- Full set of course books and hands-on CDs
- Synchronized online courseware and lectures
- Integrated assessment quizzes throughout the course
- Access to OnDemand Virtual Mentors
- Labs & hands-on exercises
- Progress Reports

If you have any questions about SANS OnDemand, write to
ondemand@sans.org or call us at (301)654-7267.

And remember that every SANS OnDemand purchase earns you points towards
future OnDemand training! http://www.sans.org/info/35729

Be sure to tell your friends and colleagues about this great
opportunity!

Kind Regards,

Kimie Cabreira
Director
SANS OnDemand

**************************

SANS is pleased to announce our new Training and Events Calendar - an
easy way to see what opportunities are available to you during the
coming month! The current calendars are now available for download from
http://www.sans.org/info/7926. For another option, consider SANS' seven
ways to Train Without Travel at: http://www.sans.org/info/28689.

SANS' Webcasts are free live Web broadcasts that allow you to hear a
knowledgeable speaker while viewing presentation slides that you
download in advance. To learn more or to subscribe to our Webcast
calendar go to http://www.sans.org/info/13271.

To change your subscription, address, or other information, visit
http://portal.sans.org. If you wish to have your name removed from our
mailing list, visit the site above, click on "update your account" and
check the box "Do not send any e-mail."

*******************************

IT Security Certifications

IT Security Certifications are becoming more and more popular and necessary as the job economy becomes tougher. IT Security Professionals are trying to distant themselves from their competition while companies are looking for the best and brightest in the field. Below are some of the certifications I am researching for a bigger IT Security Certifications project.

CCSA -- Certification in Control Self-Assessment
The CCSA demonstrates knowledge of internal control self-assessment procedures, primarily aimed at financial and records controls. This cert is of primary interest to those professionals who must evaluate IT infrastructures for possible threats to financial integrity, legal requirements for confidentiality and regulatory requirements for privacy.
Source: Institute of Internal Auditors

CFE -- Certified Fraud Examiner
The CFE demonstrates ability to detect financial fraud and other white-collar crimes. This cert is of primary interest to full-time security professionals in law, law enforcement or those who work in organization with legal mandates to audit for possible fraudulent or illegal transactions and activities (such as banking, securities trading or classified operations).
Source: Association of Certified Fraud Examiners

CFSA -- Certified Financial Services Auditor
The CFSA identifies professional auditors with thorough knowledge of auditing principles and practices in the banking, insurance and securities financial services industries. Candidates must have a four-year degree or a two-year degree with three years of experience in a financial services environment, submit a character reference and show proof of at least two years of appropriate auditing experience. To obtain this certification, candidates must pass one exam.
Source: The Institute of Internal Auditors

CGAP -- Certified Government Auditing Professional
The CGAP identifies public-sector internal auditors who focus on fund accounting, grants, legislative oversight and confidentiality rights, among other facets of internal auditing. Candidates must have an appropriate four-year degree or a two-year degree with five years of experience in a public-sector environment, submit a character reference and show proof of at least two years of direct government auditing experience. To obtain this certification, candidates must pass one exam.
Source: The Institute of Internal Auditors

CIA -- Certified Internal Auditor
The CIA cert demonstrates knowledge of professional financial auditing practices. The cert is of primary interest to financial professionals responsible for auditing IT practices and procedures, as well as standard accounting practices and procedures to insure the integrity and correctness of financial records, transaction logs and other records relevant to commercial activities.
Source: Institute of Internal Auditors

CISA -- Certified Information Systems Auditor
The CISA demonstrates knowledge of IS auditing for control and security purposes. This cert is of primary interest to IT security professionals responsible for auditing IT systems, practices and procedures to make sure organizational security policies meet governmental and regulatory requirements, conform to best security practices and principles, and meet or exceed requirements stated in an organization's security policy.
Source: Information Systems Audit and Control Association

ECSP -- EC-Council Certified Secure Programmer
The ECSP identifies programmers who can design and build relatively bug-free, stable Windows- and Web-based applications with the .NET/Java Framework, greatly reducing exploitation by hackers and the incorporation of malicious code. Candidates must attend a Writing Secure Code training course and pass a single exam.
Source: EC-Council

Security5
Security5 certification identifies non-IT office workers and home users who understand Internet security terminology, know how to use defense programs such as antivirus and antispyware applications, can implement basic operating system security and follow safe Web and e-mail practices. Candidates must attend a two-day course and pass one exam.
Source: EC-Council

The Certified Information Systems Auditor (CISA) Exam Study Tips

The Certified Information Systems Auditor (CISA) exam is just about a month away. I remembered the last month before taking the exam. I was worried and felt that I was not prepared. Also, at the time, I was looking for any additional information I can get my hands on to help me get that extra edge.

So with that in mind, I will be providing some assistance to those of you that will be taking the exam. I have produces some notes and slides that should give you that extra edge in the exam. Good luck in June and I will do everything I can to assist.