Global Information Security Professional

Target

Security Professionals that want to fill the gaps in their understanding of technical information security; System, Security, and Network Administrators that want to understand the pragmatic applications of the Common Body of Knowledge; managers that want to understand information security beyond simple terminology and concepts; anyone new to information security with some background in information systems and networking.

The topic areas for each exam part follow:

1. Asset Security: The candidate will demonstrate an understanding of asset management and classification, including access controls, handling and retention requirements.
2. Communications and Network Security: The candidate will demonstrate an understanding of network security, including secure architecture, network protocols, security controls and devices, and common network attacks.
3. Identity and Access Management: The candidate will demonstrate an understanding of identity management concepts and controls including AAA, passwords, tokens, biometrics, federation, and common threats.
4. Security and Risk Management: The candidate will demonstrate and understanding of security risk management and business continuity practices, including legal and regulatory compliance, security policies, and governance principles.
5. Security Assessment and Testing: The candidate will demonstrate the ability to design, perform, and analyze security tests
6. Security Engineering: The candidate will demonstrate an understanding of secure engineering architecture and implementation for systems in networked, web based, and mobile environments and mitigating common vulnerabilities.
7. Security Operation: The candidate will be able to demonstrate an understanding of the managerial, administrative, operational aspects of information security.
8. Software Development Security: The candidate will be able to demonstrate an understanding of the key security principles related to secure application development.