Computer Information Security Certification - Research Paper Example

? Computer Information Security Certification s This paper seeks to identify various computer information security certifications available for professional within the IT sector. It will discuss the requirements for one to be certified and areas that one can receive certification. In addition the paper will evaluate the employment opportunities available after receiving certifications. Introduction Computers systems and networks face many security threats such as unauthorized access and intrusion. Consequently, it is critical to employ highly skilled persons on this area to guarantee safety of organizational information and data. To give assurance to organizations that the employee being hired has the desired skills, several certifications are offered. Computer Information Security Certification Cisco Certified Internetwork Expert (CCIE) certification is offered by Cisco. It is internationally recognized as the highest level certification in technical networking. For one to be CCIE certified, they have to be tested on particular skills in networking through written exams and performance assessed in the laboratory (Hochmuth, 2004). CCIE certification is divided into seven tracks including; routing and switching, security, service provider, service provider operations, storage networking, voice and wireless tracks (Hochmuth, 2004). CCIE certified persons are recognized as highly skilled engineers and secure employment in communication sector such as mobile phone service providers and internet providers. Moreover, the individuals can be employed in organizations using information technology systems such as banks and supermarkets. Certified Computing Professional (CCP) is a senior level certification offered by ICCP. The certification is offered to Information Technology Management and Business and Systems Analysts professionals (Plishner, 2001). Moreover, it is offered to computer professionals globally. To receive this certification, one has to pass a core test in addition to scoring more than 70 percent in specialty examinations. Specialty exams are on management, procedural programming, system development, business information systems, systems programming, software engineering, database resource management and micro-computing and networks. To earn this certification one ought to have four years experience in information technology and computer field although not necessary in high tech position. One must also sign a document committing one to adhering to the code of ethics, conduct and good practice of ICCP (Plishner, 2001). A CCP certified person can be employed as a systems administrator in different organizations, can work as programmer, database administrator in institutions and the information managers in their place of work. Certified Information Systems Auditor (CISA) is another security certification available for computer professionals. For one to be CISA certified, one has to pass the CISA examinations. CISA exams scan be taken by any person with interest in information systems audit, control and security. Following completion of CISA exams and meeting the set work experience requirement, the candidate submits a CISA application (Plishner, 2001). The candidate must have a minimum of five years work experience in information systems auditing and control. Some professional may have this period waived for professionals such as university instructors in the field of accounting, computer science, and information systems to two years. CISA demands one to adhere to the code of professional ethics and the continuing professional education program (CPE) which ensures that certified individuals under this section continuously update themselves with new knowledge on computer security threats. In addition, CISA certified individuals commit themselves to complying with information systems auditing standards. CISA certified individuals can be employed in enterprises which demand IS audit professionals (Plishner, 2001). They can also be employed in institutions such as schools and hospitals as internal auditors to audit their systems. Individuals may also be Information Systems Security Architecture Professional (ISSAP) certified. For one to be ISSAP certified, they must demonstrate competence in six main areas. This areas include, access control systems and methodology, communication and network security, cryptography, security architecture analysis and physical security implementation. In addition, an individual should be competent in technology based business continuity planning and disaster recovery planning. ISSAP certification is recommended for individuals seeking to work as systems architect, business analysts and chief technology officers. The certification can land one a job as system and network designer and chief security officer in various organizations (Musson and Hukill, 2004). GPEN certification is a GIAC penetration test targeted for professionals whose job description is to assess target systems and networks for security intrusion. The objectives of this certification include a demonstration that the person has penetration-testing methodologies, understands legal issues revolving around penetration testing of a system. Consequently, GPEN certification shows that one can conduct a network or system penetration examination following technical and non-technical best practices (Hunsinger, 2005). For one to receive this certification there is no specific training required and although the candidate can study various resources on computer information security to gain knowledge on the field. Moreover, practical experience is not a requirement but one has to pass a proctored test. Following GPEN certification, one can work as an enterprise or organizations systems administrator, system security personnel or a database administrator. The other computer information security certification is the GCFW offered by GIAC. GCFW shows that one is a certified firewall analyst and such an individual has knowledge, abilities and skills in designing, configuring and monitoring of routers and firewalls (Musson and Hukill, 2004). Although no particular knowledge is required for GCFW training, one must master knowledge on computer information security by reading widely or taking up training offered by SANS or other providers. To be GCFW certified one has to pass a proctored exam having 75 questions with a minimum score of 69.3 percent (Musson and Hukill, 2004). Once certified, an individual may work in various organizations and positions such as system security officer or administrator in banks, enterprises or data companies. In addition, such persons can be work as website developers and database managers. For individuals seeking windows security certification, GIAC offers certified windows system administrators (GCWN). Persons having this certification have been proved to have skills, knowledge and abilities to enforce secure and windows in addition to auditing windows systems. Such people have abilities in auditing windows services such as group policy, internet information server and active directory (Hunsinger, 2005). Similar to other GIAC certification one does not require specific training although it is necessary to master knowledge on computer information security. Such individuals can work as private consultants helping organizations install and maintain the computers. Moreover, they may work for enterprises as computer security offers and systems administrators. Certified information security system professional (CISSP) is an individual who has attained a degree or diploma certificate in information security (Watt and Fogarty, 1995, 25). This means that a CISSP has undergone training in a university or a college on programs of information security. At the end of the training and the certification, the information security professional is expected to have adequate skills in information security (Barnard and Rossouw, 1998, p. 72). The skills that a certified information security system professional has at the end of training include ability to detect security challenges within an information system and ability to mitigate such challenges. The professional is expected to be able to detect various malware which poses threats to information system. In addition, a certified information security professional is expected to have an ability of laying down cryptographic measures which will secure information systems from both internal and external attackers. A certification in information security will land a professional in a job within an organization which has implemented information systems within its operations (High-Tech Writers, 2002, p. 1). A Certified information security system security professional often acts as an information security officer within an organization (Lingblom, 2003, p. 51). The professional is mandated to ensure that the information system of an organization is secure from unauthorized access to the system by hackers or system attackers (Thurman, 2001, p. 56). Global Information Security Fundamentals (GISF) is a certification in information system security which demonstrates that an individual has skills and knowledge in providing fundamental or basic security for an information system regardless of the level of its applicability (Frank, 2002, p. 16). In this sense, it is argued that a global information security fundamentals certification is said to be a demonstration of ability to handle fundamental security issues within an organization. The certification accords the holder to work within any organization across the globe. A certified GISF is able to manage systems through provision of access certificates to the authentic users of the system (Watt and Fogarty, 1995, 25). This involves specification of IP addresses through which servers can be accessed in a networked environment. The skills and knowledge which the Global information security fundamental certification accords and individual make him or her suitable as a network security officer within organizations regardless of their global scale (Thurman, 2001, p. 56). International information system security certification 2 (ISC2) is an information system certification level two for information system security (High-Tech Writers, 2002, p. 1). This is a higher level of information system certification which means that an individual is able to secure international information systems. This certification is normally attained by individuals who have attained adequate knowledge, skills and experience in internet security (Barnard and Rossouw, 1998, p. 75). International information systems are web based and apply online applications to perform business functions such as e-business and transactions. Thus an ISC2 means that an individual is able to secure servers and web based networks from malware. Moreover, this individual is able to secure systems from internet based fraud (Lingblom, 2003, p. 51). These individuals normally work in financial institutions and telecommunication industries as internet security officers. With experience these individuals are able to work in any organization in the world and provide internet security within information systems in organizations. Institute for Certification of Computing Professionals (ICCP) certifies insecurity professional who has gained adequate training in computing environments and the security issues which arise during normal computing. Such professionals are trained in both physical and online security but within computing level. This means that these experts are not trained to contain security issues which arise within networked environments (Watt and Fogarty, 1995, 25). During normal office computing, security issues arise from unauthorized access to employee information. This is achieved through physical access to computers and unauthorized entry into online systems and the user passwords. Therefore the certification of the ICCP means that the certified professional is able to ensure that individuals within organizations are trained in ensuring that their computers are encrypted with passwords and thus protect them from unauthorized access to their private information (Frank, 2002, p. 16). ICCP certification makes an individual to be qualified to work as a computing consultant or advisor within organizations which have implemented computing technology in processing business transactions. Global Intrusion Analyst Certification (GCIA) is an information system certification for individuals who have acquired skills in protecting information systems from intruders (Thurman, 2001, p. 56). The intruders of information systems include system attackers and hackers who access user accounts with malicious intent. Individuals who have been certified as GCIA are qualified to be employed as system security administrators in any information system across the world. The global Intrusion Certification means that the profession is able to detect system intruders and implement measures which protect systems from intruders. The professional is able to provide primary and public keys to information system users which ensure that even if intruders access secondary keys, they are not able to access primary which are encrypted by a system administrator (Barnard and Rossouw, 1998, p. 77). Global Security Essentials Certification (GSEC) is a certification within computing and information systems which illustrates that an individual has undergone college or university training in essential security measures. The training which accords an individual GSEC enables him or her to work as a computer security officer within any organization of the world. This is due to the fact that a GSEC certified individual is trained and skilled to meet the global standards in fundamental computer security (Watt and Fogarty, 1995, 25). Global Certified Enterprise Defender (GCED) is an individual who is trained to protect business activities from security attacks. Individuals who have the GCED certification are trained to protect business application software from security attacks. The certified people work as business security officers and are obliged to ensure that application software such as financial information system are protected from attacks and possible fraud (High-Tech Writers, 2002, p. 1). Conclusion The modern work environment is characterized by application of information and computing technology. This is due to the advancement in hardware and business application software which innovative technology has brought forth. This has led to development, adoption, implementation and integration of information systems within organizations. Technology demands that sufficiently rained expertise is available to manage security concerns which arise as a result of the application of information systems in organizations. This research paper has provided an analytical discussion and evaluation of various certifications in information security and presented the work that the certified individuals are mandated to perform. The competences in information security, qualification and roles in the work place are explained within the above sections of the research paper. Reference Barnard, L., and Rossouw, v. S. (1998). The evaluation and certification of information security against BS 7799. Information Management and Computer Security, 6(2), 72-77 Frank, D. (2002). NIST issues security certification guidance. Federal Computer Week, 16(39), 16 High-Tech Writers. (2002). CompTIA security and certification in computer security available beginning today. Business Wire, pp. 1 Hochmuth, P. (2004). Network certification choices grow with Cisco. Network World, 21(9), 20. Hunsinger, D. S. (2005). Predicting the intention of managers to use IT certification in the hiring process. The University of North Carolina at Charlotte). ProQuest Dissertations and Theses, 177. Lingblom, M. (2003). CompTIA touts new security certification. CRN, (1040), 51 Musson, B., & Hukill, J. (2004). Protecting your computers from invaders. Long-Term Living, 53(3), 36-39. Plishner, E. (2001). CCP--covering global markets. Chemical Week, 163(12), C8-C9. Thurman, M. (2001). Security certification: It’s worth the effort. Computerworld, 35(45), 56 Watt, P., and Fogarty, K. (1995). Microsoft, novell eye security certification. Network World, 12(37), 25 Read More