Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities. It is achieved by implementing a suitable set of controls, including policies, processes, procedures, organizational structures and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and business objectives of the organization are met. This should be done in conjunction with other business management processes.

The objectives outlined in ISO/IEC 17799:2005 provide general guidance on the commonly accepted goals of information security management and contain best practices controls in the following areas of information security management:

• information security policy
• asset management
• human resources security
• physical and environmental security
• communications and operations management
• access control
• information systems acquisition, development and maintenance
• information security incident management
• business continuity management
• compliance

The control objectives and controls in ISO/IEC 17799:2005 can be used by an organization to assess the risk of doing business with partners, customers and suppliers and are a good indicator or an another organization’s IT and business process maturity. 

No related posts.

CompTIA currently offers three security-related certifications that can be used to satisfy the US Department of Defense’s (DoD) established Directive 8570.1: Information Assurance Training, Certification and Workforce Management.

A+ Certification

The A+ certification is intended for computer service technicians and validates a their ability to perform tasks such as installation, configuration, diagnosing, preventive maintenance and basic networking. The exams also cover domains such as security, safety and environmental issues and communication and professionalism. With more than 700,000 technicians certified worldwide, CompTIA A+ is seen by the technology community as a solid baseline credential for entry into an IT career.

Network+ Certification

The Network+ certification builds upon the A+ certification as the computer technician or IT networking professional acquires more work experince. This certification tests a technician’s ability to describe the features and functions of networking components and to install, configure and troubleshoot basic networking hardware, protocols and services. Although not a prerequisite, it is recommended that CompTIA Network+ candidates have at least nine months of experience in network support or administration or adequate academic training, along with a CompTIA A+ certification.

Security+ Certification

The Security+ certification builds upon the Network+ certification and tests the individual’s knowledge of systems security, network infrastructure, access control, assessments and audits, cryptography and organizational security. Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years of on-the-job technical networking experience, with an emphasis on security. The CompTIA Network+ certification is also recommended.

No related posts.