Monthly Archives: December 2010

The CISSP Registration Process

News

It doesn’t matter which brand of Information Technology you are a master at. Whether you are a hardware technician, software specialist or a programmer, it is still important for you to learn about the security measures being taken to protect a particular computer network system. If you want to be a real IT professional, then you may want to take a look at the option of CISSP certification. CISSP stands for Certified Information Systems Security Professional prior to getting the six-hour long examination which covers the ten basic subjects of CISSP. Read on to learn more about the existing CISSP registration process.

Even before studying for the CISSP exam, you need to have at least five years of experience in the security of information. However, if you do not have experience, you can always get college credits or certifications from other organizations to prove that you have extensive experience in the field of security of your database. You need to pay a fee before filling out the examination registration form. The details are all included with the registration form. After submitting the form, you will receive an application to sit for the CISSP examination. The costs for the exam will be indicated in the letter that they will receive from CISSP. As a final note, the time that you will spend during the CISSP registration process will be truly worth it once you have passed the CISSP examination and become a truly certified IT security expert.

 

NEW: ISO/IEC 27000 – Information Security Management Toolkit

Information Security Management, ISO 27000, News

ISO/IEC 27000 –  Information Security Management Toolkit

About ISO/IEC 27000:
ISO/IEC 27000:2009 provides an overview of information security management systems, which form the subject of the information security management system (ISMS) family of standards, and defines related terms.
As a result of implementing ISO/IEC 27000:2009, all types of organization (e.g. commercial enterprises, government agencies and non-profit organizations) are expected to obtain:
  • an overview of the ISMS family of standards;
  • an introduction to information security management systems (ISMS);
  • a brief description of the Plan-Do-Check-Act (PDCA) process; and
  • an understanding of terms and definitions in use throughout the ISMS family of standards.
The objectives of ISO/IEC 27000:2009 are to provide terms and definitions, and an introduction to the ISMS family of standards that:
  • define requirements for an ISMS and for those certifying such systems;
  • provide direct support, detailed guidance and/or interpretation for the overall Plan-Do-Check-Act (PDCA) processes and requirements;
  • address sector-specific guidelines for ISMS; and
  • address conformity assessment for ISMS.
The ISO/IEC 27000 Toolkit:

Many organizations are looking to implement and become certified with the ISO/IEC 27000 Standard as a way to improve the structure and quality of their business. The objective of the standard itself is to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System.

This toolkit serves to act as a starting point. It will give you a clear path to travel and is designed to be a valuable source of information and activities. There are a total of 5 folders in this toolkit that contain a total of 60 documents.



Folder 1  ISO/IEC 27000 Introduction

This folder contains 8 resources that will provide a detailed introduction to the standard, and to the main categories that make up the standard, such as Information Security Management, Business Continuity Management, Risk Analysis and the roles and responsibilities associated with maintaining an effective and efficient Information Security Management System.

In addition, you will find example role descriptions, a template example of a Statement of Applicability, Terms and Definitions explained and guidance on how you can certify your ISMS. And just in case these resources haven’t answered all your questions we have provided over 60 pages worth of ISO27000 frequently asked questions and answers for you. 8 documents.

Folder 2 Information Security Management Resources.

This folder contains general Information Security resources that will help you implement ISM, such as identifying security service requirements, providing guidelines for building an electronic data retention policy and a template Implementation Plan_Project Plan.

There are also resources to assist you with maintaining your ISMS such as security audit and security incident templates and suggestions for key performance indicators to ensure the ongoing success and improvement of this process. 12 documents.

Folder 3 Business Continuity Management Resources

Business continuity management is an integral part of the risk management framework within an organization. All organizations face a variety of risks. These may be sourced externally, and therefore largely out of the immediate control of the organization, or internally. Internal risks arise both at the strategic (organization-wide) level and at the operational (business process) level.

Successful business continuity management relies on the expertise from within the organization; it is the people that understand the organization, its business, processes and business risks.

The supporting resources found within this folder consist of templates, example plans, strategies and recovery options that can be used in your own organization or as a template in creating your own bespoke documentation. 19 documents.

Folder 4 Risk Management Resources

This folder is full of detailed templates and documented examples to assist you in implementing a successful Risk Assessment and Risk Management process. For example, the Risk Management Framework document provides 21 pages of guidance, from identifying risks to assessment, treatment, monitoring and review – which can be used in conjunction with the Risk Assessment and Control template form.

The Generic Project Risk Assessment document has been designed for business projects, IT infrastructure projects and general [i.e.] non-software development projects as is a useful starting point for any risk management project, whilst the Risk Management review provides guidance on the evaluation of your assessments and the step to take next. 6 documents

Folder 5 Bonus Resources

Finally, we have provided a Bonus Resources folder, with introductory information on ‘other’ standards and frameworks that maybe used in conjunction with the resources and materials found within this toolkit. These resources can also be used for education and instruction purposes for staff. 15 documents.

Instant Access Here
New Product By The Art of Service