How Training and Consulting Companies Can Position CISSP, CISM and CRISC
-
Upload
itpreneurs -
Category
Technology
-
view
202 -
download
2
Transcript of How Training and Consulting Companies Can Position CISSP, CISM and CRISC
Copyright © 2015 ITpreneurs. All rights reserved.
#ITpreneursLIVE Go-To-Market
CISSP, CISM and CRISC:
Help your Clients Raise
the Information Security
Bar
Copyright © 2015 ITpreneurs. All rights reserved.
Low Barrier & High Impact: How ITpreneurs can help increase revenues and save costs
Stay on the Cutting-Edge
Access a Comprehensive Library
Enjoy Convenience
Save content Costs by up to 80%
● No Content Development Costs
● No Content Maintenance Costs
● Lower costs with increased usage
● 1000+ Titles
● Across most IT Domains
● 12 Languages
● Anytime, Anywhere ordering
● Marketing Support
● Exam Services
● Accreditation
● Trainer Services
● First to Market
● Consistent Quality
● Various Delivery Formats
● Always Up-to-Date
● Partner Enablement
Copyright © 2015 ITpreneurs. All rights reserved.
Webinar: Help Your Clients
Raise the information
Security Bar
Copyright © 2015 ITpreneurs. All rights reserved.
Today’s Speakers
Moderator:
Connie TaiMarketing Manager, ITpreneurs
Presenter:
Miroslaw DabrowskiIT Consultant, Agile Coach, Trainer, Courseware AuthorASL BiSL Foundation Ambassador Poland; OBASHI Ambassador Programme Leader
Copyright © 2015 ITpreneurs. All rights reserved.
● The Evolving Information Security Training Landscape
● CISSP, CISM, CRISC - Some of the highest
in-demand information security framework
● Go-To-Market Strategies
● Advantages of Using ITpreneurs Materials
● How to get started
Today You Will Learn
Copyright © 2015 ITpreneurs. All rights reserved.
Information & Network & Cyber SecurityNIST definitions:
Information Security (not just IT Security):
Protecting information and information
systems to provide (aka CIA triad):
1) confidentiality
2) integrity
3) availability of information
Network Security:
The protection of all data that leaves or
enters the local PC or local server from the
network.
Cybersecurity:
The ability to protect or defend the use of
cyberspace from cyber attacks.
Information Security
Network Security
Cyber Security
Anything Security-related
in the cyber realm
Anything involving security
of information systems
regardless of realm
Copyright © 2015 ITpreneurs. All rights reserved.
According to the UK National Audit Office, it could take up to 20 years to
address the current skills gap. (Source: The Guardian, 26 September 2013)
47% of organizations say that the number of employees dedicated to
network security is inadequate in some, most, or all cases. (Source:
Network World September 2014)
86% of respondents see a global cybersecurity skills gap - and 92% of
those planning to hire more cybersecurity professionals this year say they
expect to have difficulty finding a skilled candidate (Source: ISACA Global
Cybersecurity Report January 2015)
Alarming Data on InfoSec Skills Shortage
Copyright © 2015 ITpreneurs. All rights reserved.
Skills in Demand in the Coming Years
Source: Robert Half Technology 2013, 2014 & 2015 IT Salary Guides
Copyright © 2015 ITpreneurs. All rights reserved.
Founded in 1969 as the EDP Auditors Association
Since 1978, CISA has been a globally accepted standard of competency among
IS audit, control, assurance and security professionals
More than 120,000 members in over 180 countries
More than 200 chapters worldwide
More than 100,000 people certified
ISACA
Copyright © 2015 ITpreneurs. All rights reserved.
ISACACISA CISM CRISC CGEIT
Career Path Lead IT Auditor Chief (Information) Security
Officer (CSO / CISO)
Chief Risk Officer
(CRO)
Chief Information Officer
(CIO)
Focus IT Audit Information Security Risk Management IT Governance
Work Performed
Provide assurance by
conducting audits and
assessments of information
systems
Oversee, direct and
manage information
security activities
Identify, evaluate and
manage risk through the
development,
implementation and
maintenance of information
systems controls
Define, establish, maintain
and manage a framework
of IT governance
Requirements
Submit verified evidence of
a minimum of 5 years of
verifiable IS audit, control
or security experience
(substitutions available)
Submit verified evidence of
a minimum of 5 years of
information security
management work
experience (covering 3 of
the 4 job practice domains
Submit verified evidence of
a minimum of 3 years of
risk and information
systems controls
experience (covering 3 of
the 5 job practice domains)
Submit verified evidence of
the 5 years experience
requirements as defined by
the CGEIT Job Practice
Additional requirements● Adhere to the ISACA Code of Professional Ethics
● Comply with the CGEIT Continuing Education Policy
Copyright © 2015 ITpreneurs. All rights reserved.
Founded in 1988 as Consortium
Since 1998, CISSP has been a globally accepted standard of competency
among Information Security
More than 70,000 members in over 140 countries
More than 100,000 people certified
ISC2
Copyright © 2015 ITpreneurs. All rights reserved.
Globally recognized standard of achievement Common Body of Knowledge
For experienced professionals in the computer security field. Candidates must
have five years of direct full-time professional security work experience in two or
more of the ten domains of the (ISC)² CISSP CBK
CISSP
CISSP holders often hold job functions including
● Security Consultant
● Security Manager
● IT Director/Manager
● Security Auditor
● Security Architect
● Security Analyst
● Security Systems Engineer
● Chief Information Security Officer
● Director of Security
● Network Architect
Copyright © 2015 ITpreneurs. All rights reserved.
The CISSP exam is based on the following 10 domains:
● Access Control
● Telecommunications and Network Security
● Information Security Governance and Risk Management
● Software Development Security
● Cryptography
● Security Architecture and Design
● Operations Security
● Business Continuity and Disaster Recovery Planning
● Legal, Regulations, Investigations, and Compliance
● Physical (Environmental) Security
CISSP Certification Proves a Mastery of IT
Security and Information Assurance
Copyright © 2015 ITpreneurs. All rights reserved.
Why do people always refer to this standard when they talk about information
security framework?
The ISO 27000 family of standards helps organizations keep information assets
secure. Using this family of standards will help your organization manage the
security of assets such as financial information, intellectual property, employee
details or information entrusted to you by third parties. ISO/IEC 27001 is the
best-known standard in the family providing requirements for an information
security management system (ISMS). (Source: www.iso.org)
ISO/IEC 27001:2013 Standard
Copyright © 2015 ITpreneurs. All rights reserved.
● Protect business assets and repair vulnerabilities
● Be compliant with regulatory requirements
● Build trust with customers to ensure business success
● Corporate Reputation
Key Drivers for Information Security Training
Copyright © 2014 ITpreneurs. All rights reserved.
Who are you talking to? Understanding
different Stakeholders’ Perspective
and so should your sales pitch…...
• More than 3,000
companies in the U.S.
were victims of a
cyberattack last year,
costing an estimated
$445 billion - how
well-protected are we
against operational
and reputational
damage from cyber
attacks?
• Have we aligned our
cybersecurity strategy to
our risk appetite and the
overall risk environment.
• Cyber attacks can invite
greater regulatory scrutiny,
which in turn increases
organizational costs - Have
we addressed this risk
properly?
CEO CIO/CISO CFO
• I want security to support
the business objectives
• Challenges to find qualified
staff to build the team to
meet requirements and
performance standards
Decision criteria vary…
Copyright © 2014 ITpreneurs. All rights reserved.
When you talk to individual learners ...
Employers look to certifications as measure of excellence and quality. Get
certified pays off in increased in salary. Among the top-paying certifications:
● Certified in Risk and Information Systems Control (CRISC) $119,227
● Certified Information Security Manager (CISM) $118,348
● Certified Information Systems Security Professional (CISSP) $110,603
Source: 2015 IT Skills and Salary Survey conducted by Global Knowledge and Windows IT Pro
Copyright © 2014 ITpreneurs. All rights reserved.
On the pyramid of needs among IT organizations, what will
be the resistance to invest in cyber security or information
security training?
What if the maturity of the IT organization is low - should
information security be put on the top of the list?
Potential Barriers
Copyright © 2014 ITpreneurs. All rights reserved.
Open-enrollment vs In-house training
Positioning Your Training Offering
Copyright © 2015 ITpreneurs. All rights reserved.
● ISACA does not provide official examination Syllabus
● ISACA exam scope is updated yearly with publishing new Review Manuals
each year
● Based on changes and trends in the market, ISACA updates it’s certification
scope
● ITPreneurs pays close attention to those changes
ISACA and ISC2 Exams are Pragmatic
Copyright © 2015 ITpreneurs. All rights reserved.
No software license, no installation required. Available via web browser
Interactive Mind Maps from ISACA portfolio
Copyright © 2015 ITpreneurs. All rights reserved.
Available Soon ...
ISC2 CISSP Exam Prep - 5 Days
ISACA CISA Exam Prep - 4 Days
ISACA CISM Exam Prep - 4 Days
ISACA CRISC Exam Prep - 4 Days
ISACA CGEIT Exam Prep - 4 Days
Copyright © 2014 ITpreneurs. All rights reserved.
Intermediate
Level
(applied skills)
Best Practices // Methods Technology // Tools
Foundation
Level
(common
knowledge)Cyber
Resilience
Foundation
EXIN Info
Security
Foundation
CISSP
Information Security Portfolio
Secure
Coding
Foundation
Cyber
Security
Portfolio
EXIN Info
Security
Advanced
ISO 27001
Foundation
CISACISM
Ethical
Hacking
Foundation
Data
Privacy
Officer
ISO 27001
Lead
Implement.
ISO 27001
Lead
Auditor
Cyber
Resilience
Practitioner
CCSK
Foundation
Risk
Portfolio
Although the Contents contained herein are provided under the highest professional standards in the generation of these forecasts, ITpreneurs does not guarantee the
accuracy or completeness of any information contained herein.
Copyright © 2014 ITpreneurs. All rights reserved.
Intermediate
Level
(applied skills)
Best Practices // Methods Technology // Tools
Foundation
Level
(common
knowledge)Cyber
Resilience
Foundation
EXIN Info
Security
Foundation
CRISC
COBIT 5
Auditor
CGEIT
Risk & Governance Portfolio
Information
Security
Portfolio
CISACISM
ISO 22301
Foundation
Open Group
FAIR
ISO 22301
Lead
Auditor
ISO 22301
Lead
Implement.
COBIT 5
Implement.
M_o_R
Foundation
COBIT 5
FoundationISO 31000
FoundationOceans99
Simulation
Governance
of Info Sec
workshop
Although the Contents contained herein are provided under the highest professional standards in the generation of these forecasts, ITpreneurs does not
guarantee the accuracy or completeness of any information contained herein.
Although the Contents contained herein are provided under the highest professional standards in the generation of these forecasts, ITpreneurs does not guarantee the
accuracy or completeness of any information contained herein.
Copyright © 2015 ITpreneurs. All rights reserved.
How You Can Get Started 1/2
Partner
A Full Service
Partner
B Use Your own trainer
Partner
C Only use our Courseware
Courseware Exams Services Trainers
Courseware Exams Services
Courseware Exams
Copyright © 2015 ITpreneurs. All rights reserved.
How You Can Get Started 2/2
Visit the ITpreneurs.com Website
Review the Product of Interest
Get in touch either through the Contact
Form, send us an email, or call!
Copyright © 2015 ITpreneurs. All rights reserved.
+31 107.110.260
Contact Us
Connie Tai
Products & Solutions Marketing
ITpreneurs | Rotterdam | The Netherlands