Category Archives: Education & Certification

Blog posts about training and certification topics

New Course: IA Protective Monitoring and Incident Management

01 Wednesday Feb 2012

Posted by in Education & Certification

Leave a Comment

Tags

I’ve just noticed a new course added to the National School of Government IA page:-

IA Protective Monitoring and Incident Management http://www.nationalschool.gov.uk/programmes/programme.asp?id=22914&tab=1

What you will learn:

This course will give you an in-depth understanding of the principles policy and issues affecting protective monitoring, forensic readiness and incident management.
At the end of the course you will be able to:

  • describe the purpose of audit
  • describe government protective monitoring policy
  • explain how to manage an IA incident
  • produce a Forensic Readiness plan
  • describe sanitisation and the issues around re-use of media
  • describe ways of monitoring compliance, including the IA Maturity Model.

What the programme covers:

  • Overview of audit
  • IA protective monitoring policy
  • System monitoring
  • Incident management
  • Backup and data storage
  • Forensic readiness
  • Sanitisation
  • Business continuity and disaster recovery
  • Compliance and the IA Maturity Model
  • Service management.

Free Crypto course with Stanford University

27 Friday Jan 2012

Posted by in ComSec, Education & Certification

2 Comments

Tags

, ,

For those, like myself, involved in crypto, Stanford University are offering a free online course in cryptography. It covers the internal workings of crypto (not for those who don’t like the more advance mathematics).

The course information:

Cryptography is an indispensable tool for protecting information in computer systems. This course explains the inner workings of cryptographic primitives and how to correctly use them.   Students will learn how to reason about the security of cryptographic constructions and how to apply this knowledge to real-world applications.   The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic.  We will examine many deployed protocols and analyze mistakes in existing systems.   The second half of the course discusses public-key techniques that let two or more parties generate a shared secret key. We will cover the relevant number theory and discuss public-key encryption, digital signatures, and authentication protocols. Towards the end of the course we will cover more advanced topics such as zero-knowledge, distributed protocols such as secure auctions, and a number of privacy mechanisms.   Throughout the course students will be exposed to many exciting open problems in the field.

The course will include written homeworks and programming labs.  The course is self-contained, however it will be helpful to have a basic understanding of discrete probability theory.

The course starts in Feb so sign up now at http://www.crypto-class.org/

In addition, Sanford have an online Computer Security course also starting in Feb you might be interested in – visit http://www.security-class.org/ today.

HMG IA Training

25 Wednesday Jan 2012

Posted by in Education & Certification

Leave a Comment

Tags

Quick post to mention some training courses that are available for those working in the HMG IA field.

[ National School of Government ]

Introduction to Information Assurance – Finding your way around IA in Government - £925 (2 days)

Topics covered:-

  • IA governance within an organisation
  • Threats, risks and impacts
  • Overview of key legislation and regulation
  • Government IA strategy
  • Government IA policy and standards
  • Assurance
  • Maintaining confidence

Information Assurance Standards IS2 and IS1 (Topic Programme 1) Process and practice – £1775 (4 days)

Topics covered:-

  • IS2 – risk management and accreditation
  • Content and development of the RMADS
  • Privacy Impact Assessments and IS6
  • The accreditation process
  • Information risk and assets
  • IS1 Part 1 – risk assessment
  • IS1 Part 2 – risk treatment

Risk Management and Accreditation Specialist Programme – IA Professionalism Stage 3 for accreditors - £630 (1 day)

Topics covered:-

  • Accreditation and the Accreditor Accreditation skills and competencies
  • Accreditation plan and process
  • Tools of the trade
  • Support and advice

IA Protective Monitoring and Incident Management (Topic Programme 3)

Topics covered:-

  • Overview of audit
  • IA protective monitoring policy
  • System monitoring
  • Incident management
  • Backup and data storage
  • Forensic readiness
  • Sanitisation
  • Business continuity and disaster recovery
  • Compliance and the IA Maturity Model
  • Service management.

[ Amethyst Risk Management ]

RMADS Introduction – Risk Management and Accreditation Document Sets - (1 day)

Topics covered:-

  • Background and Context of HMG Infosec
  • Governance and Risk Management Concepts
  • The Accreditation Process
  • Risk Management and Accreditation Documents

IA1 Practitioners Course – HMG Information Assurance Standard No.1 (IAS1) Technical Risk Assessment – (2 day)

Topics covered:-

  • The purpose, structure and context of the standard
  • Changes from previous issues of IAS1
  • The new Standard framework
  • Model-based risk analysis method
  • IAS1 risk assessment methodology
  • Security Case development
  • Detailed workshops based on a real-world case study

New CLAS Scheme

23 Friday Dec 2011

Posted by in Education & Certification

Leave a Comment

Tags

, ,

The new CESG Listed Advisor Scheme (CLAS) scheme will be started in January 2012 and a pre-requisit will be the new CESG Certified Professional (CCP) accreditation in at least one IA role.

Below is an extract from an eMail from the CLAS Admin team at CESG:

Applications for membership of the old version of CLAS have now closed. To obtain membership of a forthcoming, new version of CLAS you must first obtain certification of competence in at least one IA role from one of the 3 Certification Bodies appointed by CESG:

- APMG; http://www.apmg-international.com/APMG-UK/Qualifications/CESGCertProfessionalQuals.aspx

- BCS, the Chartered Institute for IT, http://www.bcs.org/

- IISP; https://www.instisp.org

The three CBs are preparing their new certification arrangements before they fully open in early 2012.

The defined IA roles are Accreditor, Security Architect, Security & Information Risk Advisor, IA Auditor, Communications Security Officer and IT Security Officer.  Each role is defined at 3 levels of responsibility. Full details of the IA roles are at http://www.cesg.gov.uk/products_services/training/certification_for_ia_specialists.pdf.

To become a CLAS member you must subsequently apply for membership.  The application process is expected to open in early 2012.  You will need to:

- be a UK Citizen (dual nationality considered);

- be employed in the private sector;

- have a UK sponsoring company who will sign up to the CLAS Contract;

CLAS membership is only open to individuals, there is no corporate membership.

A membership fee for new CLAS has not been agreed as yet but as a guide, the annual membership fee for the old scheme was £1250 + VAT.

Please confirm that you wish your email address to be added to our CLAS distribution list. You will then be informed by email when the scheme is open for applications and the process for application.”

This may be subject to change.

CESG Certified Professional Scheme (HMG IA)

04 Sunday Dec 2011

Posted by in Education & Certification

Leave a Comment

Tags

,

I’m still catching up on putting news up on the blog, so this is a few weeks later than planned..

For those of you, like myself, that work in the field of HMG IA, the Government has released a new certification scheme via CESG (GCHQ) that will assist with certifying your skills within defined roles that can enable you to show new employees or contracts that you have the right skills for the job.

From the IISP website, who are one of three bodies accredited by CESG to certify people:

As part of the Government’s investment in cyber security, the IISP consortium has been appointed by CESG to provide certification for UK Government Information Assurance (IA) professionals. The consortium has been awarded a licence to issue the CESG Certified Professional (CCP) Mark based on the IISP Skills Framework, as part of a certification scheme driven by CESG, the IA arm of GCHQ.

The certification process is designed to increase levels of professionalism in Information Assurance and uses the established IISP Skills Framework to define the competencies, knowledge and skills required for specialist IA roles. Developed through public and private sector collaboration by world-renowned academics and security experts, the Framework has been adopted by GCHQ as the basis for its CESG Certified Professional specification.

This builds on the IISP’s existing competency based membership programmes, so not only will an individual be certified, but their areas of specialism will be recognised, offering the individual and their customers’ greater confidence that an individual has the right skills and experience for a role. The consortium comprises the Institute of Information Security Professionals (IISP), the Council of Registered Ethical Security Testers (CREST), and Royal Holloway’s Information Security Group (RHUL), with the IISP certifying competency, CREST providing examination for the more technical roles and RHUL supporting with their experience in setting rigorous and consistent assessment processes.

Timings

This programme will be launch in “pilot” phase during the autumn of 2011, with a predetermined number of roles/individuals being certified. The full programme will launch in early 2012 and be open to all who wish to apply.

Certified Roles

This certification will develop further, and the initial roles identified are detailed below. All roles have 3 levels of certification, at practitioner level, at senior practitioner level and at lead level.

The roles are:

  • Accreditor
  • IA Auditor
  •  Communications Security Officer/Crypto Custodian
  • Information Security Officer
  • Security & Information Risk Advisor
  • Security Architect

News release: https://www.instisp.org/SSLPage.aspx?pid=457

Visit the IISP for more details: https://www.instisp.org/SSLPage.aspx?pid=456

McAfee Launches Additional Certification Exams & Virtual Instructor Led Training Programs

07 Wednesday Sep 2011

Posted by in Education & Certification

Leave a Comment

Tags

News article I’d like to share with other McAfee engineers on the release of the Host IPS (HIPS) product specialist certification and a new training program..

SANTA CLARA, Calif.–(BUSINESS WIRE)–McAfee today announced the global availability of two new certification exams in support of the McAfee Security Certification Program. These exams have been released under the McAfee Certified Product Specialist track which is designed to allow the users of McAfee technologies to demonstrate competency around the effective installation, configuration and administration of key McAfee products.

The two new exams focus on the McAfee Network Security Platform and McAfee Host Intrusion Prevention solution. Those who pass the exam and become certified demonstrate the highest levels of technical competency and productivity, helping to lower operating cost and improve levels of service and security. The McAfee Security Certification program is open to all McAfee product users, customers, and partners.

Along with the exam releases, McAfee is announcing the availability of a program logo. This logo can be used by certified individuals as a visual representation of having successfully achieved the McAfee Certified Product or Assessment Specialist benchmark on business cards, email signature lines, etc. The logo will be made available via the McAfee certification candidate system.

Lastly, McAfee is announcing the addition of virtual instructor-led training (VILT) classes to complement the current in-person, instructor-led training and certification preparation capabilities. VILT allows students to attend full training classes over the Internet. These live, instructor-led classes allow McAfee to reach geographically dispersed students while minimizing student and instructor travel time and related expenses.

“McAfee is very pleased to deliver these additional certifications and supporting program elements to the market place,” said Ray Komar, senior director of Global Education Services at McAfee. “Our customers, users and partners have responded extremely favorably to the McAfee certification program and these new additions are in direct response to requests from our community.”

Visit the McAfee University page to find complete instructions on how to register.

McAfee Certified Product Specialist – ePO

20 Thursday Jan 2011

Posted by in Education & Certification

3 Comments

Well I sat the exam this afternoon, and passed :)

It was a tough exam with a passing score needed of 250 (going by the chart on the report, appears to be about 83%). It has been designed well to ensure that only those with a deep understanding of the underlying architecture of ePO, and ‘day to day’ use of the console will pass – which is what it should be for a product specialist, in my opinion.

A few questions which possibly could have been worded better, but for a new exam, it was very good – and after you really do feel like a product specialist :)

There were 97 questions and you have 2 hours. The questions are short, not like some of the Microsoft questions which seem to go on and on and on..

McAfee Launches Security Certification Program

17 Monday Jan 2011

Posted by in Education & Certification

1 Comment

Cool, McAfee news item today:

SANTA CLARA, Calif., January 17, 2011 – McAfee, Inc. (NYSE:MFE) today announced the McAfee Security Certification Program. This global program consists of two “tracks”: The McAfee® Certified Product Specialist track, which supports the McAfee award winning product solutions, and the McAfee® Certified Assessment Specialist track, which has been developed around the McAfee Foundstone Ultimate Hacking assessment methodology. The McAfee Certified Product Specialist track is designed to allow the users of McAfee technologies to demonstrate competency around the effective installation, configuration and administration of key McAfee products.

The McAfee Certified Assessment Specialist track is designed to allow security practitioners to demonstrate deep technical assessment skills in the area of penetration testing and ethical hacking.

Along with the launch of the overall program, McAfee is announcing the global availability of two certification exams. The McAfee Certified Product Specialist exam’s first release focuses on McAfee® ePolicy Orchestrator® (McAfee ePO™) platform. Achieving a passing score on this exam grants the title of McAfee Certified Product Specialist- ePolicy Orchestrator. The McAfee Certified Assessment Specialist exam’s initial release is based on network assessment. Achieving a passing score on this exam grants the title of McAfee Certified Assessment Specialist- Network. Additional exams will be added to create a full curriculum of deep, continually updated security certifications.

“Earning a McAfee Certified Product Specialist or a McAfee Certified Assessment Specialist Certification helps IT professionals stand out by exhibiting the skills required to perform the job function covered by those certifications,” said Ray Komar, senior director of Global Education Services at McAfee. “Certification distinguishes individuals who have demonstrated superior levels of technical expertise that address enterprise security needs.”

The McAfee Security Certification Program covers both market-leading product technologies as well as cutting-edge security assessment techniques. The ability to validate both “defend” and “attack” competencies distinguishes the McAfee Security Certification Program, and those certified by it, from others in the marketplace.

The McAfee Security Certification Program is a valuable investment for the IT professional and employer. Those certified demonstrate the highest levels of technical competency and productivity, helping to lower operating cost, and improve levels of service and security.

Visit the McAfee Security Certification Program page to find complete instructions on how to register.