Go CISP (Registered information Security Professional) certification (12 days)

Source: Internet
Author: User

This article transferred from: http://www.topsec.com.cn/shpx/rzpx/pxkc/cisp/index.htm

CISP (Registered information Security Professional) certification (11 days) China information Security Products Assessment and Certification center (CNITSEC) in 2002 formally introduced to the community "registered information Security Professionals" Qualification certification program.

I. What is a "registered information security Professional""Registered information security professionals", English certified information security Professional, referred to as cisp, refers to information security enterprises, information security consulting services, information security assessment Certification body (including authorized evaluation agencies), Social organizations, groups, enterprises and institutions related information Systems (network) Construction, operation and application management of the technical departments (including the standardization department) necessary professional staff. CISP Qualification Certification is one of the information security assessment and certification services conducted by China Information Security product evaluation and certification center according to the relevant national authority.
Second, the basic function of cisp, the ability requirement and the moral standard1. Basic functions of Cisp  provides technical guarantee for the security of information system.   2. CISP Basic Ability Requirements   have a certain level of education and related work experience   through the CISP certification exam, with the ability to carry out information security services   obtained the certification certificate issued by the management department   3. Cisp's Code of Ethics   all cisp must work hard to obtain and maintain the certification. To implement this principle, all cisp must commit themselves to fully abide by the code of Ethics:   must be honest, impartial, responsible, law-abiding;   must be diligent and competent work, and constantly improve their professional ability and level;   must protect information systems, The value of the application and the system;   must accept cnitsec supervision, and in no case damage CNITSEC or certified reputation, Full cooperation should be given to the cnitsec investigation of Cisp,   must pay the cnitsec in accordance with the provisions.

Cisp qualification characteristics   1. National Certification   Cnitsec according to the national authority to carry out information security products, information system security, Information Security Service qualification and Information Security personnel qualification certification business, and to pass the certificate issued by the certification. "National information security certification of the People's Republic of China" is the country's highest recognition of the quality of information security products.   2. Knowledge system   Cisp's knowledge architecture lists the areas of knowledge related to information security, including information security system and model, security technology, security management and engineering process four knowledge domains, thus avoiding the previous information security training only emphasis on technology, neglect practice and other narrow understanding and one-sided teaching.   3. CISP Certification Classification   according to the actual job needs, CISP divided into the following two categories:   CISE: "Registered information security Engineer", English for Certified information Security Engineer, mainly engaged in information security technology development services engineering construction, etc.   CISO:" Registered information security management personnel ", English for Certified information Security Officer, mainly engaged in information security management and other related work; /span>

Iv. Cisp Market Demand enterprises to enhance the information security technology, management, security capabilities based on professional and professional security organizations. Companies want to train professionals through professional security training services, and professional certification based on standards and criteria is the basis for professional value. Through CISP training, certification: 1, the enterprise trained staff to become a true security experts, certified security experts to meet the long-term enterprise information security Planning, construction, maintenance capacity requirements, to solve the various types of information security problems encountered by enterprises 2, Have more than Cisp show the enterprise to the Information System security assurance commitment and confidence, can provide customers with reliable services;

V. Cisp applicable group Enterprise Information Security Manager Information Security service provider it or security advisor it auditor Information Security class lecturer or trainer Information security incident investigators other work related to information security The person who made the

VI. CISP Certification Requirements 1, education and work experience: A, master degree or above, with 1 years of work experience; B, Bachelor degree, with 2 years work experience, C, college graduate, with 4 years of work experience.

2, professional work experience: at least 1 years engaged in information security-related work experience.

VII. Timetable


Course Code

Course Name

Lesson Content

First day

CISP0101, 102

Basic knowledge and practice of information security Assurance

Information Security Assurance Basic knowledge Information Security principle Typical Information system security model and framework Data Security Assurance work Basic content Information System security work


Overview of information security standards and regulations

Information security regulations and policy overview key Information security regulations and policy documents interpretation of information security Code of ethics

Next day


Introduction to Information security standards

Safety Standardization Overview Information Security Management standard isms/Information security assessment standard CC grade protection standard


Operating system security

Operating system fundamentals/Security Mechanisms UNIX security Practices Windows security Practice


System Application

Database basic knowledge and security mechanism/database management system security Management/middleware Secure Web Service Foundation, web browser and service security, e-mail Security/ftp Security, common software security

Third Day


Network protocol and Architecture security

TCP/IP protocol Secure wireless security/Mobile communication Security Network architecture security


Network security devices

Firewall technology Intrusion detection technology Other network security technology

Fourth day

CISP0401, 02

Principle and practice of information security engineering

Information Security Engineering theory background safety engineering Capability Maturity Model Safety Engineering Implementation Practice Information Security Engineering supervision


Information Security Risk Management

Risk Management Work Content information Security risk assessment practice

Fifth day, rest

Sixth day


Fundamentals of Cryptography

Cryptography Basic Concept cryptography (symmetric, asymmetric, hash function)


Cryptography Applications

VPN technology PKI/CA system

Seventh Day


Information Security Management measures

Basic Safety management measures


Important Security Management process

Important Security Management process


Information Security management System

Information security Management Basic concept Information Security management system construction

Eighth Day


Security vulnerabilities and malicious code

Basic concept and principle of malicious code, defense Technology Information Security vulnerability/security attack and defense basis


Safety and defense practices

Security attack and defense basic target information collection/password cracking principle and practice the principle and practice of cache overflow principles and examples of spoofing attack principle and instance Web Script Vulnerability principle and instance computer forensics

Nineth Day


Access control and audit monitoring

Access Control Technology Audit and monitoring technology for accessing control model


Software Security Development

Software Security Development Overview The Key stage of software security development


Comprehensive Knowledge Grooming


Candidates ' free review before exams

11th Day


VIII. Training and test time in order to maintain the seriousness and authority of the CISP examination and ensure the fairness and impartiality of the examination, China Information Security Evaluation Center has been piloting the fixed-point examination system in Beijing since April 21, 2012. Place of examination is the Institute of International Relations

Go CISP (Registered information Security Professional) certification (12 days)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.