Go CISP (Registered information Security Professional) certification (12 days)

This article transferred from: http://www.topsec.com.cn/shpx/rzpx/pxkc/cisp/index.htm

CISP (Registered information Security Professional) certification (11 days) China information Security Products Assessment and Certification center (CNITSEC) in 2002 formally introduced to the community "registered information Security Professionals" Qualification certification program.

I. What is a "registered information security Professional""Registered information security professionals", English certified information security Professional, referred to as cisp, refers to information security enterprises, information security consulting services, information security assessment Certification body (including authorized evaluation agencies), Social organizations, groups, enterprises and institutions related information Systems (network) Construction, operation and application management of the technical departments (including the standardization department) necessary professional staff. CISP Qualification Certification is one of the information security assessment and certification services conducted by China Information Security product evaluation and certification center according to the relevant national authority.
Second, the basic function of cisp, the ability requirement and the moral standard1. Basic functions of Cisp  provides technical guarantee for the security of information system.   2. CISP Basic Ability Requirements   have a certain level of education and related work experience   through the CISP certification exam, with the ability to carry out information security services   obtained the certification certificate issued by the management department   3. Cisp's Code of Ethics   all cisp must work hard to obtain and maintain the certification. To implement this principle, all cisp must commit themselves to fully abide by the code of Ethics:   must be honest, impartial, responsible, law-abiding;   must be diligent and competent work, and constantly improve their professional ability and level;   must protect information systems, The value of the application and the system;   must accept cnitsec supervision, and in no case damage CNITSEC or certified reputation, Full cooperation should be given to the cnitsec investigation of Cisp,   must pay the cnitsec in accordance with the provisions.

Cisp qualification characteristics   1. National Certification   Cnitsec according to the national authority to carry out information security products, information system security, Information Security Service qualification and Information Security personnel qualification certification business, and to pass the certificate issued by the certification. "National information security certification of the People's Republic of China" is the country's highest recognition of the quality of information security products.   2. Knowledge system   Cisp's knowledge architecture lists the areas of knowledge related to information security, including information security system and model, security technology, security management and engineering process four knowledge domains, thus avoiding the previous information security training only emphasis on technology, neglect practice and other narrow understanding and one-sided teaching.   3. CISP Certification Classification   according to the actual job needs, CISP divided into the following two categories:   CISE: "Registered information security Engineer", English for Certified information Security Engineer, mainly engaged in information security technology development services engineering construction, etc.   CISO:" Registered information security management personnel ", English for Certified information Security Officer, mainly engaged in information security management and other related work; /span>

Iv. Cisp Market Demand enterprises to enhance the information security technology, management, security capabilities based on professional and professional security organizations. Companies want to train professionals through professional security training services, and professional certification based on standards and criteria is the basis for professional value. Through CISP training, certification: 1, the enterprise trained staff to become a true security experts, certified security experts to meet the long-term enterprise information security Planning, construction, maintenance capacity requirements, to solve the various types of information security problems encountered by enterprises 2, Have more than Cisp show the enterprise to the Information System security assurance commitment and confidence, can provide customers with reliable services;

V. Cisp applicable group Enterprise Information Security Manager Information Security service provider it or security advisor it auditor Information Security class lecturer or trainer Information security incident investigators other work related to information security The person who made the

VI. CISP Certification Requirements 1, education and work experience: A, master degree or above, with 1 years of work experience; B, Bachelor degree, with 2 years work experience, C, college graduate, with 4 years of work experience.

2, professional work experience: at least 1 years engaged in information security-related work experience.

VII. Timetable

Time	Course Code	Course Name	Lesson Content
First day	CISP0101, 102	Basic knowledge and practice of information security Assurance	Information Security Assurance Basic knowledge Information Security principle Typical Information system security model and framework Data Security Assurance work Basic content Information System security work
	CISP0501	Overview of information security standards and regulations	Information security regulations and policy overview key Information security regulations and policy documents interpretation of information security Code of ethics
Next day	CISP0502	Introduction to Information security standards	Safety Standardization Overview Information Security Management standard isms/Information security assessment standard CC grade protection standard
	CISP0206	Operating system security	Operating system fundamentals/Security Mechanisms UNIX security Practices Windows security Practice
	CISP0207	System Application	Database basic knowledge and security mechanism/database management system security Management/middleware Secure Web Service Foundation, web browser and service security, e-mail Security/ftp Security, common software security
Third Day	CISP0204	Network protocol and Architecture security	TCP/IP protocol Secure wireless security/Mobile communication Security Network architecture security
	CISP0205	Network security devices	Firewall technology Intrusion detection technology Other network security technology
Fourth day	CISP0401, 02	Principle and practice of information security engineering	Information Security Engineering theory background safety engineering Capability Maturity Model Safety Engineering Implementation Practice Information Security Engineering supervision
	CISP0302	Information Security Risk Management	Risk Management Work Content information Security risk assessment practice
Fifth day, rest
Sixth day	CISP0201	Fundamentals of Cryptography	Cryptography Basic Concept cryptography (symmetric, asymmetric, hash function)
	CISP0202	Cryptography Applications	VPN technology PKI/CA system
Seventh Day	CISP0303	Information Security Management measures	Basic Safety management measures
	CISP0304	Important Security Management process	Important Security Management process
	CISP0301	Information Security management System	Information security Management Basic concept Information Security management system construction
Eighth Day	CISP0208	Security vulnerabilities and malicious code	Basic concept and principle of malicious code, defense Technology Information Security vulnerability/security attack and defense basis
	CISP0209	Safety and defense practices	Security attack and defense basic target information collection/password cracking principle and practice the principle and practice of cache overflow principles and examples of spoofing attack principle and instance Web Script Vulnerability principle and instance computer forensics
Nineth Day	CISP0203	Access control and audit monitoring	Access Control Technology Audit and monitoring technology for accessing control model
	CISP0210	Software Security Development	Software Security Development Overview The Key stage of software security development
	Chuanjiang	Comprehensive Knowledge Grooming
Day	Candidates ' free review before exams
11th Day	Exam

VIII. Training and test time in order to maintain the seriousness and authority of the CISP examination and ensure the fairness and impartiality of the examination, China Information Security Evaluation Center has been piloting the fixed-point examination system in Beijing since April 21, 2012. Place of examination is the Institute of International Relations

Go CISP (Registered information Security Professional) certification (12 days)