CERTIFICATIONS OVERVIEW
BS 7799/ ISO 27001 Auditor
OPSA (OSSTMM Professional
Security Analyst)
OPST (OSSTMM Professional
Security Tester)
READING REQUIREMENTS
BS 7799/
ISO 27001 Auditor
British Standard 7799 gives recommendations to information security
management for initiating, documenting, implementing, and maintaining
security. It is intended to provide a common basis for developing
individual organizational security processes and documenting them as
security policy.
A tool for auditing security both internally and externally, the BS7799
allows for checklist-type managerial audits and the scaling of security
procedures to conform with international best practices.
BS7799 Information Security Management certifies the auditor with being
able to apply the BS7799 to conducting gap analysis, security analysis,
business impact analysis, select appropriate security controls, and to
create and implement the required deliverables of BS7799.
The certification requirements are:
1. Know the key
requirements of BS7799-2:2002.
2. Coherently answer questions regarding BS7799.
3. Be able to plan, implement and report a security audit.
4. Understand the benefits of implementing corrective and preventive
actions.
5. Design and implement an ISM System that adequately supports BS7799.
6. To establish a compliance level for all ten security controls.
OPSA (OSSTMM Professional
Security Analyst)
The OPSA certification
is ISECOM's official security analysis accreditation based on the OSSTMM
and accredited by La Salle-URL University, Barcelona as part of their Masters
program. University accreditation is an important part of ISECOM's
certifications as they assure a worldwide university standard and does
not force the decision maker to consider if the certification is real
and accepted.
The OPSA certification is to verify that a professional can make
resourceful, practical decisions and address the unexpected problems
that may appear in enterprise security and security testing. This is a
walk the walk accreditation that proves an understanding of security
and an ability to analyze secure networks from the network map to the
boardroom. It is not an easy certification to earn but to have earned it
is extremely rewarding. If your job is anything about security then you
can say OPSA is about really knowing how to do your job.
The OPSA covers the following 5 topics for analysis:
1. Professional
Consulting, ethics, and project planning.
2. Enumeration Analysis of various packet types.
3. Assessments Estimates from test data and project planning.
4. Application The analysis of Internet application tests.
5. Verification Determination test validity through tool
outputs.
The OPSA is
partially focused on understanding test results, how and where they came
from, and what they mean. The other part is on the process that brings a
team to getting these test results and what to do with the results. This
encompasses security test/tester management through risk assessment and
test planning (what to test) as used in the OSSTMM.
OPSA exam structure
-
The OPSA
Accreditation examination consists of 50 multiple-choice questions.
-
The exam is open
an book, hands on skills assessment of the application of professional
and analytical knowledge.
-
Candidates have
up to 4 hours to complete the examination.
-
A language
dictionary may be used (another language to English dictionary).
OPST (OSSTMM Professional
Security Tester)
The OPST is the ISECOM certification exam for the baseline skills and
know-how required for professional security testing, proper use of the
most current version of the Open Source Security Testing Methodology
Manual (OSSTMM), and accreditation for OSSTMM Auditors.
READING REQUIREMENTS
Although there are no
reading requirements specifically before the event, those who have less
than 2 years experience in security management, testing, or technologies
would want to do some studying ahead of time. For that we recommend:
1. OSSTMM 2.11 from
www.osstmm.org
2. ISM3 from
www.isecom.org/ism3
3. CISSP test samples and readings from
www.cccure.org
4. BS7799 from
emea.bsi-global.com/InformationSecurity/Overview/index.xalter
5. TCP/IP Tutorial and Technical Overview from
publib-b.boulder.ibm.com/redbooks.nsf/RedbookAbstracts/gg243376.html?Open
6. OPSA study guide (provided to registered students)
