แนวทางการพ ฒนา Information Security Professional ในประเทศไทย

Similar documents
INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. Annual Meeting Minutes October 15, 2005 Miami, Florida USA

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

Security in Today s Insecure World for SecureTokyo

CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS

building for my Future 2013 Certification

Enterprise with Integrity

BRING EXPERT TRAINING TO YOUR WORKPLACE.

Certified Information Security Manager (CISM) Course Overview

Mohammad Shahadat Hossain

HCISPP HealthCare Information Security and Privacy Practitioner

The Role of SANAS in Support of South African Regulatory Objectives. Mr. Mpho Phaloane South African National Accreditation System

WELCOME TO ISACA Claudio CILLI, CISA, CISM, CRISC, CGEIT

ISACA Enterprise. Solutions and Resources

Northeast Ohio Chapter Annual General Meeting

BECOME TOMORROW S LEADER, TODAY. SEE WHAT S NEXT, NOW

ISACA International Perspective

ISO in the world today

IT Services: Identifying the Addressable Markets for Telecom Operators (Executive Summary) Executive Summary

Effective COBIT Learning Solutions Information package Corporate customers

COURSE BROCHURE CISA TRAINING

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

MY CERTIFICATION HELPED ME GET HERE. MY MEMBERSHIP HELPS KEEP ME HERE.

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

Reasons to Become CISSP Certified. Keith A. Watson, CISSP CERIAS

Training + Information Sharing: Pillars of enhancing cybersecurity posture

ROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success.

Solutions Technology, Inc. (STI) Corporate Capability Brief

Technology and data privacy Global perspectives

Predstavenie štandardu ISO/IEC 27005

Purchasing. Operations 3% Marketing 3% HR. Production 1%

Cybersecurity for ALL

The ACA Qualification Creating leaders in Accountancy, Finance and Business

IATF Stakeholder Conference

ITIL Intermediate Continual Service Improvement (CSI) Certification Boot Camp - Brochure

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :

NSS NETWORK SECURITY SOLUTIONS REST ASSURED

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Presentation by International Organization for Standardization

(ISC) 2 CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES AND GUIDELINES

Forum. Ningbo, China 25 February

Driving Global Resilience

(ISC) 2 CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES AND GUIDELINES

Creating a Global Network

UK's Chartered Civil Engineers and their recognition in Europe and beyond. David Lloyd-Roach Director of Membership

ISO/ IEC (ITSM) Certification Roadmap

Cyber Update Mr. Paul Phillips AFLCMC/WNSA (937) May 17

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

An Overview of ISO/IEC family of Information Security Management System Standards

An Overview of TOGAF Version 9.1

Global Security Consulting Services, compliancy and risk asessment services

Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant

ISACA Certification Your Blueprint for Success

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

ITIL Intermediate Service Design (SD) Certification Boot Camp - Brochure

Law & Policy Meets Data in the Cloud: Data Sovereignty Across Asia. Bernie Trudel Chairman, Asia Cloud Computing Association

Certified in the Governance of Enterprise IT Training - Brochure

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

ISACA Certifications Overview

Les joies et les peines de la transformation numérique

Biorisk Management Professional Certification Program. Maureen Ellis Executive Director International Federation of Biosafety Associations

GLOBAL PKI TRENDS STUDY

Balancing energy and environmental demands

Building the Cybersecurity Workforce. November 2017

(ISC) 2 Continuing Professional Education (CPE) Handbook

Innovative Fastening Technologies

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

KYAUK PHYU SPECIAL ECONOMIC ZONE DEVELOPMENT. Kyauk Phyu, Rakhine State, MYANMAR

Playing Security Poker I match your degree and raise you by a certification or 2 Grumpy Old Security Men What s up Cert?

BHConsulting. Your trusted cybersecurity partner

Certification Exam Outline Effective Date: September 2013

Innovative and Flexible financing. for the New Economy C APITAL. The Leader in End-to-End Financial Services for Your Network Investments

Software withdrawal: IBM Tivoli Storage Manager for Copy Services and IBM Tivoli Storage Manager for Advanced Copy Services - Replacements available

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

CISA/CISM/CGEIT. CGEIT Programs Overview Prof. Ing.. Claudio CILLI CISA, CISM, CGEIT, CISSP, CSSLP, CIA, M.Inst.ISP

Indicate whether the statement is true or false.

IPS Securex s revenue rose 36.5% to S$2.3 million in 1Q2018

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

ISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT )

Balancing energy and environmental demands

Server Virtualisation Assessment. Service Overview

DoD Directive (DoDD) 8570 & GIAC Certification

The Inclusive Internet Index (3i)

The Role of Public Sector Audit and Risk Committees in Cybersecurity & Digital Transformation. ISACA All Rights Reserved.

GUIDELINES FOR SUBMITTING CONTINUING PROFESSIONAL EDUCATION (CPE) CREDITS

Invest in. ISACA-certified professionals, see the. rewards.

The Value Methodology SAVE International

The National Initiative for Cybersecurity Education (NICE) The NICE Workforce Framework, NIST SP , Overview October 4, 2017

Accreditation Bodies in other

Cloud Computing: A European Perspective. Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA

Top Business/Technology Issues Survey 2011

Regional Focus: Asia Pacific - the world's largest mobile phone market

GLOBAL SERVICES TRAINING SUPPORT REPAIR SERVICES

JEAS-Accredited Environmental Assessor Qualification Scheme

CYBER INTELLIGENCE ASIA Combating Cybercrimes across the region Conference & Exhibition 20 th 22 nd March 2018 Singapore

THE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS

ITIL Intermediate Service Design (SD) Certification Training - Brochure

2018 CALENDAR OF ACTIVITIES

Software-defined Networking Development Model

(ISC) 2 Update. ( Security Transcends Technology SM ) Dow A. Williamson, CISSP. Director of Communications

Transcription:

แนวทางการพ ฒนา Information Security Professional ในประเทศไทย โดย Thailand Information Security Association (TISA)

Agenda 1) Global Information Security Professional Situation 2) Current Thailand Information Security Professional Situation 3) Information Security Essential Body of Knowledge (EBK) from Department of Homeland Security (DHS) 4) TISA and Information Security Professional Development Program 5) EBK and Enterprise Information Security Capability : The Future Roadmap

Percentage of IT Budget for Security Most organizations put it around 3-5% 10%+ seem to be the norm Source: 2008 CSI Computer Crime & Security Survey

Awareness Training as a Percentage of Security Budget Organizations put too small effort on the weakest link human. The misperception that IT security is only the responsibility of IT dept. negatively influence the implementation, Only if the perception is change, the figure will. Source: 2008 CSI Computer Crime & Security Survey

Leading IT and InfoSec Professional Certification Institutes

(ISC)² - Insight from the Workforce Established in 1989 - Non-profit consortium of industry leaders dedicated to educating and certifying information security professionals worldwide 57,000 members in 135 countries Consultation and Research: (ISC)2 CBK World s largest taxonomy of information security topics Board of Directors - top information security professionals worldwide. CISSP and SSCP are accredited ANSI/ISO/IEC Standard 17024 and were the first technology-related credentials to receive this accreditation.

(ISC)² Around the World Membership Distribution 35000 (ISC)² has members in 133 countries across the globe 32,873 30000 27,226 25000 20000 15000 10000 2005 2006 5000 5018 6585 5914 4265 0 272 388 Africa Asia Australia/Oceana 474 932 44 96 Caribbean Europe Middle East 563 638 279 569 North America South/Central America

Membership Milestones in Asia-Pacific 8 economies have at least 200 members (as of 30/09/07) South Korea 1,991 Hong Kong 1,315 Singapore 953 India 923 Australia 898 Japan 883 China 400 Taiwan 244

CISSPs in Asia- South Korea: Highest population of CISSP in Asia As of: 30/SEPT/07 China (400) Macao (8) Korea, South (2,003) Thailand (91) Japan (883) Indonesia (44) Hong Kong (1,311) Singapore (9)47 India (909) Sri Lanka (35) Taiwan (238) Malaysia (177) Philippines (112)

Membership Growth in Japan 94% growth since to date 900 800 700 600 500 400 300 200 100 0 2003 2004 2005 2006 2007

Membership Growth in Korea 2000 1800 1600 1400 1200 1000 800 600 400 200 0 82% growth since 2003 to date 2003 2004 2005 2006 2007

Does your organization require its staff to have information security certification? IF YES - What are all the reasons your organization requires staff to have information security certifications?

Plans to Acquire Additional Certifications

(ISC)2 Global Membership (as of June,08) (ISC)² Members Worldwide: CISSP 58,080 ISSAP 770 ISSEP 355 ISSMP 675 CAP 380 SSCP 666 Associate of (ISC)² 831 (ISC)2 Members in Thailand: CISSP 98

ISACA Global Membership (as of June,08) CISA Members Worldwide: CISA 45,000 CISM 8,000 CGEIT 364 CISA Members in Thailand: CISA 135 CISM 24 CGEIT 2

Difference among IA, IT Audit, Infosec Audit and System Security Audit Internal Audit IT Audit InfoSec Audit System Security Audit Audit scope Enterprise IT IS Security System specific Audit Framework Audit objective Professional Cert. etc. COSO CobiT ISO27001 CG ITG, IT/Biz Alignment Security Governance CIA CISA CISSP, IRCA:ISMS NIST(SPP800-53A,SP800-115), NSA:IAM, OSSTMM System security, hardening NSA:IAM,OPST, OPSA, CEH, SSCP, CSSLP

Information Technology (IT) Security Essential Body of Knowledge (EBK) A Competency and Functional Framework for IT Security Workforce Development September 2008 United States Department of Homeland Security

DoD 8570.01-M Information Assurance Workforce Improvement Program December 19, 2005

DoD 8570.01-M Information Assurance Workforce Improvement Program May 15, 2008

Why was the EBK established? Rapid evolution of technology Various aspects and expertise are increasingly required Standard or common guideline in recruiting, training and retaining of workforce Knowledge and skill baseline Linkage between competencies and job functions For public and private sectors

Purpose of EBK Articulates functions that professionals within the IT security workforce perform in a common format and language. Provides a reference for comparing the content of IT security certifications, which have been developed independently according to varying criteria Promotes uniform competencies to increase the overall efficiency of IT security education, training, and professional development Offers a way to further substantiate the wide acceptance of existing certifications so that they can be leveraged appropriately as credentials Provides content that can be used to facilitate cost-effective professional development of the IT security workforce, including skills training, academic curricula, and other affiliated human resource activities.

How was this built? The President s Critical Infrastructure Protection Board (PCIPB) was established in October 2001 PCIPB created the IT Security Certification Working Group (ITSC-WG) 2003, the President released the National Strategy to Secure Cyberspace 2003, DHS-NCSD was established to act as a national focal point for cyber security Lead by the Department of Homeland Security, National Cyber Security Division (DHS-NCSD) together with academia, government, and private sector DHS-NCSD introduced this first draft to a broader audience of SMEs in January 2007 It will be re-evaluated approximately every two years

EBK Development Process Refer to 53 Critical Work Function (CWF) from DoD IASS

Key Divisions 4 functional perspectives 14 competency areas 10 roles

Functional Perspectives 1. Manage 2. Design 3. Implement 4. Evaluate

IT Security Roles 1. Chief Information Officer 2. Digital Forensics Professional 3. Information Security Officer 4. IT Security Compliance Officer 5. IT Security Engineer 6. IT Security Professional 7. IT Systems Operations and Maintenance Professional 8. Physical Security Professional 9. Privacy Professional 10.Procurement Professional

Competency Areas (MDIE in each) 1. Data Security 2. Digital Forensics 3. Enterprise Continuity 4. Incident Management 5. IT Security Training and Awareness 6. IT System Operations and Maintenance 7. Network and Telecommunication Security 8. Personnel Security 9. Physical and Environmental Security 10. Procurement 11. Regulatory and Standards Compliance 12. Security Risk Management 13. Strategic Security Management 14. System and Application Security

TISA EBK Analysis Managerial Level Professional Level Entry Level

Your Competency Scorecard

Enterprise Infosec Competency Profile Enterprise Capability EBK Training Provider

TISA : The Future Roadmap 2009-2011

http://www.tisa.or.th Copyright 2009 TISA and its respective author (Thailand Information Security Association) Please contact : varapong@acisonline.net

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback