How Training and Consulting Companies Can Position CISSP, CISM and CRISC

Copyright © 2015 ITpreneurs. All rights reserved.

#ITpreneursLIVE Go-To-Market

CISSP, CISM and CRISC:

Help your Clients Raise

the Information Security

Bar


Welcome

Deborah BurtonChannel Marketing Manager


Low Barrier & High Impact: How ITpreneurs can help increase revenues and save costs

Stay on the Cutting-Edge

Access a Comprehensive Library

Enjoy Convenience

Save content Costs by up to 80%

● No Content Development Costs

● No Content Maintenance Costs

● Lower costs with increased usage

● 1000+ Titles

● Across most IT Domains

● 12 Languages

● Anytime, Anywhere ordering

● Marketing Support

● Exam Services

● Accreditation

● Trainer Services

● First to Market

● Consistent Quality

● Various Delivery Formats

● Always Up-to-Date

● Partner Enablement


Webinar: Help Your Clients

Raise the information

Security Bar


Today’s Speakers

Moderator:

Connie TaiMarketing Manager, ITpreneurs

Presenter:

Miroslaw DabrowskiIT Consultant, Agile Coach, Trainer, Courseware AuthorASL BiSL Foundation Ambassador Poland; OBASHI Ambassador Programme Leader


Agenda


● The Evolving Information Security Training Landscape

● CISSP, CISM, CRISC - Some of the highest

in-demand information security framework

● Go-To-Market Strategies

● Advantages of Using ITpreneurs Materials

● How to get started

Today You Will Learn


Information Security

Landscape


Information & Network & Cyber SecurityNIST definitions:

Information Security (not just IT Security):

Protecting information and information

systems to provide (aka CIA triad):

1) confidentiality

2) integrity

3) availability of information

Network Security:

The protection of all data that leaves or

enters the local PC or local server from the

network.

Cybersecurity:

The ability to protect or defend the use of

cyberspace from cyber attacks.

Information Security

Network Security

Cyber Security

Anything Security-related

in the cyber realm

Anything involving security

of information systems

regardless of realm


According to the UK National Audit Office, it could take up to 20 years to

address the current skills gap. (Source: The Guardian, 26 September 2013)

47% of organizations say that the number of employees dedicated to

network security is inadequate in some, most, or all cases. (Source:

Network World September 2014)

86% of respondents see a global cybersecurity skills gap - and 92% of

those planning to hire more cybersecurity professionals this year say they

expect to have difficulty finding a skilled candidate (Source: ISACA Global

Cybersecurity Report January 2015)

Alarming Data on InfoSec Skills Shortage


Skills in Demand in the Coming Years

Source: Robert Half Technology 2013, 2014 & 2015 IT Salary Guides


Founded in 1969 as the EDP Auditors Association

Since 1978, CISA has been a globally accepted standard of competency among

IS audit, control, assurance and security professionals

More than 120,000 members in over 180 countries

More than 200 chapters worldwide

More than 100,000 people certified

ISACA


ISACACISA CISM CRISC CGEIT

Career Path Lead IT Auditor Chief (Information) Security

Officer (CSO / CISO)

Chief Risk Officer

(CRO)

Chief Information Officer

(CIO)

Focus IT Audit Information Security Risk Management IT Governance

Work Performed

Provide assurance by

conducting audits and

assessments of information

systems

Oversee, direct and

manage information

security activities

Identify, evaluate and

manage risk through the

development,

implementation and

maintenance of information

systems controls

Define, establish, maintain

and manage a framework

of IT governance

Requirements

Submit verified evidence of

a minimum of 5 years of

verifiable IS audit, control

or security experience

(substitutions available)



information security

management work

experience (covering 3 of

the 4 job practice domains



risk and information

systems controls

experience (covering 3 of

the 5 job practice domains)


the 5 years experience

requirements as defined by

the CGEIT Job Practice

Additional requirements● Adhere to the ISACA Code of Professional Ethics

● Comply with the CGEIT Continuing Education Policy


Founded in 1988 as Consortium

Since 1998, CISSP has been a globally accepted standard of competency

among Information Security

More than 70,000 members in over 140 countries

More than 100,000 people certified

ISC2


Globally recognized standard of achievement Common Body of Knowledge

For experienced professionals in the computer security field. Candidates must

have five years of direct full-time professional security work experience in two or

more of the ten domains of the (ISC)² CISSP CBK

CISSP

CISSP holders often hold job functions including

● Security Consultant

● Security Manager

● IT Director/Manager

● Security Auditor

● Security Architect

● Security Analyst

● Security Systems Engineer

● Chief Information Security Officer

● Director of Security

● Network Architect


The CISSP exam is based on the following 10 domains:

● Access Control

● Telecommunications and Network Security

● Information Security Governance and Risk Management

● Software Development Security

● Cryptography

● Security Architecture and Design

● Operations Security

● Business Continuity and Disaster Recovery Planning

● Legal, Regulations, Investigations, and Compliance

● Physical (Environmental) Security

CISSP Certification Proves a Mastery of IT

Security and Information Assurance


Why do people always refer to this standard when they talk about information

security framework?

The ISO 27000 family of standards helps organizations keep information assets

secure. Using this family of standards will help your organization manage the

security of assets such as financial information, intellectual property, employee

details or information entrusted to you by third parties. ISO/IEC 27001 is the

best-known standard in the family providing requirements for an information

security management system (ISMS). (Source: www.iso.org)

ISO/IEC 27001:2013 Standard

www.iso.org


Go-To-Market

Strategies


● Protect business assets and repair vulnerabilities

● Be compliant with regulatory requirements

● Build trust with customers to ensure business success

● Corporate Reputation

Key Drivers for Information Security Training


Who are you talking to? Understanding

different Stakeholders’ Perspective

and so should your sales pitch…...

• More than 3,000

companies in the U.S.

were victims of a

cyberattack last year,

costing an estimated

$445 billion - how

well-protected are we

against operational

and reputational

damage from cyber

attacks?

• Have we aligned our

cybersecurity strategy to

our risk appetite and the

overall risk environment.

• Cyber attacks can invite

greater regulatory scrutiny,

which in turn increases

organizational costs - Have

we addressed this risk

properly?

CEO CIO/CISO CFO

• I want security to support

the business objectives

• Challenges to find qualified

staff to build the team to

meet requirements and

performance standards

Decision criteria vary…


When you talk to individual learners ...

Employers look to certifications as measure of excellence and quality. Get

certified pays off in increased in salary. Among the top-paying certifications:

● Certified in Risk and Information Systems Control (CRISC) $119,227

● Certified Information Security Manager (CISM) $118,348

● Certified Information Systems Security Professional (CISSP) $110,603

Source: 2015 IT Skills and Salary Survey conducted by Global Knowledge and Windows IT Pro


On the pyramid of needs among IT organizations, what will

be the resistance to invest in cyber security or information

security training?

What if the maturity of the IT organization is low - should

information security be put on the top of the list?

Potential Barriers


Open-enrollment vs In-house training

Positioning Your Training Offering


Advantages of using

ITpreneurs

Courseware


● ISACA does not provide official examination Syllabus

● ISACA exam scope is updated yearly with publishing new Review Manuals

each year

● Based on changes and trends in the market, ISACA updates it’s certification

scope

● ITPreneurs pays close attention to those changes

ISACA and ISC2 Exams are Pragmatic


No software license, no installation required. Available via web browser

Interactive Mind Maps from ISACA portfolio


Get Started:

www.itpreneurs.com


Available Soon ...

ISC2 CISSP Exam Prep - 5 Days

ISACA CISA Exam Prep - 4 Days

ISACA CISM Exam Prep - 4 Days

ISACA CRISC Exam Prep - 4 Days

ISACA CGEIT Exam Prep - 4 Days


Intermediate

Level

(applied skills)

Best Practices // Methods Technology // Tools

Foundation

Level

(common

knowledge)Cyber

Resilience

Foundation

EXIN Info

Security

Foundation

CISSP

Information Security Portfolio

Secure

Coding

Foundation

Cyber

Security

Portfolio

EXIN Info

Security

Advanced

ISO 27001

Foundation

CISACISM

Ethical

Hacking

Foundation

Data

Privacy

Officer

ISO 27001

Lead

Implement.

ISO 27001

Lead

Auditor

Cyber

Resilience

Practitioner

CCSK

Foundation

Risk

Portfolio

Although the Contents contained herein are provided under the highest professional standards in the generation of these forecasts, ITpreneurs does not guarantee the

accuracy or completeness of any information contained herein.


Intermediate

Level

(applied skills)

Best Practices // Methods Technology // Tools

Foundation

Level

(common

knowledge)Cyber

Resilience

Foundation

EXIN Info

Security

Foundation

CRISC

COBIT 5

Auditor

CGEIT

Risk & Governance Portfolio

Information

Security

Portfolio

CISACISM

ISO 22301

Foundation

Open Group

FAIR

ISO 22301

Lead

Auditor

ISO 22301

Lead

Implement.

COBIT 5

Implement.

M_o_R

Foundation

COBIT 5

FoundationISO 31000

FoundationOceans99

Simulation

Governance

of Info Sec

workshop

Although the Contents contained herein are provided under the highest professional standards in the generation of these forecasts, ITpreneurs does not

guarantee the accuracy or completeness of any information contained herein.

Although the Contents contained herein are provided under the highest professional standards in the generation of these forecasts, ITpreneurs does not guarantee the

accuracy or completeness of any information contained herein.


How You Can Get Started 1/2

Partner

A Full Service

Partner

B Use Your own trainer

Partner

C Only use our Courseware

Courseware Exams Services Trainers

Courseware Exams Services

Courseware Exams


How You Can Get Started 2/2

Visit the ITpreneurs.com Website

Review the Product of Interest

Get in touch either through the Contact

Form, send us an email, or call!


Q&A


+31 107.110.260

[email protected]

Contact Us

Connie Tai

Products & Solutions Marketing

ITpreneurs | Rotterdam | The Netherlands

mailto:[email protected]

How Training and Consulting Companies Can Position CISSP, CISM and CRISC

Technology

itpreneurs presenter

itpreneurs materialshow

network world

content costs

cybersecurity professionals

current skills gap

bisl frameworkpositioning

cyber realmanything