Help Your Clients Raise the Information Security Bar With CISSP, CISM and CRISC
Miroslaw Dabrowski / 24 June 2015
Organizations that fail to protect the personal details of their customers suffer severe financial and reputational repercussions. The theft of their vital intellectual property is becoming considerably easier and the thought of losing trade secrets which could subsequently jeopardize their very core and even put them out of business is a major concern. To put a number to it, according to the Telegraph the cost of cybercrime for the global economy is approximately $445 billion annually.
Unfortunately skilled cybersecurity professionals who could adequately protect organizations are a scarce commodity:
- According to the UK National Audit Office, it could take up to 20 years to address the current skills gap. (Source: The Guardian, 26 September 2013)
- 47% of organizations say that the number of employees dedicated to network security is inadequate in some, most, or all cases. (Source: Network World September 2014)
- 86% of respondents see a global cybersecurity skills gap – and 92% of those planning to hire more cybersecurity professionals this year say they expect to have difficulty finding a skilled candidate (Source: ISACA Global Cybersecurity Report January 2015)
A Great Opportunity for IT Training Providers to Bridge the Skills Gap
The likes of Sony Corporation and Amazon.com, Inc. may be obvious targets due to their presence and stature, but cyber attacks are usually indiscriminate and your learners/clients are as vulnerable as the next organization.
Helping clients raise their information bar is not just a way for IT training providers to create revenue. It is an opportunity to build a reputation in a domain with an enormous demand that dwarfs the current and future supply. One could even argue that it is an ethical responsibility of every IT training provider to equip its learners/clients with the best skills and certifications available in cyber security.
CISSP, CISM and CRISC – What You Need to Know
Certified Information Systems Security Professional (CISSP) is a vendor-neutral certification backed by ISC².
This certification course is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks.
Candidates must have five years of direct full-time professional security work experience in two or more of the ten domains of the (ISC)² CISSP CBK. Since 1998, CISSP has been a globally accepted standard of competency among information security professionals.
CISSP qualified individuals often hold the following positions among others:
- Security Consultant
- Security Manager
- IT Director/Manager
- Security Auditor
- Security Architect
- Security Analyst
- Security Systems Engineer
- Chief Information Security Officer
- Director of Security
- Network Architect IT Director/Manager
CISM and CRISC
Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC) are ISACA backed certification courses covering information security and risk management respectively.
Successful CISM candidates may pursue a career as Chief (Information) Security Officer (CSO / CISO) while CRISC leads to a career as Chief Risk Officer (CRO).
CISM Requirements: Submit verified evidence of a minimum of 5 years of information security management work experience (covering 3 of the 4 job practice domains).
CRISC Requirements: Submit verified evidence of a minimum of 3 years of risk and information systems controls experience (covering 3 of the 5 job practice domains).
Overcoming the Complacency Barrier
It is a well-known fact that there is an increasing awareness for those involved in an organization’s cyber security about the threats they face in cyberspace and their own vulnerabilities. However, many of them are still very complacent. Last year Trend Micro highlighted how and why such complacency can occur on their blog post-Cybersecurity complacency a leading cause of data breaches.
Some of the major aspects to be taken into consideration when consulting with clients about adding to their arsenal of cyber security knowledge are:
Key Drivers for Information Security Training
- Protect business assets and repair vulnerabilities
- Be compliant with regulatory requirements
- Build trust with clients to ensure business success
- Corporate reputation
Understanding the Perspective of Different Stakeholders
- CEO: More than 3,000 companies in the U.S. were victims of a cyberattack last year, costing an estimated $445 billion – how well-protected are we against operational and reputational damage from cyber attacks?
- CIO/CISO: I want security to support the business objectives. I want to find qualified staff to build the team to meet requirements and performance standards.
- CFO: Have we aligned our cyber security strategy to our risk appetite and the overall risk environment? Cyber attacks can invite greater regulatory scrutiny, which in turn increases organizational costs – Have we addressed this risk properly?
Understanding the Perspective of Individual Learners
Employers look to certifications as measure of excellence and quality. Getting certified pays off in increased salary. According to the 2015 IT Skills and Salary Survey conducted by Global Knowledge and Windows IT Pro, the certification courses we have mentioned are among the top-paying:
- Certified in Risk and Information Systems Control (CRISC) $119,227
- Certified Information Security Manager (CISM) $118,348
- Certified Information Systems Security Professional (CISSP) $110,603
Choosing the Right Content Provider
As an IT training provider it is of paramount importance that you partner with the content provider that fully understands your needs. Just like any business entity, you want to increase revenue and save costs while benefiting your clients. When it comes to the above mentioned training portfolio , there is no exception.
See how ITpreneurs’ low barrier and high impact model can help you increase revenue and save costs.