My Study Plan for EXIN Information Security
Globalization of data and networks leads to exchange of information between companies, where the information becomes prey to hackers and fraudsters. EXIN Information Security program aims on increasing security awareness of an organization and increasing sense of responsibility of the management and employees. The qualification program of EXIN Information Security is necessary for any individual who deals with information security and confidentiality. Through this program I have become aware of security risks and abuses.
EXIN Information Security program provides certification on three levels. They are Foundation level, Professional (Advanced) level and Expert level. In this certification course, the candidate learns to promote security-conscious, to handle confidential information, to implement and monitor data security.
Information security Foundation based on ISO/IEC 27002:
In this module the basics concepts of data security and its affiliation is tested. The main objective of this level is to increase data security awareness and to learn the measures necessary to safeguard information. This module is aimed for information security professionals and no prerequisite is needed to attend this course. The exam is for 1 hour with 40 multiple choice questions. The pass score is 65%.
The main topics to be covered for this exam are:
- Information and Security: This topic covers 10% of the exam. It includes the information concepts, value of data for organizations and how these value of data can influence organization, reliability aspects of data.
- Threats and risks: This topic covers 30% of the exam. It includes the concepts and relationship between threat, risks and information reliability, the effects of threats on processing information.
- Approach and organization: This topic covers 10% of the exam. It includes the objectives and contents of Security organization and security policy, the components used for organization security, the importance of security incident management besides escalation effects in organization.
- Measures: This covers 40% of the exam. It includes the significance of security measures, physical security measure set-up and implementation, implementation of technical security measures, set-up and implementation of organizational security measures.
- Legislation and regulations: This covers 10% of the exam. It includes the effects and importance of legislation and regulations.
The book I used to cover these topics - 'Foundations of Information Security', Van Haren publishing 2010, written by Hintzbergen. K., Baars. H., Smulders. A.
Information Security Management Advanced based on ISO/IEC 27002:
In this module the organizational aspects of data security is tested. This module is mainly aimed for security professionals such as Information Security Officer, Information security manager, Project security manager. The prerequisite for this course is Information Security Foundation certification. The exam is for 1:30 hours with 30 multiple choice questions and the pass score is 65%.
The topics to be covered for this exam are:
- Perspectives of Information Security: This covers 10% of the exam which includes business interest of data security, customer perspective on data management, and the responsibilities of supplier in security.
- Risk Management: This covers 30% of the exam which includes the principles of risk analysis and management, how to categorize controls, and how to distinguish the strategies of remaining risks.
- Controls of Information Security: This covers 60% of the exam and includes organizational controls, technical controls, physical, business continuity, and employment-related controls.
The books I referred to cover these topics are 'Management of Information Security', Cengage learning, 3rd edition, 2010 written by Whitman. M.E., and Mattord. H.J., 'Information Security management with ITIL V3', Van Haren publishing, 2010 written by Cazemier. J.A., Peters. L., and Overbeek. P.
Information Security Management Expert based on ISO/IEC 27002:
This module tests the skills and knowledge in structuring, maintenance and optimization of information security in an organization. The prerequisites for this certification course are the Foundation and Advanced Level certifications of Information security, and 2 year experience in management. The Expert exam consists of two parts, such as written (practical project) and oral part. The oral part can be taken only after the completion of written part. The exam is for 90 minutes and the pass mark is 55%.
The criteria to be covered for practical project are:
- Organization: This covers 20% of the project and it includes risk management, roles of data security and reporting system.
- Policy: This covers 10% of the project and it includes how to establish and promote policy of information security.
- Risk Analysis: It covers 10% of the project and includes various methods of risk analysis and how to analyse the outcome of risk analysis.
- Organizational Change: It covers 40% and includes adapting a plan or strategy for change, defend and adjust for change, evaluate interventions.
- Standards: It covers 10% and includes the process of using relevant standards for particular situations.
- Audit and certification: It covers 10% of the project and includes execution of audit, review management and documentation of the results.
The books I referred for this exam are 'Information Technology Security techniques - Information technology management systems - Requirements', Switzerland, 2005 and 'Information Technology Security techniques - Code for practice for information security management', Switzerland, 2007.
The oral exam is for 90 minutes and it is done via video web conference. Once the exam is finished, examiners determines the mark and validate the result. I took the sample test available on Exin website before attending the exam.
Melania Crenstword - Web Developer - MelSoft Inc.