Transcription
State of South CarolinaInfoSec and Privacy Training FrameworkStartFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
IntroductionThe development of a training framework is part of the State of South Carolina's (State) initiative to create a ProfessionalDevelopment Program (PDP). The training framework is one of the activities that the State has taken to deploy a PDPthat will evolve to provide a career path for Information Security (InfoSec) and Privacy personnel and increase thesecurity posture of the organization. The training framework provides a catalog of coursework for the core InfoSec andPrivacy workforce to establish training opportunities.Clearly defined courses and certifications will encourage growth and ownership of InfoSec and Privacy domains at eachState agency, and in turn increase InfoSec and privacy compliance and competency.Training Framework LayoutInfoSec and Privacy industry authoritative sources were taken into consideration to compile the training framework. TheInfoSec and Privacy Competency Model was aligned to the training courses and certifications to increase alignment withthe remainder of the PDP and security growth and posture.InfoSec and Privacy personnel can use the framework in a variety of ways to strategically work toward professionaldevelopment. All audiences can search training courses by: Competency Certification Position DescriptionFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
InfoSec and Privacy Training by ityincident andeventmanagementPrivacycomplianceSecure datatransmissionand ndComplianceRisk gulationPolicycommunication,enforcementand nagementEnvironmentaland ysis gn anddevelopmentEquipmentcleansingand disposalDatabackup acyincidentresponseThe InfoSec and Privacy Competency Model is comprised of 11 domains and 35 associated competencies, outlined above.Each competency maps to a selection of training courses and provides a corresponding level of proficiency.There are further training courses available to strengthen competencies which are not featured under the PositionDescriptions.Click each competency to see associated training coursesGo back to Overview of InfoSec and Privacy Training FrameworkFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
InfoSec and Privacy Certifications (1 of 2)CAPCertified Authorization ProfessionalCIPMCertified Information Privacy ManagerCNDACertified Network Defense ArchitectCASPCompTIA Advanced Security ProfessionalCIPP/USCertified Information PrivacyProfessional/U.S. Private-SectorCNFECertified Network Forensics ExaminerCBAPCertified Business AnalysisProfessionalCIPP/GCertified Information PrivacyProfessional/U.S. GovernmentCPEHCertified Professional Ethical HackerCCFPCertified Cyber ForensicsProfessionalCIPTCertified Information Privacy Technologist CPTCCertified Penetration Testing ConsultantCCISO Certified Chief Information Security OfficerCIRMCertified Identity Risk ManagerCPTECertified Penetration Testing EngineerCCMCertified Continuity ManagerCISACertified Information Systems AuditorCRCMPCertified Risk and ComplianceManagement ProfessionalCDFECertified Digital Forensics ExaminerCISMCertified Information Security ManagerCRISCCertified in Risk and InformationSystems ControlCDRE Certified Disaster Recovery EngineerCISRCPCertified Information Systems Risk &Compliance ProfessionalCSIHCertified Computer Security IncidentHandlerCDRP Certified Data Recovery ProfessionalCISSRMCertified Information Systems SecurityRisk ManagerCSLOCertified Security Leadership OfficerCEHCertified Ethical HackerCISSMCertified Information Systems SecurityManagerCSSCertified Security SentinelCGEITCertified in the Governance ofEnterprise ITCISSOCertified Information Systems SecurityOfficerCSSLPCertified Secure Software LifecycleProfessionalCHFIComputer Hacking ForensicInvestigatorCISSPCertified Information Systems SecurityProfessionalCVACertified Vulnerability AssessorCIHECertified Incident Handling EngineerCITADCertified IT Asset DispositionECSAEC-Council Certified Security AnalystClick each certification to see associated competencies and training coursesGo to InfoSec and Privacy Certifications Page 2Go back to Overview of InfoSec and Privacy Training FrameworkFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
InfoSec and Privacy Certifications (2 of 2)ECSSEC-Council Certified Security SpecialistGREMGIAC Certified Reverse Engineering MalwareEDRPEC-Council Disaster Recovery ProfessionalGSECGIAC Security EssentialsEMCISA EMC Information Storage AssociateGSLCGIAC Security Leadership CertificationENSAEC-Council Network Security AdministratorGSSP-.NET GIAC Secure Software Programmer .NETGAWNGlobal Information Assurance Certification (GIAC) AuditingWireless NetworksGSSP-JAVA GIAC Secure Software Programmer JavaGCCCGIAC Critical Controls CertificationGWAPTGIAC Certified Web Application Penetration TesterGCEDGIAC Certified Enterprise DefenderGWEBGIAC Certified Web Application DefenderGCFEGIAC Certified Forensic ExaminerISSAPInformation Systems Security Architecture ProfessionalGCFAGIAC Certified Forensic AnalystISSEPInformation Systems Security Engineering ProfessionalGCIHGIAC Certified Incident HandlerISSMPInformation Systems Security Management ProfessionalGISFGIAC Information Security FundamentalsLPTLicensed Penetration TesterGLEGGIAC Law of Data Security & InvestigationsNetwork Network GNFAGIAC Network Forensic AnalystSecurity Security GPENGIAC Penetration TesterSSCPSystems Security Certified PractitionerClick each certification to see associated competencies and training coursesGo back to InfoSec and Privacy Certifications Page 1Go back to Overview of InfoSec and Privacy Training FrameworkFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
InfoSec and Privacy Position DescriptionsCore1:Hybrid2: GRC Manager IT Director Information Privacy Analyst Network Administrator Information Privacy Manager Program Manager (Compliance / Privacy) InfoSec Analyst Program Manager (Compliance / Security) InfoSec and Privacy Auditor InfoSec Architect InfoSec Engineer InfoSec Manager12 Position Descriptions were created to capture the roles and responsibilities necessary to support InfoSec and privacy.Each Position Description maps to a selection of training courses and corresponding position level.Additional training courses that are not featured in the Position Descriptions may be explored by searching courses byCompetency.Click each position description to see associated training courses1 Core employees are defined as employees dedicated full-time to InfoSec and/or Privacy roles and responsibilities2 Hybrid employees are defined as staff that have both InfoSec/Privacy and non-InfoSec/Privacy roles and responsibilitiesGo back to Overview of InfoSec and Privacy Training FrameworkFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
InfoSec and Privacy Position DescriptionCore: GRC ManagerIt is highly recommended that the GRC Manager explore training courses mapped to pertinent competencies forprofessional development.Position LevelCourseCertificationSANS - SEC401: Security Essentials Bootcamp StyleGSECISACA: Certified in Risk and Information Systems Control (CRISC) TrainingCRISCLevel 1Level 2Level 3xxxxISACA: Certified Information Security Manager (CISM) TrainingCISMxxISACA: Certified Information Systems Auditor (CISA) TrainingCISAxxISACA: Certified in the Governance of Enterprise IT (CGEIT) TrainingCGEITxInfoSec Institute: Certified in the Governance of Enterprise IT (CGEIT) Training(IA-212)CGEITxGo back to InfoSec and Privacy Training by Position DescriptionFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
InfoSec and Privacy Position DescriptionCore: Information Privacy AnalystIt is highly recommended that the Information Privacy Analyst explore training courses mapped to pertinent competenciesfor professional development.Position LevelCourseCertificationLevel 1Level 2Level 3ISACA: An Introduction to Privacy and Data Protection TrainingN/AxxxIAPP: Certification Foundation Training*N/AxxxCIPP/USxxCIPP/GxxIAPP: Certified Information Privacy Professional / U.S. Private-Sector (CIPP/US)TrainingIAPP: Certified Information Privacy Professional / U.S. Government (CIPP/G)TrainingIAPP: Certified Information Privacy Technologist (CIPT) TrainingCIPTx*This course will be retired on July 1st, 2015Go back to InfoSec and Privacy Training by Position DescriptionFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
InfoSec and Privacy Position DescriptionCore: Information Privacy ManagerIt is highly recommended that the Information Privacy Manager explore training courses mapped to pertinentcompetencies for professional development.Position LevelCourseIAPP: Certified Information Privacy Professional / U.S. Private-Sector (CIPP/US)TrainingIAPP: Certified Information Privacy Professional / U.S. Government (CIPP/G)TrainingIAPP: Certified Information Privacy Technologist (CIPT) TrainingIAPP: Certification Foundation Training*IAPP: Certified Information Privacy Manager (CIPM) TrainingPrivacy Professor – Privacy Impact Assessment Tool KitCertificationLevel 1Level 2Level 3CIPP/USxxxCIPP/GxxxCIPTxxxN/AxxxxxxxCIPMN/Ax*This course will be retired on July 1st, 2015Go back to InfoSec and Privacy Training by Position DescriptionFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
InfoSec and Privacy Position DescriptionCore: InfoSec AnalystIt is highly recommended that the InfoSec Analyst explore training courses mapped to pertinent competencies forprofessional development.Position LevelCourseCertificationLevel 1Level 2Level 3SANS - SEC301: Intro to Information SecurityGISFxxxSANS - SEC401: Security Essentials Bootcamp StyleGSECxxxISACA: Certified in Risk and Information Systems Control (CRISC) TrainingCRISCxxISACA: Certified Information Security Manager (CISM) TrainingCISMISC2: Certified Information Systems Security Professional (CISSP) TrainingCISSPxxxCompTIA: Network N10-006Network xxxCompTIA: Security SY0-401Security xxxEC Council: Certified Ethical Hacker (CEH) TrainingCEHxGo back to InfoSec and Privacy Training by Position DescriptionFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
InfoSec and Privacy Position DescriptionCore: InfoSec and Privacy AuditorIt is highly recommended that the InfoSec and Privacy Auditor explore training courses mapped to pertinentcompetencies for professional development.Position LevelCourseSANS - SEC401: Security Essentials Bootcamp StyleSANS - SEC566: Implementing and Auditing the Critical Security Controls - InDepthCertificationGSECGLEGISACA: Certified Information Systems Auditor (CISA) TrainingCISAIAPP: Certified Information Privacy Professional / U.S. Government (CIPP/G)TrainingIAPP: Certified Information Privacy Technologist (CIPT) TrainingLevel 2Level 3xxxxxxxxxN/ASANS - LEG523: Law of Data Security and InvestigationsIAPP: Certified Information Privacy Professional / U.S. Private-Sector (CIPP/US)TrainingLevel 1xCIPP/USxxxCIPP/GxxxxxGo back to InfoSec and Privacy Training by Position DescriptionFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
InfoSec and Privacy Position DescriptionCore: InfoSec ArchitectIt is highly recommended that the InfoSec Architect explore training courses mapped to pertinent competencies forprofessional development.Position LevelCourseSANS - MGT305: Technical Communication and Presentation Skills for SecurityProfessionalsCertificationN/ALevel 1Level 2Level 3xxxSANS - SEC504: Hacker Techniques, Exploits & Incident HandlingGCIHxxISC2: Certified Information Systems Security Professional (CISSP)CISSPxxISC2: Information Systems Security Architecture Professional (ISSAP) TrainingISSAPxxISACA: Certified Information Security Manager (CISM) TrainingCISMInfoSec Institute: Enterprise Security Architecture and Design Online (ONL-212)N/AInfoSec Institute: Intrusion Prevention Online (SEC-204)EC Council: Certified Network Defense Architect (CNDA) TrainingxxxxxN/AxxCNDAxxGo back to InfoSec and Privacy Training by Position DescriptionFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
InfoSec and Privacy Position DescriptionCore: InfoSec EngineerIt is highly recommended that the InfoSec Engineer explore training courses mapped to pertinent competencies forprofessional development.Position LevelCourseCertificationLevel 1Level 2Level 3xxxSANS - SEC566: Implementing and Auditing the Critical Security Controls - InDepthGCCCSANS - SEC504: Hacker Techniques, Exploits & Incident HandlingGCIHxxISC2: Certified Information Systems Security Professional (CISSP) TrainingCISSPxxISC2: Information Systems Security Engineering Professional (ISSEP) TrainingISSEPxxISACA: Certified Information Security Manager (CISM) TrainingCISMxxDefense Cyber Investigation Training Academy: Introduction to Log AnalysisN/AGlobal Knowledge: Cybersecurity Investigations and Network ForensicsAnalysis: Practical Techniques for Analyzing Suspicious Network TrafficN/AEC Council: Certified Security Analyst (ECSA) TrainingECSAEC Council: Licensed Penetration Tester (LPT) TrainingLPTxxxxxxxxxGo back to InfoSec and Privacy Training by Position DescriptionFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
InfoSec and Privacy Position DescriptionCore: InfoSec ManagerIt is highly recommended that the InfoSec Manager explore training courses mapped to pertinent competencies forprofessional development.Position LevelCourseCertificationLevel 1Level 2Level 3GSLCxxxSANS - MGT514: IT Security Strategic Planning, Policy and LeadershipN/AxxxSANS - MGT305: Technical Communication and Presentation Skills for SecurityProfessionalsN/AxxxxxxxSANS - MGT512: Security Leadership Essentials for Manager with KnowledgeCompressionSANS - SEC504: Hacker Techniques, Exploits & Incident HandlingISACA: Certified Information Security Manager (CISM) TrainingGCIGHCISMxISACA: Certified in Risk and Information Systems Control (CRISC) TrainingCRISCxxISACA: Certified in the Governance of Enterprise IT (CGEIT) TrainingCGEITxxISC2: Certified Information Systems Security Professional (CISSP) TrainingCISSPxxxGo back to InfoSec and Privacy Training by Position DescriptionFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
InfoSec and Privacy Position DescriptionHybrid: IT DirectorIt is highly recommended that the IT Director explore training courses mapped to pertinent competencies for professionaldevelopment.CourseSANS – SEC301: Intro to Information SecurityCertificationGISFSANS - SEC464: CyberSecurity Training for IT AdministratorsN/ASANS – LEG523: Law of Data Security InvestigationsN/ASANS - MGT514: IT Security Strategic Planning, Policy and LeadershipN/AISACA: An Introduction to Privacy and Data ProtectionN/AISC2: Certified Information Systems Security Professional (CISSP) TrainingCISSPISC2: Information Systems Security Management Professional (ISSMP) TrainingISSMPSC: Business PracticesN/AGo back to InfoSec and Privacy Training by Position DescriptionFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
InfoSec and Privacy Position DescriptionHybrid: Network AdministratorIt is highly recommended that the Network Administrator explore training courses mapped to pertinent competencies forprofessional development.CourseSANS - SEC464: CyberSecurity Training for IT AdministratorsCertificationN/ASANS - SEC501: Advanced Security Essentials - Enterprise DefenderGCEDISC2: System Security Certified Practitioner (SSCP) TrainingSSCPCompTIA: Network N10-006EMC2: Information Storage and Management v2Network N/AGo back to InfoSec and Privacy Training by Position DescriptionFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
InfoSec and Privacy Position DescriptionHybrid: Program Manager (Compliance / Privacy)It is highly recommended that the Program Manager (Compliance / Privacy) to explore training courses mapped topertinent competencies for professional development.CourseCertificationIAPP: Certified Information Privacy Professional / U.S. Government (CIPP/G) TrainingIAPP: Certified Information Privacy Professional / U.S. Private-Sector (CIPP/US) TrainingIAPP: Certified Information Privacy Manager (CIPM) TrainingCIPP/GCIPP/USCIPMGo back to InfoSec and Privacy Training by Position DescriptionFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
InfoSec and Privacy Position DescriptionHybrid: Program Manager (Compliance / Security)It is highly recommended that the Program Manager (Compliance / Security) to explore training courses mapped topertinent competencies for professional development.CourseSANS - MGT535: Incident Response Team ManagementISACA: Certified Information Security Manager (CISM) TrainingCertificationN/ACISMDRII: Program Management Principles in Business Continuity PlanningN/ASC: Business PracticesN/ASC: Legal Aspects of PurchasingN/ASC: Procurement Code in a NutshellN/AGo back to InfoSec and Privacy Training by Position DescriptionFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
Domain: InfoSec Governance and ComplianceCompetency: InfoSec Program Management (Part 1)Proficiency LevelCourseCertificationLevel 1SANS - MGT512: Security Leadership Essentials for Manager with KnowledgeCompressionLevel 2GSLCLevel 3xSANS - SEC440: Critical Security Controls: Planning, Implementing andAuditingN/AxxSANS - MGT514: IT Security Strategic Planning, Policy and LeadershipN/AxxxxSANS - SEC301: Intro to Information SecurityGISFSANS - SEC401: Security Essentials Bootcamp StyleGSECxxN/AxxCISSOxxCISSRMxxMile2: Certified Information Systems Security Manager (CISSM) TrainingCISSMxxMile2: Certified Security Leadership Officer (CSLO) TrainingCSLOSANS - SEC464: CyberSecurity Training for IT AdministratorsMile2: Certified Information Systems Security Officer (CISSO) TrainingMile2: Certified Information Systems Security Risk Manager (CISSRM) TrainingMile2: Certified Security Sentinel (CSS) TrainingCSSxxxxxContinue to InfoSec Program Management (Part 2)Go back to InfoSec and Privacy Training by CompetencyFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
Domain: InfoSec Governance and ComplianceCompetency: InfoSec Program Management (Part 2)Proficiency LevelCourseCertificationLevel 1CompTIA: CompTIA Advanced Security Practitioner (CASP) TrainingCompTIA: Security SY0-401CASPSecurity xLevel 2Level 3xxxxEC Council: Certified Chief Information Security Officer (CCISO) TrainingCCISOxEC Council: Certified Security Specialist (ECSS) TrainingECSSxExpanding Security: Secure Software Management 101N/AInfoSec Institute: SCADA Security (SEC-325)xxxN/AxxISACA: Certified Information Systems Auditor (CISA) TrainingCISAxxISACA: Certified Information Security Manager (CISM) TrainingCISMxISACA: Certified in Risk and Information Systems Control (CRISC) TrainingCRISCxxISC2: System Security Certified Practitioner (SSCP) TrainingSSCPxxCAPxxCISSPxxN/AxxISC2: Certified Authorization Professional (CAP) TrainingISC2: Certified Information Systems Security Professional (CISSP) TrainingISC2: HealthCare Information Security and Privacy Practitioner (HCISPP)TrainingNote: Course related to healthcareGo back to InfoSec Program Management (Part 1)FOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLYGo back to InfoSec and Privacy Training by Competency
Domain: InfoSec Governance and ComplianceCompetency: InfoSec RegulationProficiency LevelCourseCertificationLevel 1Level 2Level 3xxxSANS - LEG523: Law of Data Security and InvestigationsGLEGEC Council: Certified Chief Information Security Officer (CCISO) TrainingCCISOEC Council: Certified Security Analyst (ECSA) TrainingECSAISACA: Certified Information Systems Auditor (CISA) TrainingCISAISACA: Certified Information Security Manager (CISM) TrainingCISMISC2: Certified Authorization Professional (CAP) TrainingCAPxxCISSPxxN/AxxMile2: Certified Information Systems Security Officer (CISSO) TrainingCISSOxxPearson: CISSP Video Course Domain 6 - Law, Investigation and Ethics,Downloadable VersionCISSPxxISC2: Certified Information Systems Security Professional (CISSP) TrainingISC2: HealthCare Information Security and Privacy Practitioner (HCISPP)TrainingxxxxxxxNote: Course related to healthcareGo back to InfoSec and Privacy Training by CompetencyFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
Domain: InfoSec Governance and ComplianceCompetency: Policy communication, enforcement andexception managementProficiency LevelCourseCertificationLevel 1Level 2Level 3N/AxxSANS - SEC566: Implementing and Auditing the Critical Security Controls - InDepthGCCCxxEC Council: Certified Chief Information Security Officer (CCISO) TrainingCCISOSANS - MGT514: IT Security Strategic Planning, Policy and LeadershipInfoSec Institute: Information Security Policy Essentials (SEC-211)ISACA: Certified Information Systems Auditor (CISA) TrainingIAITAM: Policy Management Advanced Study CourseN/AxxxxCISAxxN/AxxGo back to InfoSec and Privacy Training by CompetencyFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
Domain: Risk Strategy and ManagementCompetency: Risk AssessmentProficiency LevelCourseSANS - MGT415: A Practical Introduction to Risk AssessmentCompTIA: CompTIA Advanced Security Practitioner (CASP) TrainingCompTIA: Security SY0-401Expanding Security: Risk Management 101CertificationN/ALevel 1Level 2Level 3xxxxxCASPSecurity xxxN/AxxxIARCP: Certified Information Systems Risk & Compliance Professional(CISRCP) TrainingCISRCPxxIARCP: Certified Risk and Compliance Management Professional (CRCMP)TrainingCRCMPxxISACA: Certified Information Security Manager (CISM) TrainingCISMxISACA: Certified in Risk and Information Systems Control (CRISC) TrainingCRISCxxISC2: Certified Authorization Professional (CAP) TrainingCAPxxISC2: HealthCare Information Security and Privacy Practitioner (HCISPP)TrainingN/AxxNote: Course related to healthcareGo back to InfoSec and Privacy Training by CompetencyFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
Domain: Risk Strategy and ManagementCompetency: Risk AcceptanceProficiency LevelCourseCertificationLevel 1Level 2Level 3InfoSec Institute: CGEIT Training (IA-212)CGEITxISACA: Certified in the Governance of Enterprise IT (CGEIT) TrainingCGEITxISACA: Certified Information Security Manager (CISM) TrainingCISMxISACA: Certified in Risk and Information Systems Control (CRISC) TrainingCRISCxxCAPxxIARCP: Certified Information Systems Risk & Compliance Professional(CISRCP) TrainingCISRCPxxIARCP: Certified Risk and Compliance Management Professional (CRCMP)TrainingCRCMPxxISC2: Certified Authorization Professional (CAP) TrainingGo back to InfoSec and Privacy Training by CompetencyFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
Domain: Risk Strategy and ManagementCompetency: Risk MitigationProficiency LevelCourseCertificationLevel 1Level 2Level 3InfoSec Institute: CGEIT Training (IA-212)CGEITxISACA: Certified in the Governance of Enterprise IT (CGEIT) TrainingCGEITxISACA: Certified Information Security Manager (CISM) TrainingCISMxISACA: Certified in Risk and Information Systems Control (CRISC) TrainingISC2: Certified Authorization Professional (CAP) TrainingCRISCxxCAPxxGo back to InfoSec and Privacy Training by CompetencyFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
Domain: Threat and Vulnerability ManagementCompetency: Vulnerability Management (Part 1)Proficiency LevelCourseCertificationLevel 1Level 2Level 3SANS - SEC542: Web App Penetration Testing and Ethical HackingGWAPTxxSANS - SEC560: Network Penetration Testing and Ethical HackingGPENxxSANS - SEC561: Intense Hands-on Pen Testing Skill DevelopmentN/AxSANS - SEC580: Metasploit Kung Fu for Enterprise Pen TestingN/AxSANS - SEC617: Wireless Ethical Hacking, Penetration Testing, and DefensesGAWNxxSANS - SEC642: Advanced Web App Penetration Testing and Ethical HackingN/AxSANS - SEC660: Advanced Penetration Testing, Exploit Writing, and EthicalHackingN/AxSANS - SEC760: Advanced Exploit Development for Penetration TestersN/AxMile2: Certified Penetration Testing Consultant (CPTC) TrainingCPTCxMile2: Certified Penetration Testing Engineer (CPTE) TrainingCPTExMile2: Certified Vulnerability Assessor (CVA) TrainingCVAxxxOpenSecurityTraining.info: Introduction to Vulnerability AssessmentN/AxxxContinue to Vulnerability Management (Part 2)Go back to InfoSec and Privacy Training by CompetencyFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
Domain: Threat and Vulnerability ManagementCompetency: Vulnerability Management (Part 2)Proficiency LevelCourseCertificationLevel 1Level 2Level 3CompTIA: Network N10-006Network xxxCompTIA: Security SY0-401Security xxxEC Council: Certified Ethical Hacker (CEH) TrainingCEHxxEC Council: Licensed Penetration Tester (LPT) TrainingLPTxxInfoSec Institute: Advanced Ethical Hacking & Advanced Persistent Threat(SEC-300)N/AxInfoSec Institute: Advanced Hacking Online (SEC-300)N/AxInfoSec Institute: Expert Penetration Testing (SEC-209)N/AxInfoSec Institute: Intrusion Prevention Online (SEC-204)N/AxxInfoSec Institute: Mobile Device Penetration Testing (SEC-556)N/AxxInfoSec Institute: Penetration Testing Online (ONL-206)N/AxxInfoSec Institute: Web Application Penetration Testing (SEC-402)N/AxxCPEHxxMile2: Certified Professional Ethical Hacker (CPEH) TrainingGo back to Vulnerability Management (Part 1)Go back to InfoSec and Privacy Training by CompetencyFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
Domain: Threat and Vulnerability ManagementCompetency: Security Incident and Event ManagementProficiency LevelCourseCertificationLevel 1Level 2Level 3SANS - FOR508: Advanced Digital Forensic Analysis and Incident ResponseGCFAxSANS - SEC504: Hacker Techniques, Exploits & Incident HandlingGCIHxxSANS - MGT535: Incident Response Team ManagementN/AxxSANS - SEC503: Intrusion Detection In DepthN/AxxCompTIA: Network N10-006Network xxxCompTIA: Security SY0-401Security xxxDefense Cyber Investigation Training Academy: Introduction to Log AnalysisN/AxxxInfoSec Institute: Intrusion Prevention Online (SEC-204)N/AxxISACA: Certified Information Security Manager (CISM) TrainingCISMMile2: Certified Incident Handling Engineer (CIHE) TrainingCIHExxCISSOxxxxxxMile2: Certified Information Systems Security Officer (CISSO) TrainingMile2: Certified Security Sentinel (CSS) TrainingCSSSEI Certification: Certified Computer Security Incident Handler (CSIH) TrainingCSIHxxGo back to InfoSec and Privacy Training by CompetencyFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
Domain: Threat and Vulnerability ManagementCompetency: Forensics AnalysisProficiency LevelCourseCertificationLevel 1Level 2Level 3xxSANS - FOR408: Windows Forensic AnalysisGCFESANS - FOR508: Advanced Digital Forensic Analysis and Incident ResponseGCFAxSANS - FOR518: Mac Forensic AnalysisN/AxSANS - FOR526: Memory Forensics In-DepthN/ASANS - FOR572: Advanced Network Forensics and AnalysisSANS - FOR585: Advanced Smartphone ForensicsSANS - FOR610: Reverse-Engineering Malware: Malware Analysis Tools andTechniquesEC Council: Computer Hacking Forensic Investigator (CHFI) TrainingInfoSec Institute: Computer Forensics Training (SEC-203)xxGNFAxN/AxGREMxxCHFIxxxxN/AxISC2: Certified Cyber Forensics Professional (CCFP) TrainingCCFPxxMile2: Certified Digital Forensics Examiner (CDFE) TrainingCDFExxMile2: Certified Information Systems Security Officer (CISSO) TrainingCISSOxxMile2: Certified Network Forensics Examiner (CNFE) TrainingCNFExGo back to InfoSec and Privacy Training by CompetencyFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
Domain: Threat and Vulnerability ManagementCompetency: Threat Identification and CategorizationProficiency LevelCourseCertificationLevel 1SANS - SEC501: Advanced Security Essentials - Enterprise DefenderGCEDLevel 2Level 3xxCompTIA: Network N10-006Network xxxCompTIA: Security SY0-401Security xxxxxxxDefense Cyber Investigation Training Academy: Cyber Insider Threats AnalysisTrainingN/ADefense Cyber Investigation Training Academy: Introduction to Cyber InsiderThreat CourseN/AGlobal Knowledge: Cybersecurity Investigations and Network ForensicsAnalysis: Practical Techniques for Analyzing Suspicious Network TrafficN/AxxGlobal Knowledge: Cybersecurity Investigations and Network ForensicsAnalysis: Practical Techniques for Analyzing VoIP TrafficN/AxxGlobal Knowledge: Cybersecurity Investigations and Network ForensicsAnalysis: Practical Techniques for Analyzing WiFi TrafficN/AxxxGo back to InfoSec and Privacy Training by CompetencyFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
Domain: PrivacyCompetency: Privacy Program AdministrationProficiency LevelCourseIAPP: Certification Foundation Training*IAPP: Certified Information Privacy Manager (CIPM) TrainingIAPP: Certified Information Privacy Professional / U.S. Private-Sector(CIPP/US) TrainingIAPP: Certified Information Privacy Professional / U.S. Government(CIPP/G) TrainingIAPP: Certified Information Privacy Technologist (CIPT) TrainingCertificationN/ALevel 1Level 2Level 3xxxCIPMxCIPP/USxxCIPP/GxxCIPTxx*This course will be retired on July 1st, 2015Go back to InfoSec and Privacy Training by CompetencyFOR THE STATE OF SOUTH CAROLINA INTERNAL USE ONLY
Domain: PrivacyCompetency: Privacy ComplianceProficiency LevelCourseCertificationLevel 1Level 2Level 3EHRs and HIPAA: Steps for Maintaining the Privac
Course Certification Position Level Level 1 Level 2 Level 3 SANS - SEC401: Security Essentials Bootcamp Style GSEC x ISACA: Certified in Risk and Information Systems Control (CRISC) Training CRISC x ISACA: Certified Information Security Manager (CISM) Training CISM x x ISACA: Certi
