China Information Security Product Evaluation and Certification Center started the qualification registration of "Certified Information Security Expert" (CISP) in 2002. Up to now, nearly a thousand information security professionals have been trained for the country, which has played an important role in improving the professional ethics and technical level of information security professionals, enhancing the competitiveness of the information security industry and strengthening the national information security management. China Information Security Product Evaluation and Certification Center now grants the registered qualification of "Certified Information Security Officer (CISM)", aiming at meeting the extensive demand for information security talents at different levels, different levels and different positions with the rapid development of informatization in China, and increasing the training scope of information security talents and the popularization of information security knowledge.
1. What is a "registered information security officer"
"Certified Information Security Officer" (CISM in English) qualification refers to the personnel engaged in information security work in information security enterprises, information security consulting services, information security evaluation and certification institutions (including authorized evaluation institutions), social organizations, organizations, universities and technical departments (including standardization departments) of enterprises and institutions. Obtaining this registration qualification shows that they have the qualifications and abilities of information security officers and have passed the certification of China Information Security Product Evaluation and Certification Center.
Second, the scope of CISM qualification registration
CISM qualification registration is applicable to the following persons:
L network security technician
L IT or security consultant
L IT or security management personnel
Information technology auditor
L college students
People who have studied and studied information security technology.
L Information workers in institutions, enterprises and institutions
Three. CISM knowledge system
The knowledge system of "Certified Information Security Officer" covers the fields of information security guarantee foundation, information security technology, information security management, information security engineering and information security standards and regulations. "Registered Information Security Officer" training will provide students with comprehensive, systematic and professional basic knowledge and skills learning; In the technical field, students will be able to master and improve the knowledge and ability of operating system security, firewall, anti-virus, intrusion detection, password technology and application; In the field of management, students will be able to understand the basic knowledge of information security management and governance, and learn and establish the relevant knowledge and practical ability required by national policy requirements, risk assessment, disaster recovery and emergency response; In the field of engineering, students will be able to learn and understand the practice and experience of information security engineering management, consultation and supervision; In the field of standards and laws and regulations, students will be able to fully understand the laws and regulations related to national information security, as well as the standards and practical experience related to information security at home and abroad.
Fourth, curriculum design.
The training course designed according to CISM knowledge architecture covers five modules: information security guarantee foundation, information security technology, information security management, information security engineering and information security standards and regulations, so that students can learn basic knowledge and skills comprehensively and systematically. In addition, according to the requirements of the post and occupation, the course also highlights the learning focus of people in different positions and the special courses that need to be studied in different positions.
Course Number Category Course Introduction Recommended Time
0 1 security foundation/information system security framework 0.5 days to introduce the concept and content of information security framework.
Information system security assessment introduces the concept and content of information security product, system, personnel and service assessment.
03 standards and regulations/information security standards introduce the relationship and content of international/domestic major standards in the fields of information security management, technology and engineering for 0.5 days.
Information security laws and regulations introduce domestic laws and regulations related to information security.
05 security technology/cryptographic technology and application: Introduce the basic knowledge of cryptographic technology and the application of public key infrastructure (PKI) and digital signature, 0.5 days.
06 Common Network Security Technologies Introduce the basic concepts of network security, including firewall, intrusion detection, VPN and other common network security technologies for 0.5 days.
07 malicious code protection technology introduces the basic concepts and protection technologies of various malicious codes.
08 system and common application security Windows operating system and other mainstream operating systems are introduced. Web, email, DNS and other common applications are secure for 0.5 days.
09 introduction of basic knowledge of security management/information security management for 0.5 days.
10 information security management technology introduces the basic knowledge and practice of risk management and disaster recovery management for 0.5 days.
1 1 introduction and practice of safety engineering/safety engineering process; the basic knowledge and practice of information security engineering process will be considered for 0.5 days.
12 brief introduction of safety engineering supervision consultation and practice; basic knowledge and practical considerations of information safety engineering supervision consultation.
-Review, answer questions and review before the exam, and prepare for the exam for 0.5 days.
-Examination, formal examination, 0.5 days.
Verb (abbreviation of verb) CISM qualification registration process
CISM qualification registration is divided into four stages, namely, application stage, evaluation stage, registration stage and supervision stage. These include:
Application stage-applicants should understand the registration process and related procedures, determine the registration objectives, and attend and complete CISM authorization training. Prepare all kinds of materials required for the application and apply to China Information Security Product Evaluation and Certification Center.
Evaluation stage —— China Information Security Product Evaluation and Certification Center uses corresponding evaluation methods and certain evaluation procedures to test and evaluate the personnel applying for evaluation according to the evaluation criteria of information security officer qualifications, and generates the evaluation conclusions of the personnel according to the records and result data obtained in the evaluation process. This conclusion will be submitted to China Information Security Product Evaluation and Certification Center as certification evidence for personnel registration, and the applicant will be informed of this conclusion.
Registration stage —— China Information Security Product Evaluation and Certification Center certifies the professional qualifications and abilities of information security officers according to relevant evaluation standards and prescribed procedures, and determines their ability levels.
Maintenance stage-China Information Security Product Evaluation and Certification Center conducts certification maintenance supervision for all certified personnel to ensure that registered personnel can continuously maintain their qualifications and ability level within the validity period of the certification certificate.