The ISAM is an updated and improved 3-day version of the popular INFOSEC Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM). The ISAM is a detailed and systematic way of examining cyber vulnerabilities and was developed by experienced assessors from government and industry. In addition to assisting the governmental and private sectors, an important result of supplying baseline standards for information security assessments is fostering a commitment to improve the organization's security posture. The ISAM is a hands-on methodology for conducting comprehensive assessments of customer networks utilizing common technical evaluation tools. Students can expect to learn an easily repeatable methodology that provides each customer a roadmap for addressing their security concerns and improving their security posture.
Individuals will be trained in the ISAM so they can use their information security analysis skills along with the ISAM training to providethe standardized ISAM assessment service. Since the ISAM is a baseline methodology, the final results of the assessment service are highly dependent on the information security and analytic skills of the assessors.
The ISAM focuses on the appropriate procedures for three primary phases:
-Pre Assessment: Focuses on identifying critical information and systems and addressing the impact to the organization should the loss of confidentiality, integrity, and/or availability occur. This phase also addresses the full scoping of the assessment process.
-On-Site Assessment: Focuses on gathering the information on the security posture of the organization through interviews, documentation review, and system scanning.
-Post Assessment: Focuses on detailed analysis and reporting of the findings. This process also includes a reporting tool that will assist in the management view of the security posture.
-High quality training by industry experts
-Hands-on experience with various security tools
-ISAM Certification (when requirements are met) including a tracked certificate number
-Security Assessment Reference Book
-Security Evaluation Reference Book
-Sampling of information security software to evaluate
Certification Qualification Requirements:
Five (5) years of demonstrated experience in the field of information security, communications security, or computer security,with two (2) of the five (5) years of experience working directly with information security
Six (6) months or more of demonstrated experience in at least one of the following areas:
-An understanding of Windows, Unix, or Firewalls
-Experience with conducting and interpreting security scanners (type does not matter)
-Experience with conducting and interpreting port scans
-Experience with conducting and interpreting operating system evaluation tools
-Experience with establishing and enforcing security configuration