The Top 5 Security Certifications Required by CISOs

The Top 5 Security Certifications Required by CISOs

First of a two-part series

A 15-year-old boy was arrested this week in connection with the cyber attack of UK broadband service provider TalkTalk. The personal information of 4 million customers may have been accessed, company officials revealed last week. More than one-fifth of the company’s value has been wiped out since news of the hack spread last week, according the Financial Times.

Security experts say the attack was nothing out of the ordinary and the fault lies with the company. The breach could expose TalkTalk to enormous financial liabilities and is already drawing intense scrutiny from lawmakers.

The TalkTalk hack highlights the increasing pressure on security professionals to anticipate and prepare for cyber attacks. One way is to ensure that the security staff and service providers have up-to-date security certifications. CISOs are increasingly looking for these credentials when hiring professionals who are responsible for enterprise security.

Here’s a list of the top industry-backed security certifications that IT organizations should look for in a service provider and among its IT staff:

1.  PCI Certification

The Payment Card Industry (PCI) Data Security Standard (DSS) is endorsed by American Express, MasterCard Worldwide and Visa Inc. and others. PCI requires merchants and service providers that store, process or transmit customer payment card data to adopt information security controls and processes to ensure data integrity. It’s wise to affirm that your cloud provider is certified as a PCI Security Standards Council Approved Scanning Vendor (ASV) lab, which means the provider can validate adherence to DSS requirements by performing vulnerability scans of Internet-facing environments of merchants and service providers, and enables the provider to help you protect and harden your network from advanced threats. As an ASV, the provider can help you manage data security risks, evaluate the security of your systems that store payment account data and assist you in achieving compliance with the PCI DSS.

2.  Certified Information Security Manager

The Certified Information Security Manager (CISM) comes from the Information Systems Audit and Control Association (ISACA) and helps identify security pros qualified to manage the audit, control and security of information systems. The CISM credential targets the needs of IT security professionals with enterprise-level security management responsibilities, and CISMs must pass a comprehensive examination and have at least five years of security experience, among other requirements.

3.  Certified Information Systems Security Professional

CISSP certification is vendor neutral and backed by the (ISC)², the globally recognized, not-for-profit organization dedicated to advancing the information security field. The CISSP was the first credential in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024 and is considered globally as a standard of achievement. CISSPs have the “proven proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks,” according to the (ISC)².

4. CompTIA Security+ Certifications

Providers who have in their IT ranks CompTIA Security+ certifications generally have expertise in areas such as cryptography, identity management, security systems, security risk identification and mitigation, network access control, and more. The CompTIA Security+ credential is internationally recognized and also approved by the U.S. Department of Defense to meet requirements for the information assurance (IA) technical and management certifications.

5. LPT Certification

The International Council of Electronic Commerce Consultants (EC-Council) offers a two-part EC-Council Certified Security Analyst/Licensed Penetration Tester (CSA/LPT) program designed to demonstrate a professional's ability to audit network security, perform penetration testing and recommend corrective action for any weaknesses found. According to the EC-Council, IT pros will need to demonstrate a mastery of the skills required to conduct a full black box penetration test of a network. The exam simulates a complex network of a multinational organization in real-time, consisting of multiple networks with different militarized and demilitarized zones.

Learn about Masergy’s Professional Services including security audits and penetration testing.

About Craig D' Abreo

VP, Security Operations, Masergy
Craig oversees the Managed Security, Threat Intelligence and Security Professional Services departments at Masergy. He is responsible for Masergy’s proactive enterprise cybersecurity threat management and operations program. Craig holds a bachelor’s degree in Computer Science and an MBA in Information Security. He is a Certified Information Security Systems Professional (CISSP) with over a decade of experience in the security industry and holds various network security certifications. He has written on various security blogs, spoken on a range of industry panels and is a recognized thought leader in the cybersecurity space.