Information Security Assurance
Training and Rating Program
Please keep your contact information current.
isatrp (at) isatrp.org if you feel your information needs
Information Security Assessment Methodology Training
The ISAM is an updated and improved 3-day version of the popular INFOSEC Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM). The ISAM is a detailed and systematic way of examining cyber vulnerabilities and was developed by experienced assessors from government and industry. In addition to assisting the governmental and private sectors, an important result of supplying baseline standards for information security assessments is fostering a commitment to improve the organization's security posture. The ISAM is a hands-on methodology for conducting comprehensive assessments of customer networks utilizing common technical evaluation tools. Students can expect to learn an easily repeatable methodology that provides each customer a roadmap for addressing their security concerns and improving their security posture. Pre Assessment: Focuses on identifying critical information and systems and addressing the impact to the organization should the loss of confidentiality, integrity, and/or availability occur. This phase also addresses the full scoping of the assessment process.
On-Site Assessment: Focuses on gathering the information on the security posture of the organization through interviews, documentation review, and system scanning.
Post Assessment: Focuses on detailed analysis and reporting of the findings. This process also includes a reporting tool that will assist in the management view of the security posture.
Individuals will be trained in the ISAM so they can use their information security analysis skills along with the ISAM training to providethe standardized ISAM assessment service. Since the ISAM is a baseline methodology, the final results of the assessment service are highly dependent on the information security and analytic skills of the assessors.
The ISAM focuses on the appropriate procedures for three primary phases:
High quality training by industry experts
Hands-on experience with various security tools
ISAM Certification (when requirements are met) including a tracked certificate number
Security Assessment Reference Book
Security Evaluation Reference Book
Sampling of security software to take home for evaluation
Certification Qualification Requirements:
Five (5) years of demonstrated experience in the field of information security, communications
security, or computer security,with two (2) of the five (5) years of experience working directly with information security
Six (6) months or more of demonstrated experience in at least one of the following areas:
An understanding of Windows, Unix, or Firewalls
Experience with conducting and interpreting security scanners (type doesn’t matter)
Experience with conducting and interpreting port scans
Experience with conducting and interpreting operating system evaluation tools
Experience with establishing and enforcing security configuration
© 2013 Security Horizon, Inc.
All rights reserved