The ISAM is an updated and improved 3-day version of the popular INFOSEC Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM). The ISAM is a detailed and systematic way of examining cyber vulnerabilities and was developed by experienced assessors from government and industry. In addition to assisting the governmental and private sectors, an important result of supplying baseline standards for information security assessments is fostering a commitment to improve the organization's security posture. The ISAM is a hands-on methodology for conducting comprehensive assessments of customer networks utilizing common technical evaluation tools. Students can expect to learn an easily repeatable methodology that provides each customer a roadmap for addressing their security concerns and improving their security posture.

Individuals will be trained in the ISAM so they can use their information security analysis skills along with the ISAM training to providethe standardized ISAM assessment service. Since the ISAM is a baseline methodology, the final results of the assessment service are highly dependent on the information security and analytic skills of the assessors. The ISAM focuses on the appropriate procedures for three primary phases:

Pre Assessment: Focuses on identifying critical information and systems and addressing the impact to the organization should the loss of confidentiality, integrity, and/or availability occur. This phase also addresses the full scoping of the assessment process.

On-Site Assessment: Focuses on gathering the information on the security posture of the organization through interviews, documentation review, and system scanning.

Post Assessment: Focuses on detailed analysis and reporting of the findings. This process also includes a reporting tool that will assist in the management view of the security posture.

Course Takeaways:

High quality training by industry experts

Hands-on experience with various security tools

ISAM Certification (when requirements are met) including a tracked certificate number

Security Assessment Reference Book

Security Evaluation Reference Book

Sampling of security software to take home for evaluation

Certification Qualification Requirements:

Five (5) years of demonstrated experience in the field of information security, communications security, or computer security,with two (2) of the five (5) years of experience working directly with information security

AND

Six (6) months or more of demonstrated experience in at least one of the following areas:

An understanding of Windows, Unix, or Firewalls

Experience with conducting and interpreting security scanners (type doesn’t matter)

Experience with conducting and interpreting port scans

Experience with conducting and interpreting operating system evaluation tools

Experience with establishing and enforcing security configuration