APPENDIX A:




                  INFORMATION SECURITY PROFESSIONAL
                    CERTIFICATIONS AND EXAMINATIONS




            Many people that work in information security are interested in
            sitting for one of the examinations that lead to certification as an
            information  security  professional.  This  may  be  important  for
            several reasons, such as the career opportunities that certification
            may provide, as well as meeting the requirements for certification
            that many organizations necessitate for a professional holding a
            job in this field.
            There are several  certifications sought by information  security
            professionals. Each one is slightly different but based on the core
            concepts  of  information  security  that  are  documented  in
            authoritative  reference  books.  This  appendix  will  look  at  the
            characteristics of each of the major certifications, the Certified
            Information Systems Security Officer (CISSO) from Mile2; the
            Certified  Information  Security  Manager  (CISM®)  from
            ISACA®;  and  the  Certified  Information  Systems  Security
            Professional (CISSP®) from (ISC)2®. \
            Each  certifying  body  has  its  own  set  of  requirements  for
            certification, including codes of ethics, experience requirements,
            logistical criteria for examination registration, annual fees, and
            requirements to prove ongoing education and experience. These
            vary widely and are subject to change on an irregular basis, so it
            is always recommended that the certification candidate frequently
            checks with the certifying body to ensure that they have the latest