MCSE Security

MCSE Security Issues

Information technology (IT) security is a much-misunderstood term. For the home user, it may be limited to anti-viruse solutions and firewalls, but for the corporation that is serious about protecting its data assets, IT security has taken on a whole new meaning as it incorporates considerations such as intrusion detection, operating system (OS) hardening, security policies, risk management, application design and many others which if not properly planned and implemented will cost companies millions of ringgit when compromises and breaches are eventually detected.

Companies have traditionally either maintained their in-house MIS department to manage these issues or outsourced it to consultancies that specialise in IT security. With the proliferation of hardware and software vendors all touting to provide maximum security solutions for the enterprise's data assets, one must be mindful of the following considerations - whether the vendors or their consultants can be trusted with your company's internal critical information and whether they are experienced and qualified to support your company's security requirements.

Other than the background information of the company or knowing the consultants personally, a certification is a good way to judge the strength and credibility of the information security professionals. An industry-recognised certification puts a lot of weight on the credibility of a security professional confirming his knowledge and expertise in his area of work.

One of the most highly sought-after professional certifications in the information security field globally is the CISSP designation and Microsoft's MCSE. It stands for Certified Information System Security Professionals, a certification from the International Systems Security Certification Consortium or (ISC). (ISC) is a not-for-profit global organisation formed in mid-1989 to develop an industry certification programme for information systems security professionals and practitioners.

First, you would need to have at least three years of IT security industry experience to qualify for this certification. You would then get your certification by committing to the (ISC)'s code of ethics and passing a rigorous six-hour exam of 250 multiple-choice questions on information security. The exam covers 10 wide areas or domains of information security known as common body of knowledge (CBK) such as security management practices, access control systems and methodology, laws, investigations and ethics, physical security, business continuity and disaster recovery planning, security architecture and models, cryptography, telecommunications and network security, applications and systems development, and operations security.

The CBK basically covers all critical areas of information security, from protecting physical sites, controlling systems access, securing networks, to incorporating information security in application software development.

From 2003 onwards, besides the requirement to have three years of direct experience in information security, you would also need to have a college degree to be qualified to take the exam which could possibly include subjective-type questions in the future.

While other certifications such as Microsoft's MCSE or Cisco's CCNA are very focused on its own vendor's products, the CISSP certification covers the wide spectrum of information security. A candidate must know and understand the broad range of information security as covered in the CBK to pass the exam.

MCSE Certification