Certifications PanelMay 9, 2014

CISSPCertified Information Systems Security

Professional

Rob Slade

CISSPRob Slade

p-1@shaw.carslade@vcn.bc.ca

rslade@gmail.com

http://victoria.tc.ca/techrev/rms.htm

http://twitter.com/rsladehttp://blogs.securiteam.com/index.php/archives/author/p1/

Once upon a timein 1988

and 1994

and 2001

basic, not elite

communicationsmanagementarchitecture

access controlBCP

physicalapplications

telecomm and networkingoperations

law and investigationcryptography

Yes, the exam is hard

250 questions

but if you have the experience, you'll pass

CISSPRob Slade

p-1@shaw.carslade@vcn.bc.ca

rslade@gmail.com

http://victoria.tc.ca/techrev/rms.htm

http://twitter.com/rsladehttp://blogs.securiteam.com/index.php/archives/author/p1/

CAPPCertified Access & Privacy Professional

Robert Tremonti

Meaningful Certification for Canada’sPrivacy and Access Professionals

PACC OVERVIEW

Established in 2002 Canada's leading organization dedicated to

privacy and access in the private & public sectorsNational, Non-profit, Independent, Non-partisan Outreach and advancement of awareness about

data privacy and access to information in CanadaRobust professional certification programs based

on demonstrable skills, experience & education

Clerk

MYRAID OF DUTIES AND PRACTITIONERS

CANADA’S PRIVACY & ACCESS LANDSCAPE

CALL FOR ACTION

The solution requires the professionalization of access personnel, through the establishment of a formal training program and certification standards.

Special Report to ParliamentFebruary 2009

Robert MarleauInformation Commissioner of Canada

2007-2009

MULTIPLE DISCIPLINES

Domains of knowledge and practice Access to Information knowledge and skills Privacy knowledge and skills Access and Privacy Management Access and Privacy Law

PACC PROFESSIONAL DESIGNATIONS

Meaningful based on core competencies consistent with ISO/IEC 17024:2003

Progressive with career entry level to Dept. Head / CPO

Recognizes specialization Associate and Chartered levels

Accessible and Achievable full-time or part-time practitioners

Available and Applicable private sector, public sector and non-profit sector practitioners

PACC PROFESSIONAL DESIGNATIONS

PACC PROFESSIONAL DESIGNATIONS

Certification requirements:

knowledge, skill, experience, competence References and corroboration commitment to Professional Code of Ethics commitment to continuing education and

professional development PACC membership

WANT TO LEARN MORE?

Sharon Polsky MAPPPACC Presidentpresident@PACC-CCAP.ca

Eric Lawton MAPPDirector, Professional Certificationscertification@PACC-CCAP.ca

Please visit our website or call us toll-free

www.PACC-CCAP.ca

1.877.746.PACC — 1.877.746.7222

EnCEEnCASE Certified Examiner

Megan Ritchie

EnCE®

EnCase® Certified Examiner

EnCE®

• Developed by Guidance Software in 2001 to meet the needs of its customer base

• Demonstrates the ability to use the EnCase® Computer Forensic software and an understanding of computer forensic concepts in general

EnCE®

Advantages: 1. Demonstrates a proven ability to use the

software2. Widely recognized and a requirement for

most Computer Forensic jobs3. No heavy investment into training4. Relatively inexpensive ($225 USD) with $75

renewal every three years

EnCE®

Disadvantages/Drawbacks1. Not vendor-neutral

- Consider (in addition to EnCE ®), a certification like GCFA (SANS) CCE, or CFCE (IACIS)

Obtaining the EnCE®

• Open to Public & Private Sector• Application requires 64 hours of Computer

Forensic Training or 12 months of experience in Computer Forensics

• Two Phases: Written and Practical• Must score 80% and 85%, respectively, on

both phases to obtain certification• Renewal every 3 years, 32 CPE Credits

EnCE®

• EFS E-Forensic Services Websitehttp://www.e-forensic.ca/

• Guidance Software® Websitehttp://www.guidancesoftware.com/

• Megan Ritchie, B.Sc., EnCE, CFCE, CISSP, C|EHmegan@e-forensic.ca

CISACertified Information Systems Auditor

Elson Kung

ISACATRUST IN, AND VALUE FROM, INFORMATION SYSTEMSISACA.ORG

©2014 ISACA. All rights reserved.

ISACA FACTS

• Founded in 1969 as the EDP Auditors Association

• Since 1978, CISA has been a globally accepted standard of competency among IS audit, control, assurance and security professionals.

• More than 115,000 members in over 180 countries

• More than 200 chapters worldwide

ANSI ACCREDITATION

The American National Standards Institute (ANSI) has accredited the CISA certification under ISO/IEC 17024:2003.

Accreditation by ANSI signifies that ISACA’s procedures meet ANSI’s essential requirements for openness, balance, consensus and due process.

ISACA CERTIFICATIONS

CISA

CERTIFICATION DETAILS

WWW.ISACA.ORG/CISA

WHY BECOME A CISA?

Enhanced Knowledge and Skills

To demonstrate your willingness to improve your technical knowledge and skills

To demonstrate to management your proficiency toward organizational excellence

Career Advancement

To obtain credentials that employers seek

To enhance your professional image

Worldwide Recognition

To be included with over 100,000 other professionals who have gained the CISA designation, since CISAs inception, worldwide

CISA IN THE WORKPLACE

• Just over 2,700 are employed in organizations as the CEO, CFO or equivalent executive position.

• More than 2,400 serve as chief audit executives, audit partners or audit heads.

• Over 2,600 serve as CIOs, CISOs, or chief compliance, risk or privacy officers.

• Almost 9,500 are employed as security directors, managers or consultants and related staff.

• More than 14,000 are employed as IT directors, managers, consultants and related staff.

• Over 29,000 serve as audit directors, managers or consultants and auditors (IT and non-IT).

CISA PROGRAM RECOGNITIONS - 2013

Per Foote study: Skills and certifications that gained 10% or more in market value in the calendar quarter ending 1 January 2014 vs. prior quarter: CGEIT. These IT certifications are among those earning the highest pay premiums (surveyed 1 October 2013 through 1 January 2014). Tied for third: CGEIT. Tied for fourth: CISM. Tied for fifth: CRISC. Tied for sixth: CISA.

All four ISACA credentials (CISA, CISM, CGEIT, CRISC) are among the highest-paying IT certifications in the Foote Partners IT Skills and Certifications pay Index™ for 1 October 2013 – 1 January 2014.

Based on the 2014 IT Skills and Salary Survey conducted by Global Knowledge and Penton and completed in October 2013, CISA was identified as the third top paying certification.

SC Magazine selected CISA as a finalist of the 2013 “Best Professional Certification Program” in the Professional Awards category for the third year in a row. CISA was named a finalist by a panel of chief information security officers (CISOs) at major corporations and large public-sector organizations. CISA won the Best Professional Certification Program award in 2009.

CISAs by Area

CISA JOB PRACTICE AREAS(EFFECTIVE 2011)

Domain 1 – The Process of Auditing Information Systems (14%)

Provide audit services in accordance with IT audit standards to assist the organization in protecting and controlling information systems.

Domain 2 – Governance and Management of IT (14%)

Provide assurance that the necessary leadership and organization structure and processes are in place to achieve objectives and to support the organization's strategy.

Domain 3 – Information Systems Acquisition, Development, and Implementation (19%)

Provide assurance that the practices for the acquisition, development, testing, and implementation of information systems meet the organization’s strategies and objectives.

CISA JOB PRACTICE AREAS (EFFECTIVE 2011, CONTINUED)

Domain 4 – Information Systems Operations, Maintenance and Support – (23%)

Provide assurance that the processes for information systems operations, maintenance and support meet the organization’s strategies and objectives.

Domain 5 – Protection of Information Assets – (30%)

Provide assurance that the organization’s security policies, standards,procedures and controls ensure the confidentiality, integrity andavailability of information assets.

To view the complete CISA job practice, including task and knowledge statements visit:

www.isaca.org/cisajobpractice

CISA CERTIFICATION REQUIREMENTS

1. Earn a passing score on the CISA Exam

2. Submit verified evidence of a minimum of five years of verifiable IS audit, control or security experience (substitutions available)

3. Submit the CISA application (within 5 years of passing date) and receive approval (www.isaca.org/cisaapp)

4. Adhere to the ISACA Code of Professional Ethics

5. Abide by IS Auditing Standards as adopted by ISACA

6. Comply with continuing professional education policy (www.isaca.org/cisacpepolicy)

www.isaca.org/cisarequirements

ISACA EXAMS 2014FORMAT, DATES AND FEESWWW.ISACA.ORG/CISA

TYPES OF QUESTIONS ON THE CISA EXAM

CISA Exam consists of 200 multiple choice questions administered over a four-hour session

Questions are designed to test practical knowledge and experience

Questions require the candidate to choose one best answer

Every question or statement has four options (answer choices)

QUALITY OF THE EXAM ENSURED BY

Job Practice Analysis Study: Determines content

Test Development Standards: Ensures high standards for the development and review of questions

Review Process: Provides two reviews of questions by independent committees before acceptance into pool

Periodic Pool Cleaning: Ensures that questions in the pool are up-to-date by continuously reviewing questions

Statistical Analysis of Questions: Ensures quality questions and grading by analyzing exam statistics for each language

HOW TO STUDY FOR THE CISA EXAM

• Read the ISACA Exam Candidate Information Guide for details on exam day administration (www.isaca.org/examguide)

• Visit www.isaca.org/cisaprep for study information

• Study the CISA Review Manual

• Work through the CISA Review Questions, Answers & Explanations Manual, Supplement and CD

• Participate in an ISACA Chapter Review Course

• Read literature in areas where you need to strengthen skills

• Spend time studying the complement of your field: If external auditor, study IS audit from the internal audit perspective and vice-versa

• Join or organize study groups

• Take the ISACA CISA online review course, available at www.isaca.org/elearningcampus

2014 CISA STUDY MATERIALS

ISACA Members Non-Members

CISA Review Manual 2014 (US) $105.00 (US) $135.00

CISA Review Questions, Answers & (US) $100.00 (US) $130.00Explanations Manual 2013

CISA Review Questions, Answers & (US) $40.00 (US) $60.00Explanations Manual 2014 Supplement

CISA Practice Question Database V14 (US) $185.00 (US) $225.00

*******

For a complete listing of materials including product descriptions visit: www.isaca.org/cisabooks

Additional resources to assist in studying for the exam visit: www.isaca.org/examprep

ADMINISTRATION OF THE ISACA EXAMS

2014 Exam Dates:Saturday 14 June 2014*Saturday 6 September 2014 (CISA and CISM only at limited

sites –www.isaca.org/sept2014sites)Saturday 13 December 2014

The CISA exam is offered in 10 languages* and at over 250 locations worldwideOffered in every city where there is an ISACA chapter or a large interest in individuals sitting for the examPassing mark of 450 on a common scaled scale of 200 to 800Exam admission tickets are issued via email and available for download in the constituent profile approximately 4 weeks prior to the exam date. The admission ticket includes the exam venue address and reporting time.

*CISA Exam– The CISA German, Hebrew, or Italian language will only be available at the June 2014 exam sitting.

2014 REGISTRATION FEES EXAM: 13 DECEMBER 2014

Early Registration - On or before 20 August 2014:• ISACA Member: US $420.00• Non-Member: US $600.00

Final Registration - After 20 August, but on or before 24 October 2014:• ISACA Member: US $470.00• Non-Member: US $650.00

Register Online at www.isaca.org/examreg and save $$• Online registration via the ISACA web site is encouraged, as candidates will save US $75. Non-members can join ISACA at the same time, which maximizes their savings.

Exam registration fees must be paid in full to sit for the exams. Those whose exam registration fees are not paid will not be sent an exam admission ticket and their registration will be cancelled.

CISA®

CONTINUING PROFESSIONAL EDUCATION (CPE) POLICY DETAILS

WWW.ISACA.ORG/CISACPEPOLICY

CONTINUING PROFESSIONAL EDUCATION (CPE) REQUIREMENTS

1. Once certified, the certification must be renewed annually. Maintaining the certification requires:

• Earning and reporting an annual minimum of 20 hours of continuing professional education

• Earning and reporting a minimum of 120 hours of continuing education for each fixed three-year period (each 3-year cycle)

• Paying the annual certification maintenance fee • Responding to and submitting required documentation of continuing

education activities if selected for an annual audit• Comply with the ISACA Code of Professional Ethics

(www.isaca.org/ethics)

ISACA membership provides many CPE opportunities which can assist you with meeting this requirement. For more details visit www.isaca.org/cpe.

CPE policy available at: www.isaca.org/cisacpepolicy

ISACA CODE OF PROFESSIONAL ETHICS

ISACA sets forth this Code of Professional Ethics to guide the professional and personal conduct of members of the association and/or its certification holders. Failure to comply with this Code of Professional Ethics can result in an investigation into a member's or certification holder's conduct and, ultimately, in disciplinary measures.

Members and ISACA certification holders shall:

1. Support the implementation of, and encourage compliance with, appropriate standards and procedures for the effective governance and management of enterprise information systems and technology, including: audit, control, security and risk management.

2. Perform their duties with objectivity, due diligence and professional care, in accordance with professional standards.

3. Serve in the interest of stakeholders in a lawful manner, while maintaining high standards of conduct and character, and not discrediting their profession or the Association.

www.isaca.org/ethics

ISACA CODE OF PROFESSIONAL ETHICS(CONTINUED)

Members and ISACA certification holders shall:

4. Maintain the privacy and confidentiality of information obtained in the course of their activities unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties.

5. Maintain competency in their respective fields and agree to undertake only those activities they can reasonably expect to complete with the necessary skills, knowledge and competence.

6. Inform appropriate parties of the results of work performed including the disclosure of all significant facts known to them that, if not disclosed, may distort the reporting of the results.

7. Support the professional education of stakeholders in enhancing their understanding of the governance and management of enterprise information systems and technology, including: audit, control, security and risk management.

www.isaca.org/ethics

WANT TO KNOW MORE?

Please contact us at:

ISACA Vancouver ChapterP.O. Box 48894Bentall CentreVancouver, BC V7X A18 E-mail: certification@isaca-vancouver.org Web site: www.isaca-vancouver.org Today’s presenter: Elson Kung (elson_kung@hsbc.ca)

ISACA3701 Algonquin RoadSuite 1010Rolling Meadows, IL 60008 USA Phone: +1.847.660.5660 Fax: +1.847.253.1443 E-mail: certification@isaca.org Web site: www.isaca.org

CISMCertified Information Security Manager

George Pajari

George PajariCISSP, CISM, CSSK

George@Pajari.ca

@orangehazmatCISM, Certified Information Security Manager, and related logo are trade marks or registered trade marks of ISACA in the United States and other countries. CSACloud Security Alliance, CCSK, and Certificate of Cloud Security Knowledge are trade marks or registered trade marks of the Cloud Security Alliance in the United States and other countries. CISSP is a registered or registration-pending trademark and certification mark of (ISC)², Inc. All marks are used here for identification purposes only and no affiliation or endorsement is to be implied or construed.

ISACA CISM

Why Studying for a Certification is

Good for You

What the CISM Covers

How CISSP & CISM Differ

How to Ace the Exam

How to Get Cert Wallpaper (CCSK)

Why Studying for a Cert is Good Forces you to study the known unknowns

Helps you discover your

unknown unknowns

Brings discipline and completeness

Helps provide credibility

✤ A waypoint, not a destination ✤

CISM Scope Information Security, not just

Information Systems Security

Management focus

A 50,000 foot approach

CISM Domains1) Information Security Governance (24%)

CISSP #3

2) Information Risk Management and

Compliance (33%) CISSP #3 & #9

3) Information Security Program Development

and Management (25%)

4) Information Security Incident Management

(18%) CISSP #7

CISM & CISSP forest vs weeds

overlap & synergy

benefits of pursuing both

at the same time

Preparing for (any) Exam know thyself

make sure you are ready

view it as a process, not a destination

lean on your friends

set a schedule; keep the plan

Preparing for the CISM Exam understand that the ISACA CISM

Review Manual is an outline, not a BoK

build your own glossary

read reference material

(COBIT, COSO, SABSA, NIST)

get the sample question books

Certificate of Cloud Security Knowledge

63

Wallpaper

●open book●unproctored●60 ques. / 90 mins●no CPEs req'd

CASP

Certificate of Ability toSearch PDFs

SCFSABSA Chartered Architect at Foundation Level

Orvin Lau

Orvin Lau• CISSP• CISM, CRISC• ISO 27001 Lead Auditor certification• QSA (expired)• CPISM (now defunct)• SCF

t. +1 (604) 816.3960e. orvin@orvinconsulting.com

What is the SCF?

• First of three SABSA Certification Levels from the SABSA Institute1. SCF = SABSA Chartered Architect at Foundation

Level• Multiple choice closed-book exam

2. SCP = SABSA Chartered Practitioner• Written open-book exam

3. SCM = SABSA Chartered Master• Written open-book exam + Masters’ thesis

What is SABSA

• Sherwood Applied Business Security Architecture

• Developed by John Sherwood and David Lynas• Methodology for developing enterprise

information security architectures– Business-driven– Risk and opportunity focused

What is SABSA (cont’d)

• Number of integrated frameworks, models, methods and processes– Traceably support critical business initiatives

Layered Architecture ViewsThe Business View Contextual Security Architecture

The Architect’s View Conceptual Security Architecture

The Designer’s View Logical Security Architecture

The Builder’s View Physical Security Architecture

The Tradesman’s View Component Security Architecture

The Service Manager’s View Security Service Management Architecture

SABSA MatrixASSETS (What) MOTIVATION (Why) PROCESS (How) PEOPLE (Who) LOCATION (Where) TIME (When)

Contextual Security Architecture

Business Decisions Business Risk Business Processes Business Governance Business Geography Business Time Dependence

Taxonomy of Business Assets, including Goals & Objectives

Opportunities & Threats Inventory

Inventory of Operational Processes

Organisational Structure & the Extended Enterprise

Inventory of Buildings, Sites, Territories, Jurisdictions, etc.

Time dependencies of business objectives

Conceptual Security Architecture

Business Knowledge & Risk Strategy

Risk Management Objectives

Strategies for Process Assurance

Roles & Responsibilities Domain Framework Time Management Framework

Business Attributes Profile

Enablement & Control Objectives; Policy Architecture

Process Mapping Framework; Architectural Strategies for ICT

Owners, Custodians and Users; Service Providers & Customers

Security Domain Concepts & Framework

Through-Life Risk Management Framework

Logical Security Architecture

Information Assets Risk Management Policies

Process Maps & Services Entity & Trust Framework

Domain Maps Calendar & Timetable

Inventory of Information Assets

Domain Policies Information Flows; Functional Transformations; Service Oriented Architecture

Entity Schema; Trust Models; Privilege Profiles

Domain Definitions; Inter-domain associations & interactions

Start Times, Lifetimes & Deadlines

Physical Security Architecture

Data Assets Risk Management Practices

Process Mechanisms Human Interface ICT Infrastructure Processing Schedule

Data Dictionary & Data Inventory

Risk Management Rules & Procedures

Applications; Middleware; Systems; Security Mechanisms

User Interface to ICT Systems; Access Control Systems

Host Platforms, Layout & Networks

Timing & Sequencing of Processes and Sessions

Component Security Architecture

ICT Components Risk Management Tools & Standards

Process Tools & Standards

Personnel Management Tools & Standards

Locator Tools & Standards

Step Timing & Sequencing Tools

ICT Products, including Data Repositories and Processors

Risk Analysis Tools; Risk Registers; Risk Monitoring and Reporting Tools

Tools and Protocols for Process Delivery

Identities; Job Descriptions; Roles; Functions; Actions & Access Control Lists

Nodes, Addresses and other Locators

Time Schedules; Clocks, Timers & Interrupts

Security Service Management Architecture

Service Delivery Management

Operational Risk Management

Process Delivery Management

Personnel Management Management of Environment

Time & Performance Management

Assurance of Operational Continuity & Excellence

Risk Assessment; Risk Monitoring & Reporting; Risk Treatment

Management & Support of Systems, Applications & Services

Account Provisioning; User Support Management

Management of Buildings, Sites, Platforms & Networks

Management of Calendar and Timetable

ITILIT Infrastructure Library

Ram Kodali

Ram KodaliPMP, CISSP, CISM, CISA, COBIT, CGEITSABSA Security Chartered Architect (SCF)ITIL v3 Expert, Six Sigma Green BeltISO/IEC 27001 and ISO/IEC 20000 Auditor

ITIL ® – brief introduction and certification details | 1

• Very widely adopted approach for IT Service Management in the world.

• Provides a practical, no-nonsense framework for identifying, planning, delivering and supporting IT services to the business.

• Advocates that IT services must be aligned to the needs of the business

• Provides guidance to organizations on how to use IT as a tool to facilitate business change, transformation and growth

• Offer huge range of benefits that include: improved IT services reduced costs improved customer satisfaction through a more professional approach to service

delivery improved productivity improved use of skills and experience improved delivery of third party service

What is ITIL®? | 2

Enabling organizations to deliver appropriate IT services and continually ensure they are meeting business goals and delivering benefits

Service Strategy• Strategy

management for IT services

• Service portfolio management

• Financial management

• Demand management

• Business relationship management

Service Design• Design coordination• Service catalogue

management• Service level

management• Availability management• Capacity management• IT Service continuity

management• Information security

management• Supplier management

Service Transition• Transition planning and

support• Change management• Service asset and

configuration management

• Release and deployment management

• Service validation and testing

• Change evaluation• Knowledge management

Service Operation• Event Management• Incident

management• Request fulfillment• Problem

management• Access

management

Continual Service Improvement• Seven-step

improvement process

• The ITIL best practices are detailed within five core publications• These five core guides map the entire ITIL Service Lifecycle

• beginning with identification of customer needs and drivers of IT requirements,

• to the design and implementation of the service into operation • and finally on to monitoring and continual improvement of service

How ITIL® is structured? | 3

• On 1 July 2013 'AXELOS' was announced as the new joint venture company,• created by the Cabinet Office on behalf of Her Majesty's Government (HMG) and

Capita plc• to run the Best Management Practice portfolio, that includes ITIL® and PRINCE2®

• AXELOS has complete ownership of intellectual property of the whole Best Management Practice portfolio –

Who owns ITIL® | 4

The modular, tiered structure of the qualification offers candidates the flexibility in relating to the different disciplines and areas of ITIL,and makes ITIL qualifications more accessible and achievable.

• Provides a modular approach to the ITIL framework• comprised of a series of qualifications • focused on different aspects of ITIL Best Practice, • to various degrees of depth and detail

• Levels of ITIL qualifications:• ITIL Foundation• ITIL Intermediate level• ITIL Managing Across the Lifecycle• ITIL Expert Level• ITIL Master

ITIL® Qualification Scheme | 5

Examination Institutes:An Examination Institute (EI) is an organization accredited by AXELOS and permitted to operate an examination scheme through a network of Accredited Training Organizations, and Accredited Trainers with Accredited materials.The Examination Institutes are:

APMG InternationalBCS, The Chartered Institute for ITCSMEDANSK ITDF Certifiering ABEXINLoyalist Certification ServicesPEOPLECERTTÜV SÜD

Accredited Training Organizations:Global KnowledgeHP EducationQuint RedwoodService Management Art, and many more… Complete list

Training and Examinations | 6

itSMF International > itSMF Canada > itSMF BC | 7

GIACGlobal Information Assurance Certification

(SANS)

Chester Wisniewski

CIPP/CCertified Information Privacy Professional /

Canada

Paulette Lacroix

Privacy CertificationsPaulette Lacroix, CIPP/C, CIPP/US

May 9, 2014

IAPP

International Association of Privacy Professionals

Not-for-profit established in 2000 New Hampshire, USA >14,000 members in 83 countries Privacy Communities IAPP Canada IAPP Europe IAPP ANZ (Australia and New Zealand)

Helps define, support and improve the privacy profession through networking, education and certification

2014-05-09 PC Lacroix Consulting82

PACC

Privacy and Access Council of Canada (formerly CAPAPA)

Established 2013

1. Associate Access & Privacy Professional (AAPP)2. Certified Access & Privacy Professional (CAPP)3. Master Access & Privacy Professional (MAPP)

“Represents privacy and access practitioners and certified professionals across Canada, and is the certifying body representing leadership and excellence in information privacy, access to information, and data governance”

2014-05-09 PC Lacroix Consulting83

IAPP Certifications

Certified Information Privacy Professional

1. CIPP/Canada

2. CIPP/US

3. CIPP/Europe

4. CIPP/IT

5. CIPP/Gov (US government)

6. CIPM (Certified Information Privacy Manager)

2014-05-09 PC Lacroix Consulting84

Certification Requirements

To write any certification must first pass a foundational exam

Each certification requires a specialized body of knowledge Textbooks, training sessions, test exams

Case studies, jurisdictional law, practical application

Certification exams are proctored by an IAPP member

Continuing Education credits required to maintain certificate

2014-05-09 PC Lacroix Consulting85

Why an IAPP Privacy Certification?

IAPP certification is the global standard for privacy and data protection professionals

Brand strength of credential in over 83 countries Most often preferred (or required) on job postings

Continuing Education opportunities Canadian Knowledge Net Canadian Privacy Symposium International IAPP conferences, summits, education institutes Resource availability – papers, templates, forums, etc.

Professional Networking Privacy After Hours

2014-05-09 PC Lacroix Consulting86

Thanks!

2014-05-09 PC Lacroix Consulting87

How recruiters view certifications

Caitlin Murphy

Security ServicesLicensing

Update from Orvin Lau

BC Security Services Act

Defines “security work” as:• armoured car guard services• locksmiths• private investigators• security alarm services• security consultants

– Advises on protecting property, including electronic data

• security guards• body armour salespersons

Licensing

A license from the Ministry of Justice required for security workers unless:• exempt by regulation, or• determined to be incidental by the Registrar

of Security Services

IT security consultants are exempt under the Security Services Regulation, section 2(i).

What if there are physical aspects?Type of security work with physical aspects Need a license?

PCI QSA auditing subrequirements under PCI DSS Requirement 9 (Restrict physical access to cardholder data)

No – considered to be incidental by the Registrar

PCI consultant advising on installing a video surveillance system

Yes – beyond the IT security exemption

IT forensics work No – does not engage in other aspectsof the work of private investigators

Work on SCADA systems Maybe – check with the Ministry to determine if the work is incidental

From Dilbert – August 31, 2000

Panel Q&A