Chapter 13

Question 1

Advantages of Self-Study Programs (5)

Answer 1

Self motivation
Low cost
Flexible materials
Flexible schedule
Supplemental materials

Question 2

Disadvantages of Self-Study Programs (5)

Answer 2

Procrastination 
Resource selection
Lack of interaction
Quality
Validated Outcome

Question 3

Guidelines for self study materials (4)

Answer 3

1. Reputable sources
2. Material reviews
3. Multiple products
4. Hands on skill set labs

Question 4

Instructor-Led Programs

Answer 4

Alternative to self-study learning

Continuing education group can be part of the school or a closely related educational unit

Provide formal training courses that lead to a certificate or professional certification and not a degree

Courses can range from very general to highly specific and technical

Question 5

Certificate of completion:

Answer 5

A document that is given to a student upon completion of the program and signed by the instructor

Attests that the person has completed the course and made a sufficient score on an assessment

Specific to an educational institution

Many programs available online

Question 6

Continuing Education Programs

Answer 6

Keep practitioners current and informed
Continuing professional education (CPE)
Continuing professional development (CPD)

Credit for courses measured in continuing professional education (CPE) units
Typically, 50 minutes of classroom instruction per CPE

Question 7

Postsecondary Degree Programs

Answer 7

Offered through colleges and universities

Programs available for information systems security, cybersecurity, and information assurance

Includes not-for-profit schools and for-profit schools

May be classroom-delivered, online-delivered, or blended-delivered for associate level up to PhD

Consider what career opportunities and employment you seek first

Question 8

Associate’s Degree

Answer 8

Represents a two-year program (some institutions offer accelerated programs)

Basic education for people who want to enter the information security field without spending four or more years in school

Prepares you for a wide range of entry-level positions in IT and information security

Question 9

Bachelor’s Degree

Answer 9

A four-year degree program (some institutions offer accelerated programs)

Often a requirement for any information security position other than entry-level positions

Includes:
Bachelor of science (BS or BSc)
Bachelor of science in information technology (BScIT)
Bachelor of applied science (BASc)
Bachelor of technology (B.Tech)

Question 10

Master of Science Degree

Answer 10

Consists of two years of study beyond a bachelor’s degree

Is usually specific to a field of study

Focuses more on depth of knowledge than on breadth of knowledge

Includes:
Master of science (MS or MSc)
Master of science in information technology (MScIT)
Master of business administration (MBA)

Question 11

Master of Business Administration (MBA)

Answer 11

Focuses on managing the process of securing information systems

Prepares students to manage and maintain the people and environment of information security

Question 12

Doctoral Degree

Answer 12

Represents the most respected academic honor and is the most difficult to obtain

Requires rigorous coursework and extensive research

Takes from three to five years (but varies)

Includes: 
Doctor of science (DSc)
Doctor of information technology (DIT)
Doctor of technology (DTech)
Doctor of philosophy (PhD)

Question 13

Information Security Training Programs

Answer 13

Differ from security education programs in their focus on hands-on skills and in their duration

Meet for intensive sessions lasting from a few hours to several days

Rapidly train students in one or more skills or to cover essential knowledge in one or more specific areas

Many specifically prepare students for certification exams

Question 14

Security Training Requirements

Answer 14

NIST 800 Series publications contain procedures necessary to keep IT environments secure

U.S. OPM requires that federal agencies provide training suggested by the NIST guidelines

Requires agencies to train current employees and new employees within 60 days of hire date. Also when:

• There is a significant change in the agency’s IT security environment
• There is a significant change in the agency’s security procedures
• An employee enters a new position that deals with sensitive information

Question 15

Security training organizations (6)

Answer 15

SANS institute
ITPG
InfoSec Institute
ISACA
Phoenix TS
SEI

Question 16

SANS Institute

Answer 16

SANS is one of the largest and most trusted sources for information security training in the world. It offers classes on many security topics that cover development, implementation, management, and auditing roles. SANS classes range from a half day to six days, are available globally, and tend to be very hands-on and focused.

Question 17

IT Professional Group, Inc. (ITPG)

Answer 17

ITPG has been delivering and fulfilling professional certification programs for the International Information Systems Security Certification Consortium, known as (ISC)2 globally and throughout North America.

Question 18

InfoSec Institute:

Answer 18

InfoSec Institute is a large security training organization that holds regular classes across the United States. Its goal is to provide the best possible hands-on training for students in topics ranging from certification preparation to very specific technical security topics.

Question 19

ISACA:

Answer 19

ISACA is a nonprofit global organization that promotes “the development, adoption, and use of globally accepted, industry-leading knowledge and practices for information systems.” It holds conferences and training events related to information systems auditing and management around the world.

Question 20

Phoenix TS Phoenix Technology Solutions (Phoenix TS):

Answer 20

provides cost-effective, hands-on computer training, IT certification, and management courses to government and commercial organizations in the Maryland, Virginia, and Washington, DC, area.

Question 21

Security Evolutions, Inc. (SEI):

Answer 21

SEI provides online, e-learning, self-study, and live virtual instructor delivery of various professional certification programs in IT security and information assurance. These include Security+, SSCP, CISSP, NSA 4011, and NSA 4013-Advanced.