Wednesday, February 29, 2012

Global Increase in Outsourcing Leaves Companies Open to Information Security Breaches

Companies must find ways to manage the benefits and risks of outsourcing as almost two-thirds of Information Technology (IT) infrastructure is predicted to be outsourced within the next 8 years. EC-Council CISO Summit panel discussion suggests that increased information security compliance plans, continuous education, and knowledge sharing may prove to be the best solution.

Global economic troubles have motivated many companies to seek alternative means of conducting business that will cut costs and maximize profits. One of the most popular and effective methods is outsourcing Information Security (IS) infrastructure. According to a recent study commissioned by Savvis, Inc. this number is predicted to increase from 17% to over 64% globally by 2020. Security outsourcing has its benefits; however, it also comes with an array of risks.

The challenges of outsourcing are similar to those you may have with the acquisition (insourcing) process. When acquiring a new company you need to ensure that due diligence has been completed prior to acquisition and integration, as you now will be responsible for the security of that company’s data. This is the same with outsourcing,” said Tutton. “Hire a trusted and qualified third party to complete a thorough evaluation of the outsourcing company. But don’t just stop there, put in place methods and controls to monitor and maintain the security of this data during the entire lifecycle. Trust but verify, and assign responsibility to a qualified person within your organization to manage and maintain oversight of security. Another option is to outsource only the data and systems that you want to end up in the public domain.”

Tutton’s panel discussion presented a detailed overview of the benefits and challenges of outsourcing in respect to Information Security (IS). Globally, over 60% of organizations cite that managing the IT infrastructure domestically does not have any competitive advantages and are planning to move operations offshore. However, many offshore companies do not have the same legal restrictions as the United States. For instance, India, one of the biggest destinations for offshore outsourcing, does not have any data privacy laws. This lax in law enforcement leaves confidential information vulnerable to security breaches.

Last year, Epsilon, a cloud-based email service provider, suffered a security breach that landed up affecting around 75 clients and compromised over 60 million personal names and email addresses. Security breaches such as this can be extremely costly and detrimental to a company’s reputation.

“If an organization is looking to do a large infrastructure outsourcing engagement, the best way to ensure that security is a priority is to build a comprehensive list of security requirements into outsourcing contracts, develop appropriate service level agreements and reporting mechanisms to evaluate security and budget for a review by an independent assessment organization – this will ensure that security always stays top of mind,” said panel speaker Chris Oglesby. “If, however, the decision is to outsource infrastructure and security separately then the security operations should drive the direction and outcomes and create independence between the organizations to meet the client needs.”

Saturday, February 25, 2012

Organizations Engage in Certification Training to Protect Against Cyber Attacks

The recent increase in security breaches has caused many organizations to put a greater emphasis on improving the skills of the information security (IS) workforce. Research shows IS certifications lead to improved job performance and higher returns on investment. 

Wednesday, February 22, 2012

Computer Hacking Forensics Investigator CHFI Version 8

World’s Most Comprehensive Computer Forensics Certification – Computer Hacking Forensics Investigator (C|HFI) Version 8 is Available Now

   EC-Council releases the brand new Version 8 of the Computer Hacking Forensics Investigator (C|HFI) Certification Program. C|HFI is designed to equip security professionals with the necessary skills to identify an intruder’s footprints and to properly gather the required evidence to prosecute in the court of law.

January 24, 2012, Albuquerque, New Mexico – EC-Council announces the availability of the all-new Version 8 of the Computer Hacking Forensics Investigator (C|HFI) program. The program will be available on February 27th, 2012 exclusively in 20 training centers across 15 countries. The current version 4 will be still available to test out on at exam centers until August 2012.

A report by Symantec confirms that “Cybercrime has surpassed illegal trafficking as the leading criminal money maker.” With lucrative returns, low risk and difficulty of providing admissible evidence in courts of law, computer and networks become the fastest growing technology tools favored by criminals. With the cost of security breaches almost tripling every two years, organizations need to designate well-trained security professionals to perform digital discovery, evidence acquisition and analysis in an acceptable manner to ensure that they trace, reduce or eliminate key security risks that face their organizations.

EC-Council C|HFI v8 program prepares designated security professionals to track, investigate and apprehend cyber criminals from the inside and outside of the organization.

CHFI v8 presents a detailed methodological approach towards computer forensics and evidence analysis. It is a comprehensive course covering important forensic investigation scenarios that enables students to acquire hands-on experience on various forensic investigation techniques and standard forensic tools. This skillset is necessary to successfully carryout a thorough computer forensic analysis leading to prosecution of perpetrators.

Among the salient features of the C|HFI v8 are:

•Revamped courseware with more emphasis on hands-on forensic techniques and methodologies.
•A total of 22 modules showcasing the latest forensics concepts, forensic techniques and tools.
•Over 200 labs, real-life cases, evidence files and forensic challenges
•Over 500  industry standard forensics lab tools
•Lab platform based on Windows 2008 Server and Windows 7
•Choice of classroom or virtual lab environment.
•Diagrammatic representation of concepts and forensic investigation techniques
•Result-oriented, descriptive and analytical lab manual.

Jay Bavisi, President of EC-Council said, “According to PwC’s Information Security Breaches Survey 2010, nearly half of the large organizations admit that they have experienced insider threats (misuse of web and email access, misuse of confidential information, and unauthorized access to systems or data). Organizations today face a very challenging threat in the form of insider abuse that must be addressed to ensure the safety of their organizations’ digital assets.”

A C|HFI v8 professional will be able to understand:

•The process of investigating cybercrime, laws involved, and the details in obtaining a search warrant.
•Different types of digital evidence, rules of evidence, digital evidence examination process, and electronic crime and digital evidence consideration by crime category.
•Roles of first responder, first responder toolkit, securing and evaluating electronic crime scene, conducting preliminary interviews, documenting electronic crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence and reporting the crime scene.
•How to recover deleted files and deleted partitions in Windows, Mac OS X, and Linux.
•The process involved in forensic investigation using Access Data FTK and Encase Steganography and its techniques, Steganalysis, and image file forensics.
•Password Cracking Concepts, tools, types of password attacks and how to investigate password protected file breach
•Different types of log capturing techniques, log management, time synchronization and log capturing tools.
•How to investigate logs, network traffic, wireless attacks, and web attacks.
How to track e-mails and investigate e-mail crimes.

EC-Council has certified professionals from Fortune 500 companies as well as various IT giants, conglomerates and government agencies around the world. The corporations and agencies include: US Department of Defence, FBI, CIA, Microsoft, Symantec, Deloitte, and IBM.

For more information, please contact the nearest authorized training center or

Sunday, February 19, 2012

CompTIA Advanced Security Practitioner Certification

CompTIA Advanced Security Practitioner

The CompTIA Advanced Security Practitioner certification designates IT professionals with advanced-level security skills and knowledge.
The CASP exam is available at U.S. and Canadian Pearson VUE centers.   

The CompTIA Advanced Security Practitioner certification is an international, vendor-neutral exam that proves competency in enterprise security; risk management; research and analysis; and integration of computing, communications, and business disciplines.
The exam covers the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. It involves applying critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers.

While there is no required prerequisite, the CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus at the enterprise level.

The CompTIA Advanced Security Practitioner certification is accredited by the International Organization for Standardization (ISO) and the American National Standards Institute (ANSI).

The CompTIA Advanced Security Practitioner certification may be kept current through the CompTIA Continuing Education program.

Tuesday, February 14, 2012

New Update to the Network+ Exam!

CompTIA Network+

Exam Code N10-005

The CompTIA Network+ certification is the sign of a qualified networking professional.

The exam covers network technologies, installation and configuration, media and topologies, management, and security. Candidate job roles include network administrator, network technician, network installer, help desk technician and IT cable installer.

Companies such as Dell, HP, Ricoh, Sharp and Xerox recommend or require CompTIA Network+ for their networking technicians. It is a technical prerequisite option for IT technicians seeking to join the Apple Consultants Network, and is recognized by the U.S. Department of Defense.

The current version of CompTIA Network+, exam code N10-005, was released Dec. 1, 2011. The revised objectives address virtual networking and give increased attention to network security and coverage of the seven-layer OSI (Open System Interconnection) model.

The previous version, exam code N10-004, will be available through Aug. 31, 2012.

The CompTIA Network+ certification is accredited by the International Organization for Standardization (ISO) and the American National Standards Institute (ANSI).

The CompTIA Network+ certification may be kept current through the CompTIA Continuing Education program

You may purchase the CompTIA Network+ Certification Training and Exam Prep at

Thursday, February 09, 2012

Subject Matter Experts Needed for Certification Exam Development

Subject Matter Experts Needed for Certification Exam Development

CompTIA relies on Subject Matter Experts (known in the acronym-happy world as a “SME”) to provide objectives and blueprints for our exams. These IT professionals confab with peers and our CompTIA staff at exam development workshops at our headquarters in Downers Grove, Ill. Together, this brain trust creates and reviews items associated with the latest in technologies, knowledge sets and best practices in the IT industry. We need SMEs in document imaging, cloud computing and PR repair/troubleshooting for three upcoming workshops. For both the SMEs and their employers, it’s a chance to influence the direction of the industry by taking part in creating standards. Interested in lending your expertise?

Sunday, February 05, 2012

IT Executives Anticipate Expect Good, Not Great Year in 2012

IT Executives Anticipate Expect Good, Not Great Year in 2012

In our IT Industry Outlook 2012 report, IT companies express tempered optimism heading into the first quarter of the year, though longer-term prospects look more promising. We’re projecting a worldwide IT industry growth rate of 4.5 percent in 2012, with upside potential of 7.6 percent. The forecast for the U.S. market is slightly lower. IT industry executives are most bullish on IT services and software sales this year. “We may see modest improvement in 2012, but it likely won’t be drastically different from 2011,” said Tim Herbert, vice president, research, CompTIA. In our 2012 outlook, we also identified 12 trends to watch that will make their mark on the IT industry and the broader economy in the upcoming year.

Friday, February 03, 2012

CompTIA Storage+ SNIA Certification Launches

CompTIA Storage+ Powered by SNIA Certification Launches Worldwide

New credential from leading technology associations addresses data storage job skills

A new exam and certification for information technology (IT) professionals working in the evolving and expanding data storage arena was introduced today by CompTIA and the Storage Networking Industry Association (SNIA).

CompTIA Storage+ Powered by SNIA combines the thought and technical leadership of the SNIA with the global certification development and management capabilities of CompTIA. The result is a credential recognized globally as the standard for validating IT professionals who manage data storage.

“Organizations of all shapes and sizes are scrambling to come up with new strategies to manage the massive volumes of data they’re generating,” said Terry Erdle, executive vice president, skills development, CompTIA.

“The rise in mobile computing, the shift to cloud-enabled services, a need for heightened security and a host of other factors add to the complexity of this environment, which can challenge even the most seasoned IT storage pro,” Erdle continued.

“Together with SNIA we’ve developed a certification that will help individual IT workers keep pace with the changing storage landscape; and empower employers to validate the skills of their IT professionals.”
Wayne M. Adams, Chairman of the SNIA added, “The shared vision between CompTIA and the SNIA of having a comprehensive and valuable data storage certification is aimed at demonstrating IT skill competency and a credential holder’s career advancement. We are encouraging our thousands of SNIA credential holders to take the new CompTIA Storage+  Powered by SNIA certification exam to demonstrate that they are contemporary with state of the art data storage technologies, techniques and common practices.” 
CompTIA and the SNIA intend to have the new certification accredited by the International Organization for Standardization (ISO) and the American National Standards Institute (ANSI).

CompTIA Storage+  Powered by SNIA is highly relevant for a number of professional positions in the IT industry, including data storage administrators, system administrators, system integrators, IT architects, out-sourcers, network engineers, pre-sales consultants and cloud services data and system managers.

The certification focuses on the following areas of data storage and storage networking:
• Configuration of storage systems and networks, including archive,  backup and restoration technologies
• Business continuity, data availability and storage administration
• Storage system integration and correlated application workloads
• Basic troubleshooting, service levels and connectivity

The in-depth, multi-hour exam certifies that a successful candidate has the knowledge and skills required to configure basic data storage and storage networks to include archive, backup and restoration technologies. Additionally, the candidate understands the fundamentals of business continuity, application workload, capacity optimization, system integration and storage and system administration, while performing basic troubleshooting on storage related connectivity issues and referencing documentation.
CompTIA and the SNIA recommend that IT professionals have at least 12 months of hands-on storage networking experience before sitting for the exam. Complete exam objectives, sample questions, information on training materials, how to purchase exam vouchers and other information about CompTIA Storage+  Powered by SNIA are available on the CompTIA Certification Web Site.

About CompTIA
CompTIA is the voice of the world’s information technology (IT) industry. Its members are the companies at the forefront of innovation; and the professionals responsible for maximizing the benefits organizations receive from their investments in technology. CompTIA is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy. For more information, visit or follow CompTIA on Twitter at

About the SNIA
The Storage Networking Industry Association (SNIA) is a not–for–profit global organization, made up of some 400 member companies spanning virtually the entire storage industry. SNIA’s mission is to lead the storage industry worldwide in developing and promoting standards, technologies, and educational services to empower organizations in the management of information. To this end, the SNIA is uniquely committed to delivering standards, education, and services that will propel open storage networking solutions into the broader market. For additional information, visit the SNIA web site at

Visit for all your training and certification needs

Wednesday, February 01, 2012

PMP PDU CCR Certification Requirements

Maintain Your PMP Certification Credential

What's New

Congratulations on earning your PMI certification!
Now that you are a credential holder, you need to adhere to PMI’s Continuing Certification Requirements (CCR) program. To follow the program, participate in professional development activities to earn professional development units (PDUs) and maintain your credential. 

Every credential requires a specific amount of PDUs per three-year certification cycle. Since the requirements are different for each one, visit their respective pages to find out more, or read the CCR frequently asked questions.

The exception to the CCR program is the Certified Associate in Project Management (CAPM)®, which requires you to retake the CAPM® exam before the end of your five-year certification cycle.

Not sure how to earn PDUs? "Watch the How Do I Earn PDUs?" segment of the CCR video, read Ways to Earn PDUs for activity ideas, or visit PMI Professional Development for a more complete listing of PDU-earning opportunities.

Ready to report your activities? Visit PMI’s online CCR system to report PDUs and view your certification records, or download a printable PDU activity reporting form.