資安專業證照

管理類證照

 

發證單位

證照清單

說明

1

經財團法人全國認證基金會(Taiwan Accreditation FoundationTAF)或國際認證機構(Accreditation BodyAB)認可之資安相關管理系統驗證機構

 

相關連結

1.ISO/IEC 27001:2013

Information Security Management System(ISMS) Auditor/Lead Auditor

2.ISO 22301 Business Continuity Management System(BCMS) Auditor/Lead Auditor

3.ISO/IEC 29100 Lead Privacy Implementer Information

technology — Security

techniques — Privacy framework

4.ISO/IEC 27701:2019 Privacy Information Management System Lead Auditor,Lead Auditor 相關證照應具有效性,除提出證照外,尚須提供當年度至少2 次實際參與該證照內容有關之稽核經驗證明。

ISO/IEC系列證照,主要設計來透過訓練課程及認證考試,檢核考生是否具備以下能力,如:協助組織選擇適切的資訊資產安全保護管制作業、協助檢視組織因應資訊安全風險而採取之對應措施是否適當、協助組織控制並降低資訊安全事件所帶來的威脅和衝擊。

2

EC-Council

相關連結

1.Certified Chief Information Security Officer (CCISO)

2.EC-Council Information Security Management(EISM)

本證照提供資安長或是資安經理人,檢核考生是否具備資訊安全治觀念,並能以營運的角度進行資安規劃與維運,考試重點包含:資訊安全治理、管理與稽核三個層面。

3

Global Information Assurance Certification (GIAC)

相關連結

Management, Audit, Legal

(1) GIAC Security Leadership(GSLC)

(2) GIAC Systems and Network Auditor(GSNA)

(3) GIAC Information Security Professional(GISP)

(4) GIAC Law of Data Security & Investigations(GLEG)

(5) GIAC Strategic Planning, Policy, and Leadership(GSTRT)

本證照針對資安長、資安管理階層人員提供考試,提供管理、稽核、法律三個面向的證照,考試重點包含:資訊安全領導統御、資訊安全專業知識、資料安全與調查、策略規劃、策略與領導力等。

4

Information

Systems Audit and

Control

Association

(ISACA)

相關連結

1.Certified Information

Security Manager(CISM)

2.Certified in the Governance

of Enterprise IT (CGEIT)

3.Certified Information

Systems Auditor (CISA)

4.Certified in Risk and

Information Systems

Control (CRISC)

本證照考試重點在辨識考生是否具備掌握資訊安全知識及資訊安全相關管理知識,考試重點包含:稽核、資安經理、資安治理與風險控管等。

 

 

技術類證照

 

發證單位

證照清單

說明

1

International Information System Security Certification Consortium , (ISC)2–國際資訊系統安全認證協會

相關連結

1.Certified Information Systems Security Professional(CISSP)

2.Systems Security Certified Practitioner(SSCP)

3.Certified Cloud Security Professional(CCSP)

4.Certified Authorization Professional(CAP)

5.Certified Secure Software Lifecycle Professional(CSSLP)

6.HealthCare Information Security and Privacy Practitioner(HCISPP)

7.Information Systems Security Architecture Professional(CISSP - ISSAP)

8.Information Systems Security Engineering Professional(CISSP - ISSEP)

9.Information Systems Security Management Professional(CISSP - ISSMP)

本證照主要在檢核考生是否具備資訊安全架構、設計及管理能力,考試重點包含:資安工作的日常維運能力、雲端安全管理能力,或是測驗軟體開發相關人員對於軟體生命週期、漏洞、風險、資訊安全基本知識與法規遵循等各方面知識的了解與認知程度等。

2

The Computing Technology

Industry Association (CompTIA)

相關連結

1. CompTIA Security (CompTIA Security+)

2. CompTIA Cybersecurity Analyst (CySA+)

3. CompTIA Advanced Security Practitioner (CASP+)

4. CompTIA PenTest (CompTIA PenTest+)

本證照提供考生檢核是否具備資訊安全基礎技術及核心能力,考試重點包含:攻擊威脅、網路架構安全、弱點與稽核、通訊安全對策、密碼學、授權與存取控制、安全政策與管理、作業安全與營運持續計畫

3

CREST

相關連結

1. Penetration Testing

(1) The CREST Practitioner Security Analyst (CPSA)

(2) The CREST Certified Wireless Specialist (CCWS)

2.Simulated Target Attack & Response/CBEST

(1) The CREST Certified Simulated Attack Specialist (CC SAS)

(2) The CREST Certified Simulated Attack Manager (CC SAM)

(3) The CREST Registered Threat Intelligence Analyst (CRTIA)

(4) The CREST Certified Threat Intelligence Manager (CC TIM)

3.Incident Response

(1) The CREST Practitioner Intrusion Analyst (CP IA)

(2) The CREST Registered Intrusion Analyst (CRIA)

(3) The Certified Network Intrusion Analyst (CC NIA)

(4) The CREST Certified Host Intrusion Analyst (CC HIA)

(5) The CREST Certified Malware Reverse Engineer (CCMRE)

(6) The CREST Certified Incident Manager

4.Security Architecture

(1) The CREST Registered Technical Security Architect Examination (CRTSA)

本證照提供考生檢核是否具備網路安全防護及資安分析知識,並驗證考生是否具備滲透測試、駭客攻防、事故應變處理、與安全架構規劃相關能力。

4

EC-Council

相關連結

1. Certified Network Defender Course (CND)

2. Certified Ethical Hacker(CEH)

3. EC-Council Certified Security Analyst(ECSA)

4. Computer Hacking Forensic Investigator(CHFI)

5. EC-Council Certified Incident Handler(ECIH)

6. EC-Council Disaster Recovery Professional(EDRP)

7. Certified Threat Intelligence Analyst (C|TIA)

8. Certified Application Security Engineer (CASE)

本證照提供各種電子商務與資訊安全技能的認證考試,考試重點包含:資安分析與滲透測試的理論、技巧、方法與工具、執行完整的資訊安全測試、防禦駭客與惡意人士的攻擊、滲透測試工具執行演練、攻擊鑑識、建立風險分析與備援計畫、網路安全政策制定、危機事件處理及法規與安全政策及應用程式安全等。

5

Global Information Assurance Certification (GIAC)

相關連結

1.Cyber Defense

(1) GIAC Security Essentials(GSEC)

(2) GIAC Certified Intrusion Analyst(GCIA)

(3) GIAC Information Security Fundamentals(GISF)

(4) GIAC Certified Enterprise Defender(GCED)

(5) GIAC Certified Windows Security Administrator(GCWN)

(6) GIAC Continuous Monitoring Certification(GMON)

(7) GIAC Certified Perimeter Protection Analyst(GPPA)

(8) GIAC Critical Controls Certification(GCCC)

(9) GIAC Certified UNIX Security Administrator(GCUX)

(10) GIAC Certified Detection Analyst (GCDA)

(11) GIAC Defending Advanced Threats(GDAT)

2.Penetration Testing

(1) GIAC Certified Incident Handler (GCIH)

(2) GIAC Penetration Tester(GPEN)

(3) GIAC Web Application Penetration Tester(GWAPT)

(4) GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

(5) GIAC Mobile Device Security Analyst(GMOB)

(6) GIAC Assessing and Auditing Wireless Networks(GAWN)

(7) GIAC Python Coder(GPYC)

3.Incident Response and Forensics

(1) GIAC Certified Forensic Analyst(GCFA)

(2) GIAC Certified Forensic Examiner(GCFE)

(3) GIAC Reverse Engineering Malware(GREM)

(4) GIAC Network Forensic Analyst(GNFA)

(5) GIAC Cyber Threat Intelligence(GCTI)

(6) GIAC Advanced Smartphone Forensics(GASF)

4.Developer

(1) GIAC Secure Software Programmer-Java(GSSPJAVA)

(2) GIAC Certified Web Application Defender(GWEB)

(3) GIAC Secure Software Programmer- .NET(GSSP-.NET)

5.Industrial Control Systems

(1) Global Industrial Cyber Security Professional(GICSP)

(2) GIAC Response and Industrial Defense(GRID)

(3) GIAC Critical Infrastructure Protection(GCIP)

6.GSE

(1) GIAC Security Expert(GSE)

本證照針對IT經理及資安管理人員提供考試,提供考生檢核是否具備資訊安全防護能力,考試重點包含:網路防護、滲透測試、資安事故應變與鑑識、開發、工控系統安全相關知識與技能。

6

The International
Society of Forensic
Computer
Examiners
(ISFCE)

相關連結

Certified Computer
Examiner(CCE)

本證照提供考生檢核是否具備資訊安全概念及系統管理基本能力。

7

Offensive Security

相關連結

1.Offensive Security Certified Professional(OSCP)
2.Offensive Security Certified Expert(OSCE)
3.Offensive Security Wireless Professional(OSWP)
4.Offensive Security Exploitation Expert(OSEE)
5.Offensive Security Web Expert(OSWE)

本證照提供考生檢核是否具備滲透測與相關工具使用、漏洞挖掘、無線網路安全、網頁安全等技術能力,高階證照包括了長時間的線上考試。

8

Cisco

相關連結

1.CCNA Security
2.CCNA Cyber Ops

本證照提供考生檢核是否具備Cisco基本網路安全環境的建置部署以及維護的技術能力。

9

經濟部

相關連結

iPAS 資訊安全工程師中級能力鑑定

本證照提供給產業年資1-3年之從業人員,檢核考生是否具備資訊安全管理實務及資訊安全防護實務能力,並檢核考試是否有能力將相關知識與技能應用於實務作業。

 

資安人才培訓及國際推展計畫 版權所有 © 2020 本網站為經濟部工業局委辦,著作權為其所有,非經同意,不得為任何形式之利用