資安專業證照

管理類證照

 
發證單位
證照清單
說明
1
已簽署國際認證論壇(International Accreditation Forum, IAF)多邊相互承認協議(ISO/IEC 27006範圍)之認證機構所認證之資訊安全管理系統驗證機構、稽核員驗證或註冊之國際專業機構 。
TAF:https://www.taftw.org.tw/
IAF:
https://www.iafcertsearch.org/search/certification-bodies?standards_id=4cb16367-3cd5-5a6c-a382-1f524564b9d9&standards_name=ISO%2027001
1.      ISO/IEC 27001:2013 Information Security Management System(ISMS) Auditor/ Lead Auditor
2.      ISO 22301 Business Continuity Management System(BCMS) Auditor/Lead Auditor
3.      ISO/IEC 27701:2019 Privacy Information Management System Lead Auditor
Lead Auditor 相關證照應具有效性,除提出證照外,尚須提供當年度至少有2次實際參與該證照內容有關之稽核經驗證明。
ISO/IEC系列證照,主要設計來透過訓練課程及認證考試,檢核考生是否具備以下能力,如:協助組織選擇適切的資訊資產安全及個人資料保護管制作業、協助檢視組織因應資訊安全風險而採取之對應措施是否適當、協助組織營運持續管理控制並降低資訊安全事件所帶來的威脅和衝擊。
2
EC-Council
https://www.eccouncil.org/
1.      Certified Chief Information Security Officer (CCISO)
2.      EC-Council Information Security Management(EISM)
本證照提供資安長或是資安經理人,檢核考生是否具備資訊安全治觀念,並能以營運的角度進行資安規劃與維運,考試重點包含:資訊安全治理、管理與稽核三個層面。
3
Global Information Assurance Certification (GIAC)
https://www.giac.org/
Management, Audit, Legal
1.      GIAC Security Leadership(GSLC)
2.      GIAC Systems and Network Auditor(GSNA)
3.      GIAC Information Security Professional(GISP)
4.      GIAC Law of Data Security & Investigations(GLEG)
5.      GIAC Strategic Planning, Policy, and Leadership(GSTRT)
6.      GIAC Critical Controls Certification (GCCC)
本證照針對資安長、資安管理階層人員提供考試,提供管理、稽核、法律三個面向的證照,考試重點包含:資訊安全領導統御、資訊安全專業知識、資料安全與調查、策略規劃、策略與領導力等。
4
Information Systems Audit and Control Association(ISACA)
https://www.isaca.org/
1.      Certified Information Security Manager(CISM)
2.      Certified in the Governance of Enterprise IT (CGEIT)
3.      Certified Information Systems Auditor (CISA)
4.      Certified in Risk and Information Systems Control (CRISC)
本證照考試重點在辨識考生是否具備掌握資訊安全知識及資訊安全相關管理知識,考試重點包含:稽核、資安經理、資安治理與風險控管等。
5
ISA
https://www.isa.org/
1.      ISA/IEC 62443 Cybersecurity Fundamentals Specialist
2.      ISA/IEC 62443 Cybersecurity Risk Assessment Specialist
本證照考試主要設計來透過訓練課程及認證考試,檢核考生是否具備工業通信網路-網路和系統的IT安全性,如:工業自動化及控制系統的安全計劃、資安風險評估、產品開發生命週期的需求。
 

技術類證照

 
發證單位
證照清單
說明
1
(ISC)2 國際資訊系統安全核准聯盟
https://www.isc2.org/
1.      Certified Information Systems Security Professional(CISSP)
2.      Systems Security Certified Practitioner(SSCP)
3.      Certified Cloud Security Professional(CCSP)
4.      Certified Authorization Professional(CAP)
5.      Certified Secure Software Lifecycle Professional(CSSLP)
6.      HealthCare Information Security and Privacy Practitioner(HCISPP)
7.      Information Systems Security Architecture Professional(CISSP -ISSAP)
8.      Information Systems Security Engineering Professional(CISSP -ISSEP)
9.      Information Systems Security Management Professional(CISSP -ISSMP)
本證照主要在檢核考生是否具備資訊安全架構、設計及管理能力,考試重點包含:資安工作的日常維運能力、雲端安全管理能力,或是測驗軟體開發相關人員對於軟體生命週期、漏洞、風險、資訊安全基本知識與法規遵循等各方面知識的了解與認知程度等。
2
The Computing Technology Industry Association (CompTIA)
1.      CompTIA Security (CompTIA Security+)
2.      CompTIA Cybersecurity Analyst (CySA+)
3.      CompTIA Advanced Security Practitioner (CASP+)
4.      CompTIA PenTest (CompTIA PenTest+)
本證照提供考生檢核是否具備資訊安全基礎技術及核心能力,考試重點包含:攻擊威脅、網路架構安全、弱點與稽核、通訊安全對策、密碼學、授權與存取控制、安全政策與管理、作業安全與營運持續計畫等
3
CREST
https://www.crest-approved.org
1.      Penetration Testing
(1).      The CREST Practitioner Security Analyst (CPSA)
(2).      The CREST Certified Wireless Specialist (CCWS)
2.      Simulated Target Attack & Response/CBEST
(1).      The CREST Certified Simulated Attack Specialist (CCSAS)
(2).      The CREST Certified Simulated Attack Manager (CCSAM)
(3).      The CREST Registered Threat Intelligence Analyst (CRTIA)
(4).      The CREST Certified Threat Intelligence Manager (CCTIM)
3.      Incident Response
(1).      The CREST Practitioner Intrusion Analyst (CPIA)
(2).      The CREST Registered Intrusion Analyst (CRIA)
(3).      The Certified Network Intrusion Analyst (CCNIA)
(4).      The CREST Certified Host Intrusion Analyst (CCHIA)
(5).      The CREST Certified Malware Reverse Engineer (CCMRE)
(6).      The CREST Certified Incident Manager
4.      Security Architecture
(1).      The CREST Registered Technical Security Architect Examination (CRTSA)
本證照提供考生檢核是否具備網路安全防護及資安分析知識,並驗證考生是否具備滲透測試、駭客攻防、事故應變處理、與安全架構規劃相關能力。
4
EC-Council
https://www.eccouncil.org/
1.      Certified Network Defender Course (CND)
2.      Certified Ethical Hacker(CEH)
3.      EC-Council Certified Security Analyst(ECSA)
4.      Computer Hacking Forensic Investigator(CHFI)
5.      EC-Council Certified Incident Handler(ECIH)
6.      EC-Council Disaster Recovery Professional(EDRP)
7.      Certified Threat Intelligence Analyst (CTIA)
8.      Certified Application Security Engineer (CASE)NET、JAVA
9.      Certified Penetration Tester (CPENT)
10.  Licensed Penetration Testing (LPT)
11.  Certified SOC Analyst(CSA)
12.  CEH (Master)
本證照提供各種電子商務與資訊安全技能的認證考試,考試重點包含:資安分析與滲透測試的理論、技巧、方法與工具、執行完整的資訊安全測試、防禦駭客與惡意人士的攻擊、滲透測試工具執行演練、攻擊鑑識、建立風險分析與備援計畫、網路安全政策制定、危機事件處理及法規與安全政策及應用程式安全等。
5
Global Information Assurance Certification (GIAC)
https://www.isaca.org/
1.      Cloud Security
(1).      GIAC Cloud Security Essentials (GCLD)
(2).      GIAC Certified Web Application Defender (GWEB)
(3).      GIAC Cloud Security Automation (GCSA)
(4).      GIAC Public Cloud Security (GPCS)
2.      Cyber Defense
(1).      GIAC Open Source Intelligence (GOSI)
(2).      GIAC Certified Intrusion Analyst (GCIA)
(3).      GIAC Certified Windows Security Administrator (GCWN)
(4).      GIAC Continuous Monitoring Certification (GMON)
(5).      GIAC Defensible Security Architecture (GDSA)
(6).      GIAC Certified Detection Analyst (GCDA)
(7).      GIAC Security Operations Certified (GSOC)
(8).      GIAC Information Security Fundamentals (GISF)
(9).      GIAC Security Essentials (GSEC)
(10).   GIAC Certified Enterprise Defender (GCED)
(11).   GIAC Certified Incident Handler (GCIH)
(12).   GIAC Foundational Cybersecurity Technologies Certification (GFACT)
(13).   GIAC Defending Advanced Threats (GDAT)
3.      Offensive Operations
(1).      GIAC Enterprise Vulnerability Assessor (GEVA)
(2).      GIAC Penetration Tester (GPEN)
(3).      GIAC Web Application Penetration Tester GWAPT)
(4).      GIAC Python Coder (GPYC)
(5).      GIAC Mobile Device Security Analyst (GMOB)
(6).      GIAC Cloud Penetration Tester (GCPN)
(7).      GIAC Assessing and Auditing Wireless Networks (GAWN)
(8).      GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
4.      Digital Forensics and Incident Response
(1).      GIAC Battlefield Forensics & Acquisition (GBFA)
(2).      GIAC Certified Forensic Examiner (GCFE)
(3).      GIAC Advanced Smartphone Forensic (GASF)
(4).      GIAC Certified Forensic Analyst (GCFA)
(5).      GIAC Network Forensic Analyst (GNFA)
(6).      GIAC Cyber Threat Intelligence (GCTI)
(7).      GIAC Reverse Engineering Malware (GREM)
5.      Industrial Control Systems
(1).      GIAC Global Industrial Cyber Security Professional (GICSP)
(2).      GIAC Response and Industrial Defense (GRID)
(3).      GIAC Critical Infrastructure Protection (GCIP)
6.      GSE
(1).      GIAC Security Expert(GSE)
本證照針對IT經理及資安管理人員提供考試,提供考生檢核是否具備資訊安全防護能力,考試重點包含:網路防護、滲透測試、資安事故應變與鑑識、開發、工控系統安全相關知識與技能。
7
The International Society of Forensic Computer Examiners (ISFCE)
https://www.isfce.com/
1.      Certified Computer Examiner(CCE)
本證照提供考生檢核是否具備資訊安全概念及系統管理基本能力。
8
Offensive Security
https://www.offensive-security.com
1.      Offensive Security Certified Professional(OSCP)
2.      Offensive Security Certified Expert(OSCE)
3.      Offensive Security Wireless Professional(OSWP)
4.      Offensive Security Exploitation Expert(OSEE)
5.      Offensive Security Web Expert(OSWE)
6.      Offensive Security Exploit Developer (OSED)
7.      Offensive Security Experienced Penetration Tester(OSEP)
本證照提供考生檢核是否具備滲透測與相關工具使用、漏洞挖掘、無線網路安全、網頁安全等技術能力,高階證照包括了長時間的線上考試。
9
Cisco
https://www.cisco.com
1.      CCNA 200-301 Implementing and Administering Cisco Solutions
2.      CBROPS 200-201 Cisco Certified CyberOps Associate certification
本證照提供考生檢核是否具備Cisco基本網路安全環境的建置部署以及維護的技術能力。
10
經濟部
https://www.ipas.org.tw/ise
1.      iPAS 資訊安全工程師中級能力鑑定
本證照提供給產業年資1-3年之從業人員,檢核考生是否具備資訊安全管理實務及資訊安全防護實務能力,並檢核考試是否有能力將相關知識與技能應用於實務作業。
11
ISA
https://www.isa.org/
1.     ISA/IEC 62443 Cybersecurity Design Specialist
2.      ISA/IEC 62443 Cybersecurity Maintenance Specialist
3.      ISA/IEC 62443 Cybersecurity Expert
本證照考試主要設計來透過訓練課程及認證考試,檢核考生是否具備工業通信網路-網路和系統的IT安全性,如:資訊安全相關技術、網路防護、資安事故應變與鑑識。
Copyright © 2024 跨域資安強化產業推動計畫 洽詢電話:06-3032260 #145 吳小姐