Chapter 11

CCSP

Certified Cloud Security Professional

CCFP

Certified Cyber Forensics Professional

CSSLP

Certified Secure Software Lifecycle Professional

CRISC

Certified in Risk and Information Systems Control

CGEIT

Certified in the Governance of Enterprise IT

HCISPP

Healthcare Information Security and Privacy Practicioner

SANS

System Administration, Networking, and Security

Least Privilege

The data access principle that ensures no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation needed. Least privilege implies a need to know.

Separation of Duties

The information security principle that requires significant tasks to be split up so that more than one individual is required to complete them.

Two Person Control

The organization of a task or process so that at least two individuals must work together to complete it. Also known as dual control.

Need to Know

The principle of limiting users' access privileges to the specific information required to perform their assigned tasks.

Job Rotation

The requirement that every employee be able to perform the work of another employee.

CISM

assure executive management that a candidate has the required background knowledge needed for effective security management and consulting.

CISSP

considered the most prestigious for security managers and CISOs. It recognizes mastery of an internationally identified Common Body of Knowledge (CBK) in information security.

CISA

not specifically a security certification, but it does include many information security components. ISACA touts the certification as being appropriate for auditing, networking, and security professionals