Frequently Asked Questions: The below FAQ is broken into 4 sections: ISATRP, ISAM, ISRM, Benefits and Pricing

Information Security Assurance Training and Rating Program (ISATRP)

The INFOSEC Assurance Training and Rating Program (IATRP) has changed to the Information Security Assurance Training and Rating Program (ISATRP) effective September 2009 and will continue to have the training component and the rating component.

The IAM and IEM is now combined into one course, the Information Security Assessment Methodology (ISAM)

The ISAM is an updated and improved 3-day version of the popular INFOSEC Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM)

The long awaited Information Security Red Team Methodology (ISRM) is now available

The ISRM is a 4-day comprehensive red team training and certification program

The rating portion will become the ISA-CMM 'Information Security Assurance' Capability Maturity Model, and will be revised and updated in the near future

Why were the changes made?

The previous sponsor determined that continuing to support the IATRP was not in their long-term objectives and has therefore removed support for the program. Security Horizon has been authorized to continue to utilize the previous material and make beneficial updates and changes to the program.

When are the ISAM and ISRM available?

Immediately

What qualifies Security Horizon to manage the ISATRP?

Security Horizon has been actively involved in provisioning the IATRP since our inception in 2000; we have also been actively supporting the management of the IATRP since 2006. Security Horizon team members have been integral in the development of the IAM and provided the majority of the methodology development and course material for the IEM and the new ISRM. Security Horizon has taught the IAM and IEM to over 4000 students.

Information Security Assessment Methodology (ISAM) Training

What is the ISAM?

The ISAM is a 3-day, hands-on methodology for conducting comprehensive assessments of customer networks utilizing common technical evaluation tools. This course integrates the IAM and IEM into the most commonly utilized assessment process.

What can I expect to learn?

Students can expect to learn an easily repeatable methodology that provides each customer with a tailored roadmap for addressing their security concerns and improving their security posture.

Will there be a professional recognition for the ISAM certification?

Yes, the ISAM certificate will show that you have the base knowledge to conduct security assessments in a repeatable process. Completion of the ISAM is recognizable for many organizations that have annual CPE requirements.

How many Continuing Professional Education (CPE) will I receive for the ISAM training?

The ISAM will provide 24 hours of training. This will normally allow the student to self submit for up to 24 CPEs (depending on the program).

Where can I find upcoming classes?

Security Horizon is currently offering the ISAM training .Please look at the following websites to track when courses are available:

www.securityhorizon.com/ISAM.php

www.isatrp.org

What qualifications do I need to take the ISAM?

Approval from Security Horizon after review of the application showing:

Five(5) years security experience with two (2) of the five (5) years in information technology security AND Six(6) months of security tool experience

Attend all of the three-day class.

Demonstrate an understanding of the ISAM through group exercises and class participation.

Obtain a passing grade (at least 70 percent) on the ISAM test.

Is US citizenship required to take the ISAM?

No. However, the courses are taught in English, so a significant understanding of the English language is required in most cases.

What if I don't have 5 years of experience?

The ISAM allows you to defer a maximum of one (1) year of experience. You can take the ISAM training and receive the Security Horizon Certificate of Training. If within the following 24 months you gain the addition experience to meet the 5 year requirement, then you can petition to get your ISAM certification. There is a small $50 administrative fee to do this.

Please maintain your Security Horizon Certificate of Training as evidence of ISAM training and for ISAM Certification submission.

What is the difference between the IAM/ IEM and the ISAM?

The IAM/IEM had a heavy Department of Defense (DOD) focus. The ISAM is expanded to encompass additional control requirements including the NIST control families. We at Security Horizon believe that combining the IAM and IEM will allow practitioners and customers the best view of an organization's security posture through both organizational and technical assessment. The ISAM is a comprehensive course that will teach both organizational and technical assessment methodologies in a more concise and effective manner.

Is there annual fee or CPE requirement to maintain my ISAM Certification?

Annual Fee: There is no annual fee to maintain your ISAM.

CPE requirements: 24 hours of continuing education are required annually. This requirement can run in conjunction with your CPE requirements for the ISRM or other certifications requiring CPE's.

What will happen to the IAM and IEM certificates received prior to August 26, 2009?

All IAM and IEM certificates received prior to August 26, 2009 are still valid and do not expire.

ISAM certificates WILL NOT be issued to individuals certified prior to August 26, 2009.

What if I want to convert my IAM and IEM certifications to the ISAM certification?

For a one-time fee of $100, you can convert your IAM/IEM certifications to the ISAM after submitting an application and providing evidence of IAM and IEM certification.

What if I need my IAM and/or IEM certificates reprinted?

Unfortunately, Security Horizon will not be able to coordinate replacement certificates that were issued prior to August 26, 2009. Please protect your certificates as you would other important personal papers.

What if I have the IAM certification but not the IEM certification?

If you do not have the IEM certification, it is recommended that you take the ISAM as it incorporates the technical assessment approach missing from the IAM course. If you are IAM certified and wish to become ISAM certified, Security Horizon will give you a discount of 30% off the rate you would qualify under. Proof of IAM certification will be necessary.

Information Security Red Team Methodology (ISRM) Training

What is the ISRM?

The Information Security Red Team Methodology (ISRM) is a detailed hands-on methodology for performing evaluations of the current security readiness of an organization via red team activities.

What can I expect to learn from the ISRM?

Individuals can expect to learn a repeatable methodology that can be used to identify, evaluate and perform a Red Team engagement.

What are the qualifications to take the ISRM?

Required: Five (5) years of demonstrated experience in the field of information security, communications security or computer security, with 2 of the 5 years of experience working directly with information security requirements and controls. Six (6) months cumulative experience conducting technical assessments or utilizing technical assessment tools

Recommended: ISAM Certification OR IAM AND IEM Certification

When will the ISRM classes be held?

Please look at the following websites to track when courses are available in a convenient location for you.

www.securityhorizon.com/ISRM.php

www.isatrp.org

Is there annual fee or CPE requirement to maintain my ISRM Certification?

Annual Fee: There is no annual fee to maintain your ISRM.

CPE requirements: 24 hours of continuing education are required annually. This requirement can run in conjunction with your CPE requirements for the ISAM or other certifications requiring CPE's.

How many CPEs will I receive for the ISRM training?

The ISAM will provide 32 hours of training. This will normally allow the student to self submit for up to 32 CPEs (depending on the program).

ISAM/ISRM Benefits and Pricing

What is the benefit of the revised program and related changes?

Updates to the ISAM and ISRM can be rapidly implemented as situations and technology change in both the federal and commercial worlds.

The ISAM and ISRM will be free from federal and corporate bias and allows for integration of different standards.

The ISAM and ISRM are vendor agnostic; they provide an unbiased, professional introduction to a variety of tools and processes available to meet the ISAM and ISRM requirements that are currently used in the security industry.

The ISAM will consist of three days of training rather than the four required to complete the IAM and IEM.

The ISRM will consist of four days of intensive, hands-on training.

How much will the ISAM and the ISRM cost?

Pricing may vary by location or involvement with conferences, etc. Please check the specific pricing for each class, which will be indicated on the Security Horizon website. All pricing is per student.

ISAM

Retail=$1990

Organizational Discount: $150 off for ISSA, ISACA, InfraGard. Ask us if you are a member of another professional security organization

Government (GSA)=$1490

ISRM

Retail=$2490

Organizational Discount: $150 off for ISSA, ISACA, InfraGard. Ask us if you are a member of another professional security organization

Government (GSA)=$1990