Home

ISATRP


Information Security Assurance Training and Rating Program


Please keep your contact information current.
Please contact isatrp (at) isatrp.org if you feel your information needs updating.


Information Security Info
Information Security Assurance

ISAM Info
ISAM Certified People
ISAM Certification Classes
CPE Requirements

ISRM Info
ISRM Certified People
ISRM Certification Classes
CPE Requirements

ISA-CMM Info
Rated Organizations

Other IAM Certified People
IEM Certified People

IA Regulations Comments

SH logo with link

Information Security Assessment Methodology Training

ISAM
The ISAM is an updated and improved 3-day version of the popular INFOSEC Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM). The ISAM is a detailed and systematic way of examining cyber vulnerabilities and was developed by experienced assessors from government and industry. In addition to assisting the governmental and private sectors, an important result of supplying baseline standards for information security assessments is fostering a commitment to improve the organization's security posture. The ISAM is a hands-on methodology for conducting comprehensive assessments of customer networks utilizing common technical evaluation tools. Students can expect to learn an easily repeatable methodology that provides each customer a roadmap for addressing their security concerns and improving their security posture.

Individuals will be trained in the ISAM so they can use their information security analysis skills along with the ISAM training to providethe standardized ISAM assessment service. Since the ISAM is a baseline methodology, the final results of the assessment service are highly dependent on the information security and analytic skills of the assessors. The ISAM focuses on the appropriate procedures for three primary phases:
  • Pre Assessment: Focuses on identifying critical information and systems and addressing the impact to the organization should the loss of confidentiality, integrity, and/or availability occur. This phase also addresses the full scoping of the assessment process.
  • On-Site Assessment: Focuses on gathering the information on the security posture of the organization through interviews, documentation review, and system scanning.
  • Post Assessment: Focuses on detailed analysis and reporting of the findings. This process also includes a reporting tool that will assist in the management view of the security posture.


  • Course Takeaways:
  • High quality training by industry experts
  • Hands-on experience with various security tools
  • ISAM Certification (when requirements are met) including a tracked certificate number
  • Security Assessment Reference Book
  • Security Evaluation Reference Book
  • Sampling of security software to take home for evaluation


  • Certification Qualification Requirements:

    Five (5) years of demonstrated experience in the field of information security, communications security, or computer security,with two (2) of the five (5) years of experience working directly with information security

    AND

    Six (6) months or more of demonstrated experience in at least one of the following areas:
  • An understanding of Windows, Unix, or Firewalls
  • Experience with conducting and interpreting security scanners (type doesn’t matter)
  • Experience with conducting and interpreting port scans
  • Experience with conducting and interpreting operating system evaluation tools
  • Experience with establishing and enforcing security configuration



  • Contact Us

    © 2013 Security Horizon, Inc.
    All rights reserved