Skip Navigation LinksHome Page > Help For Providers

Instructions


Vendor Certification Instructions
Independent Certification Instructions

To keep the APEC Guide to Information Security Skills website as comprehensive a portal as possible, certification providers have the opportunity to add their information security certifications into the guide.

There are two types of certifications included on this website:

  • Independent certifications:: These certifications are provided by organisations without affiliations to any particular technology or service. Being the main focus of the website, greater detail is required when submitting independent certifications.
  • Vendor certifications: These certifications are focused on a particular device or technology.

The following requirements must be met for the submission to be accepted:

  • The certification must relate to IT security
  • All fields must be completed accurately
  • A point of contact must be provided to clarify certification details.

Submissions are reviewed by hand before being included in the database to ensure accuracy and consistency.

Click here to add a new certification.

Vendor Certifications

The following fields must be filled out for the vendor certification to be compiled into the APEC Information Security Awareness Guide.
Certification – The full certification name
Provider – The provider or governing body’s name
URL – A link to the certification’s website
ISO 17024 accredited – Either Yes, No, Full application, or Partial application, depending on whether the certification is ISO 17024 accredited or not
Security Categories - For each of the following either tick or leave blank the checkbox(s) for the various security technologies which the vendor certification covers:

  • Secure application Design & Testing
  • Network Architecture
  • Firewalls
  • Intrusion Detection/Prevention
  • Wireless
  • System Hardening
  • Forensics

Website Groups

For each of the following, either tick or leave blank the checkbox(s) for each of the categories which the certification is best placed in:

Grouped by Tasks:
  • Manage the security function
  • Design security processes and procedures
  • Information Security Auditing
  • Business Continuity Planning
  • Implement security technologies
  • Security Operations (foundational conceptual certifications)
Grouped by security technologies:
  • Secure application Design & Testing
  • Network Architecture
  • Firewalls
  • Intrusion Detection/Prevention
  • Wireless
  • System Hardening
  • Forensics

Independent Certifications

The following fields must be filled out for the independent certification to be compiled into the APEC Information Security Awareness Guide.
Certificate – The abbreviation of the certification
Full name – The complete name of the certification
Governing Body – The governing body’s full name
URL – A link to the certification’s website
Country – The originating country of the certification
Accreditation Type – What type of accreditation this is (a certification can belong to more than one accreditation type):

  • Audit – includes financial, accounting, security and systems auditing
  • Management – Managing security functions and controls, helping an organisation work towards a more holistic security framework and approach.
  • Broadbase – Certifications which cover a wide range of security topics and functions (Minimum of 4 different security categories in ISO 17799).
  • Technical – Certifications which cover a technology or security practice to a technical level. This may range from configuration, building or an applied level of knowledge of the given task/security function.
  • Operational – An operational certification is one which endorses a practitioner’s ability to operate security technologies, or with focuses on following procedures to better the security of an organisation.
  • Security Admin – Security administration certifications examine a practitioner’s ability to control information security technologies and functions. This relates to roles such as network and systems administrators.

Key Knowledge Elements Covered – A listing of key knowledge elements covered in the certification exam
Description – A text description of the certification giving information that may not already be covered in other certification details or mappings. Please limit description to 200 words or less.
Applicability – A brief listing or paragraph concerning who should apply for this certification, or what sort of roles would benefit the most from this certification
Experience Requirements – Any experience requirements that a candidate must have to receive the certification (other than passing the certification exam)
Current Maintenance Requirements – Any requirements for continued accreditation with the certification. Also include the renewal time period (where applicable)
Code of Ethics – Listing of any codes of ethics followed/taught through the certification
Exam Format – Details on the examination format for the certification
Post Nominals Obtained – Listing of any post nominals gained from the certification.
Cost – Associated costs with gaining the certification. This can include a separate (and annotated) cost of training
ISO 17024 - Either Yes, No, Full application, or Partial application, depending on whether the certification is ISO 17024 accredited or not.

Website Groups

For each of the following, either tick or leave blank the checkbox(s) for each of the categories which the certification is best placed in:

Grouped by Tasks:
  • Manage the security function
  • Design security processes and procedures
  • Information Security Auditing
  • Business Continuity Planning
  • Implement security technologies
  • Security Operations (foundational conceptual certifications)
Grouped by Security Technologies:
  • Secure application Design & Testing
  • Network Architecture
  • Firewalls
  • Intrusion Detection/Prevention
  • Wireless
  • System Hardening
  • Forensics

ISO 17799 Mapping

The certification must be mapped out against the ISO 17799 categories used in the APEC Information Security Awareness Guide. The certification will be noted to either have complete (C), partial (P) or no (N) coverage of each security function/task in the ISO 17799 mappings.
Security tasks that are covered by the certification to an in-depth level are recognised with complete (C) coverage. Tasks that have been covered to a foundational or fundamental level will be noted as partial coverage (P). Where the certification has no material on a security task or function, the certification is recorded to have no (N) coverage.

FIPS 200 Mapping

The certification must also be mapped against the FIPS 200 categories used in the APEC Information Security Awareness Guide. The certification will be noted to either have complete (C), partial (P) or no (N) coverage of each security function/task in the FIPS 200 mappings.
To discern whether the certificate qualifies as full or partial coverage of a given topic, refer to the ‘Specifications for Minimum Security Requirements’ in the FIPS 200 document (http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf). If the certification covers most or all of the described controls and functions for a listed category (eg. Access Control), then the certification encompasses this category to complete (C) coverage. Where the certification only covers some of the listed controls, the certification is regarded as having partial (P) coverage. If the certification examines no information on the controls or functions, the certification has no (N) coverage.