The CIW Security Professional Exam
The CIW Security Professional exam is part of a multifaceted Web certification program aimed at Web developers, designers, and administrators. We won't cover the entire program in this article, which concentrates primarily on the single security exam; however, it's important to understand this exam in the context of a larger Web-oriented certification. Unlike other credentials that we've covered in this series of stories on security certification, this exam leads only to an entry-level credential, CIW Professional, if a candidate takes a single prerequisite exam, the CIW Foundations (1D0-410) exam, before attempting the CIW Security Professional (1D0-470) exam. Please note also that for individuals who pass this exam, and who also hold MCSE, CNE, or other similar certification, a special designation as a CIW Security Analyst is also available (please see ciwcertified.com/csa/default.asp?comm=home&llm=3 for more information).
The proper name for the company that stands behind the Certified Internet Webmaster training program is ProsoftTraining.com. We shorten this to Prosoft throughout the rest of this article, partly at the company's request. If you try to visit Prosoft's Web site, look up the company online, or research any of its products or services, look to the Prosoft home page. Likewise, you can find everything you need to know about the CIW program online as well.
Prosoft offers six named certifications under the CIW program's umbrella, including an entry-level CIW Associate certification, an intermediate CIW Professional certification, and four master-level certifications. Because we're covering only one of the exams in this story, we suggest that you investigate the entire program further at www.ciwcertified.com if you are interested in any of these certifications.
You can’t take the CIW Security Professional exam without meeting CIW foundation requirements. Because it's necessary to take the CIW Foundations exam before taking the CIW Security Professional exam, I not only cover these two exams briefly in the sections that follow, but I also cover the certifications that individuals who pass these exams thereby attain.
The CIW Foundations (1D0-410) exam is not only a prerequisite for all other CIW exams: It also leads to an entry-level CIW certification—the CIW Associate certification. Candidates retain this certification until they take and pass any other CIW exam, at which point they advance into the CIW Professional designation, covered in the next section.
Passing the CompTIA i-Net+ (IK0-001) is acceptable in place of passing the Foundations exam. Therefore, it's safe to assume that the Foundations exam covers Internet basics (in fact, Foundations provided much of the basis upon which the i-Net+ exam was based). Those who want classroom or online training to help them prepare for the Foundations exam are advised to take three classes to help them get ready:
- Internet Fundamentals. This one-day class lives up to its name. It starts with a general Internet overview and then moves on to cover browsing the Web; FTP, newsgroups, and telnet; electronic mail; objects, plug-ins, and viewers; search engines; basic security issues; and basic e-commerce concepts, standards, and issues. For more details, visit http://www.ciwcertified.com/publicreadaccess/catalog/outlines/CIW_Foundations/Internet_Fnd_v5_07_Outline.pdf.
- Web Page Authoring Fundamentals. This two-day class covers the basics of the Web authoring process. It includes information on HTML, general markup syntax and semantics, and working with horizontal rules, graphical elements, hyperlinks, tables, forms, images, frames, authoring tools, and HTML extensions. Consider it a basic class in building Web pages and related documents. For more details, visit http://www.ciwcertified.com/publicreadaccess/catalog/outlines/CIW_Foundations/Webpg_Auth_Fnd_v5_07_Outline.pdf.
- Networking Fundamentals. This two-day class covers basic networking protocols, topologies, and technologies. It covers LANs and WANs, TCP/IP and Internet addressing, internetworking servers, server-side scripting and database connectivity, and network security essentials. For more details, visit http://www.ciwcertified.com/publicreadaccess/catalog/outlines/CIW_Foundations/Network_Fnd_v6_07_Outline.pdf.
To earn the CIW Professional certification, a candidate must pass the CIW Foundations (1D0-410) exam and any CIW series exam, such as the exam we cover in this article: the CIW Security Professional (1D0-470) exam. Students retain their CIW Professional designation until they pass all required exams for any of the Master CIW certifications.
The CIW Professional designation is commonly a step on the way to becoming a Master CIW Administrator, a Master CIW Enterprise Developer, a Master CIW Designer, or a Master CIW Web Site Manager. Please note that the CIW Security Professional exam is one of three exams above and beyond Foundations that individuals must pass to become certified as a Master CIW Administrator.
For those seeking to pass the Security Professional exam, Prosoft recommends that candidates take three classes:
- Network Security and
Firewalls. This two-day class covers general networking security and
firewalls. It includes a general security introduction, the basic elements of
security, applied encryption, general security principles, protocol layers and
security, ways to secure system and network resources, types of attacks,
firewalls and levels of firewall protection, ways to detect and distract
hackers, incident response, and Internet Security Resources. For more details,
- Operating System Security. This one-day class covers issues involved in installing, configuring, and managing systems to be as secure as possible. It includes discussions on system security principles, account security, file system security, risk assessment, risk reduction, the Windows Security Configuration Manager, and Internet Security Resources. For more details, visit http://www.ciwcertified.com/publicreadaccess/catalog/outlines/CIW_Security_Professional/Oper_Sys_Sec_v3_07_Outline.pdf.
- Security Auditing, Attacks, and Threat Analysis. This two-day
class covers techniques involved in monitoring security and in responding to
threats and attacks. It covers security auditing, auditing of server
penetration and attack techniques, audit results, discovery methods, auditing
and log analysis, security auditing and the control phase, intrusion detection,
and related Internet Security Resources. For more details, visit http://www.ciwcertified.com/publicreadaccess/catalog/outlines/CIW_Security_Professional/