E.1.4. INFOSEC Assessment and Evaluation
The National Security Agency (NSA) is the US equivalent of GCHQ (if you're an American, feel free to reverse that sentence). The NSA, like GCHQ, has an information assurance arm that is responsible for security assistance to government departments. One of the ways they achieve this is through the information security (INFOSEC) Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM) programs. It is possible to take courses in IAM and IEM without seeking formal accreditation by the NSA (and a lot of people do) but most courses include entrance to the exam as part of their fees and there's no good reason for not taking it.
IAM and IEM were born out of PDD-63 (now Homeland Security Presidential Directive-7), which requires vulnerability assessments of computer systems that are part of the US Government and the US Critical National Infrastructure. While anyone can take the courses (and no formal security clearance is required at this stage), to gain the accreditation from the NSA you must:
Be a US citizen;
Have five years of demonstrated experience in the field of INFOSEC or computer security (COMSEC), with two of the five years' experience directly involved in analyzing computer system or network vulnerabilities and security risks.
The difference between IAM and IEM is simply that the latter is more advanced and in depth (covering detailed technical matters) and the former is a pre-requisite for it. You are required to complete ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
