Certificate Summary

Information security, also known as InfoSec, is about protecting information from being accessed, used, or changed by people who shouldn't have access to it. This applies to all kinds of data, whether it's stored electronically or physically. Information Security Testing and Assessment involves identifying different security weaknesses in your technology systems. These weaknesses, discovered during the assessment, are vulnerabilities that could be exploited by someone or something malicious to access your private data. Security testing is a process used to uncover flaws in the security measures of an information system, ensuring that data is protected and the system functions correctly. However, passing security testing doesn't guarantee that no flaws exist or that the system meets all security requirements. Security requirements typically include aspects like confidentiality, integrity, authentication, availability, authorization, and non-repudiation. The specific security requirements tested depend on what's implemented in the system. Security testing can have different meanings and be done in various ways, so having a Security Taxonomy helps clarify these approaches and meanings by providing a foundational framework to start from.

Structure of the Assessment

Exam Duration and Format

• The exam lasts for 2 hours, which is the same as 120 minutes.

Validity and Renewal

• The Certified Information Systems Penetration Tester (CISPT)™ certification lasts forever.