IABP Interview and Exam Content

The Information Assurance Business Professional is compromised of 60% Information Assurance and 40% technical content. This certification is geared to all Information Assurance & Security Professionals. Please review the requirements for this certification. Grandfathering is now open!




Information Assurance Content (60% of exam)
Understanding of Confidentiality, Integrity, Availability (CIA Triad)
Security GovernanceRisk Management
  • Security Policies
  • ISO27001
  • Security Roles & Responsibilities
  • Optimal Organizational Structure
  • Due Care / diligence
  • Top down / bottom up approach
  • Identify threats and vulnerabilities
  • Risk assessment/analysis (qualitative, quantitative, hybrid)
  • Risk Formulas (e.g., ALE, SLE, ARO)
  • Risk assignment
  • Control & Countermeasure selection
  • Asset Identification
  • Tangible and intangible asset valuation
  • Manage the information life cycle (e.g., classification, categorization, and ownership)
  • Vulnerability Managment
  • Vulnerability Lifecycle
Business Continuity Planning Security Awareness
  • Business continuity requirements
  • Develop and document project scope and plan
  • Conduct business impact analysis
  • Identify and prioritize critical business functions
  • Determine maximum tolerable downtime and other criteria
  • Assess exposure to outages
  • Define recovery objectives
  • Develop a recovery strategy
  • Security Awareness
  • Security Training
  • Assess the completeness and effectiveness of the security program
  • Benefits of training
Technical Content (40% of exam)
Understanding of Defense in Depth
Disaster Recovery
Secure communication channels (e.g., VPN, TLS/SSL, VLAN)
CryptographyNetwork Controls
  • Application and use of cryptography
  • Key management processes
  • Digital Signatures
  • Non-repudiation
  • Use cryptography to maintain network security
  • Use cryptography to maintain application security
  • Types of Firewalls
  • End Point Security (AV, HIDS)
  • Intrusion Detection Systems / Intrusion Prevention Systems (IDS/IPS)
  • Security Incident Event Management (SIEM)
Understanding ControlsIncident Handling
  • Administrative, Technical, Physical
  • Types of controls (preventive, detective, corrective, etc.)
  • Techniques (e.g., non-discretionary, discretionary and mandatory)
  • Identification and Authentication
  • Decentralized/distributed access control techniques
  • Authorization mechanisms
  • Incident Handling Process (Detection/Response/Reporting/Recovery/Remediation)
  • Evidence collection and handling (e.g., chain of custody, interviewing)
  • Reporting and documenting
  • Understand forensic procedures
Network AttacksUnderstanding Malware
  • Denial of Service, Distributed Denial of Service
  • Man in the Middle
  • Smurf
  • Arp Spoofing
  • Password Based Attacks (Bruteforce, etc)
  • Sniffers
  • Virus
  • Trojan
  • Adware
  • Worms
  • Botnets