About Security Essentials

A solid understanding about threats in datasecurity in IT-Systems and how to avoid the same should be part of the knowledge-repertoire of every Developer, Business- & Requirementsanalyst, IT-Manager and Tester.
The A4Q Security Essentials Syllabus teaches all essential skills to become a developer in safe IT-Systems with using vivid explanation, examples and demonstrations.
You can prove your knowledge in passing the A4Q SE-Exam.

The certification is addressed to:
Developer, IT-Requirementsexperts, Business Analysts, Software Testers, agile Teams, IT-Manager, Project- & Teammanager

Prerequisites:
Experiences in being part of an IT-Project as Developer, Business-Analyst, Requirements-Engineer, Projectmanager, Technical Writer or Tester is recommended.

The syllabus can be downloaded here.

 

Content:

  1. Fundamentals of IT Security
    - The Concept of IT Security
    - Assets, Threats and Vulnerabilities – The Context of IT Security
    - Principles in Developing Secure Software
    - Why Security is different
    - Security Standards
  2. Understanding Attacks
    - Overview on Attack Taxonomies
    - Malware Types
    - Attack Surface
    - Common attacks and web security
    - Social Engineering
    - Security in Wireless Communications
  3. Security in the Software Lifecycle: Types, Methods and Management
    - The Security Development Lifecycle Process
    - Threat modeling & Requirements Engineering
    - Secure Design and Secure Coding Principles
    - Security Testing
    - Defect management and classification

Benefits of the certification

  • General benefits are:
    - understand the most common security related terms, concepts and processes.
    - actively take part in and contribute to security related risk management activities
  • Specific benefits for project managers:
    - align project activities with required or recommended security related activities
    - understand and explain fundamental security requirements that a given system must meet
    - understand and explain the activities required for developing a specific system or application in a secure manner
  • Specific benefits for developers:
    - understand and explain the activities that are required for developing secure systems and applications
    - understand common security related mistakes in development
  • Specific benefits for requirement engineers:
    - understand and explain how fundamental security requirements can be established
    - understand common security related mistakes in requirements engineering
  • Specific benefits for testers:
    - understand the role of testing as part of a security development lifecycle
    - understand and explain different security testing types
  • Specific benefits for IT risk managers and IT security experts
    - receive guidance on what to include in a comprehensive basic training on IT security

Exam

The examination for the A4Q Security Essentials is based on the respective curriculum. The full examination areas are well defined in the Learning Objectives (Objectives) of the  curricula. Consequently, the Learning Objectives provide the framework for the exams. The testing format is multiple choice.

Candidates eligible to participate in the exam either have attended an accredited course or they are participants of an open exam (no prior course attendance required).

A4Q Security Essentials exam: 60 minutes + 25% for non-native speakers
A 65% score is required to pass the exam

GASQ recommends participants attend a training program with an accredited provider prior to taking the exam.
If you should be interested in arranging for an open exam for a group of more than 5 individuals who do not require accredited training, we will be pleased to conduct such an exam nationwide in Germany on your premises. To make such arrangements, please complete our exam form and submit it to info@gasq.org. We will contact you to arrange the details as soon as possible.

The Syllabus can be downloaded here.

 

FAQ

I have lost my certificate. Is it possible to apply for a new one?
It is possible to apply for a replacement certificate; a processing fee of € 35 will be charged.

Is it possible to review the exam?
For a fee of € 80, a target-actual comparison can be performed at our business premises in Nuremberg, Germany. Conducting a target-actual comparison means that you will be presented the exam questions along with the solutions. You will have a time limit of 15 minutes to conduct this review. Subsequently, you will be denied access to the questions that are currently being used in the exam.

If I do not pass, is it possible to take the exam again?
Yes, you can re-take the exam; however, you will be charged another exam fee.

Do I have to meet any requirements to participate in the Exam?
No, but a basic understanding in testing or experience in IT-Projects are recommended.

Will my certificate expire?
No, the certificate is lifelong valid.

Will I incur any other fees besides the exam fee?
No.

Will I have to attend a course before I sign up for the exam?
No, attending a course is a choice you make at your discretion. You can also take the test right away.
However, we recommend you attend a course offered by an accredited company.

Will you notify my supervisor/employer as to whether I have passed or failed the exam?
No.