Today, I will write a simple blog on my experience taking a KISA Information Security Engineer Certificate test and how I passed the theoretical test.
What is the KISA Information Security Certificate (정보보안기사 자격증)?
The KISA Information Security Certificate, issued by the Korea Internet & Security Agency, verifies that organizations in South Korea meet specific information security standards. It helps enhance credibility and trust by demonstrating a commitment to protecting sensitive information through effective security practices. The test covers broad categories: system security, network security, application security, information security, and information security management & law. The certification requires one to pass two tests - theoretical and performance tests.
The first theoretical part is tested by CBT, meaning using only computers. You don't need a pen or pencil. It could be uncomfortable, but you can check your grade immediately after you submit the test. To pass, you need 60/100 overall and at least 40% in all five sections. This means, that even if you got 80/100 on the test if you got an under 40% on one section, you fail the test (this is why I studied much harder on the Korean security law part).
Why did I choose to take it?
In Korea, there are many certificates you can apply in security fields like Network management, Linux Master, Information Processing, and Information Security, managed by the Korea Internet & Security Agency (KISA). The reason I chose the Information Security Certificate (ISC) test is because it's the hardest of all. According to the Korean Wikipedia, a whole book on Information Processing is equivalent to one chapter of ISC.
Due to its complexity and broadness in category, the test result shows a low pass rate, compared to other certification tests. For me, it was just a challenge to test my knowledge and start to explore the security field.
My background knowledge
As a formal electrical and computer engineering student, the start of studying wasn't that hard. I have a decent understanding of Operating Systems and Networks and have basic software engineering skills in C and Linux. However, I would have failed the test if I had not prepared myself since the test asks very detailed questions such as port numbers of protocols, types of DoS, DDoS, and DRDoS attacks, and Korean security laws & organizations. I could manage to study alone with a prep book, but I would highly recommend taking online lectures if you don't have a background in OS or Networks.
How did I study?
I used the "2024 Algisa Information Security Prep (Theory)" books and had around 3 months to study. For the first month, I mainly read the theory book and made a note. This, however, takes a very long time and is not effective to study within 3 months. I skipped the last Korean law part and started to solve 1200 problems for the rest of the months. Solving the problems as many times as possible and understanding the solutions were the answer for me. During the test, I realized the test contained several similar issues from the book.
Quick Tip for each section - what to study more
- System Security: study more pw cracking tools
- Network Security: DoS attacks, TCP/IP scans, DNS spoofing
- Application Security: CSRF
- General Information Security: hash algo comparison, Needham-Schroeder protocol
- Information Security Management and Law: ISMS-P, 개인정보취급자
Test application tip
If you are applying to the test, it's important to apply as soon as the application starts. The spots fill up quickly, and you might not get a spot in the area you prefer.
Also, if you are a student or formal student from a foreign country like me, I don't recommend taking this test unless you need it. After you pass the theoretical test, the second performance test requires your college graduation certificate. You need to get an apostille authentication of your college degree which costs over $200 and takes around a month with a translation authentication. I realized this after I passed the test, but you should take a consideration if you are applying to this test.
Okay
I don't think many people will read a post about the Korean certification test in English, but I hope this blog post helped you!