CERTIFIED MOBILE DEVICE SECURITY PROFFESIONAL (CMDSP )

CERTIFIED MOBILE DEVICE

SECURITY PROFFESIONAL (CMDSP®)

Candidate Information Brochure & Study

Guide

www.cmdsp.org

[email protected]

240-233-4303

CMDSP® Candidate Information Brochure & Study Guide

1. Introduction………..…… 2

2. Job Analysis……… 2

3. Applying for & Scheduling an Examination………. 3

A. Eligibility Requirements……… 3

B. Application, Payment and Scheduling Process……… 4

C. Fees and Refunds………. 5

D. Canceling or Rescheduling an Examination……….. 5

E. Special Examination Arrangements……… 6

F. On the Day of the Examination………. 6

G. Examination Security ……… 7

4. Certification Agreement……….. 8

5. Examination Specifications……… 10

6. Sample Test Items ……….. 11

7. Suggested References……….. 12

8. Challenges, Scoring and Appeals……….. 12

9. Code of Ethics ……… 13

10. Recertification……… 14

1.

Introduction

Thank you for your interest in the Certified Mobile Device Security Professional (CMDSP®) program. This candidate information brochure is intended to act as an aid to those who are in the process of preparing for the CMDSP® examination. It is not intended to be the sole

resource used in those preparation efforts but to exemplify the process of candidate

certification and provide additional sources of information a candidate might use to augment their self-directed preparation. If you have questions about this guide or any other part of the Certified Mobile Device Security Professional program, please email [email protected].

A Certified Mobile Device Security Professional (CMDSP®) is a professional experienced in managing mobile IT duties within an organization. Such duties typically entail installing and integrating various components of a mobile security system into an organization’s Enterprise IT architecture and ecosystem. A Certified Mobile Device Security Professional's

responsibilities include:

 Managing the Mobile IT duties at an Enterprise

 Supporting employee use of mobile devices for work related activities  Running BYOD (Bring Your Own Device) within an enterprise

 Managing mobile device connections to enterprise systems  Securing mobile devices in an Enterprise

 Running MDM (Mobile Device Management) software

2.

Job Task Analysis

A Job Task Analysis defines the current knowledge, skills and abilities that must be

demonstrated by a Certified Mobile Device Security Professional. The Mobile Resource Group has utilized a panel of industry experts and professionals to compile a Job Task Analysis in accordance with applicable testing industry standards. All decisions regarding the content of the examination are made by appropriate subject matter experts. The MRG has an Educational board comprised of Mobile IT Professionals that follows guidelines for the construction and implementation of examination development and the administration process.

The CMDSP® examination is designed to evaluate candidates seeking professional certification in the field of securely managing mobile devices at an enterprise level. The design of the examination is set forth in section #5 below, which lists each content domain and sub-domain covered on the examination as well as the tasks associated with them. The exam is comprised of 75 items. The percentage of items related to each domain is detailed in section #5 . Two hours are allowed for the examination.

3.

Applying For and Scheduling an Examination

A. Eligibility Requirements

To be eligible for the CMDSP®, a candidate must:

Experience – Total of 5 years of experience with mobile devices

 4 of the 5 years waived with a college degree in a technical discipline ◦ Last year waived with relevant Masters degree

Domain Knowledge – Be familiar with:



Mobile Hardware Knowledge

Different devices have different features on their hardware. Some are equipped with cameras while others are equipped with sensors. CMDSP candidates must have a strong understanding of the

different types of existing mobile devices and be able to distinguish between each device’s hardware features. They must demonstrate how differences in design can lead to different security risks and problems.



Mobile Operating System Knowledge

The operating systems act as the core of mobile devices’ function. It is crucial for a mobile device security professional to understand the different components that make up the operating system, what kind of operating systems each mobile device uses, and the code used to enable Mobile Apps residing on the phone to perform app functions. He/She must also know the vulnerabilities that exist within the operating system, and how these vulnerabilities can be exploited. The CMDSP exam will test candidates’ knowledge of the OS,

particularly for the two most popular systems: the iOS and Android. 

Mobile Connectivity Knowledge

This domain will cover the ways that devices communicate with other mobile devices, computers, and the wider Internet. It will also cover data connections with cloud environments, cellular data, Wi-Fi, Bluetooth, and other networking tools. An understanding of each network system and its architecture is a bedrock fundamental to a CMDSP.



Job Experience Managing Mobile Devices

Mobile IT management within Organizations. Managing mobile devices in an enterprise setting is important. This domain covers knowledge of how to securely manage and utilize fleets of employee devices in an enterprise. This includes policies such as “bring your own device,” and other common ways and means of how mobile devices are used among enterprises. Any Mobile Strategy initiatives within an organization to help make an organization more mobile or

better utilize mobile computing devices for business purposes is pertinent. CMDSP candidates should know which strategies and policies to implement in particular settings to protect and manage enterprise operations and data.

B. Application, Payment and Scheduling Process

IMPORTANT NOTE: The MRG has employed a professional testing company, called ITPG, Inc. (i.e. ITPG), to assist in the performance of various examination development and administration functions. ITPG and its testing center network partner, called Kryterion™, are two companies whose names you will see referenced in this document and throughout the appointment and examination process.

Not Eligible Eligible

Apply for Retake

Pass Exam

C. Fees & Refunds

STEP 1: Candidate Submits CMDSP® Application and $395 Non-refundable Program Fee to MRG. Candidate receives CMDSP Study Guide. END CMDSP will work with Candidate for eligibility

STEP 2: Candidate Receives

Authorization-To-Test (ATT) from ITPG, Inc. via email address of record

STEP 3: Candidate makes an

appointment at ITPG Inc. portal, pays $125 testing fee & sits for CMDSP® exam at a KRYTERION™ computer-based testing center Worldwide

Receive CMDSP® Certificate [Good for 3 Years]

Receive CMDSP® Certificate

[Good for 3 Years]

START

START

All applications, whether submitted online or via paper form, must be accompanied by the non-refundable $395 CMDSP® Program fee, which may be paid online using a credit card or by mailing in a bank check or money order. Examination fees are subject to the testing company’s fee policies [Kryterion™], which are outlined in the following paragraph. D. Scheduling, Canceling or Rescheduling an Examination

These functions are handled by ITPG. ITPG can be contacted at: [email protected]

703-637-4423

Candidates can complete theCertified Mobile Device Security Professional (CMDSP®) Examination Application Form and pay the application fee online at cmdsp.org or complete the form at the end of this document manually. Individuals will be notified by the MRG if the application information is insufficient or lacks supporting documentation.

When the application has been approved and you are determined eligible, ITPG will email an Authorization-To-Test to you in order to sit for the examination at a secure Kryterion™ test site. This email will contain a link to the appointment website and login credentials. Candidates make their appointment to take the examination and pay the testing fee on this website. There are over 700 Kryterion testing centers worldwide, with centers in over 100 countries. Available dates and times vary by testing location. Eligible candidates may register at any time to take the exam. Candidates who require special accommodations must make a specific written request for the type of accommodation needed. The reason for the accommodation must be recognized under the Americans with Disabilities Act (ADA). (See below.) Candidates are required to bring two forms of identification, at least one of which must be a form of government-issued photo ID, to the test site.

Candidates can reschedule themselves online through the Kryterion™ website

[Webassessor®]. In order to reschedule at no charge, a candidate must do so at least 72 hours prior to their exam date. Candidates who fail to meet this deadline risk forfeiture of the exam fee. If you are within 72 hours of your exam, there is a $100 rescheduling fee and such changes must be coordinated through ITPG. To calculate your 72-business-hour notification deadline, please remember that the ITPG office is open from 9 AM to 5 PM (Eastern) Monday through Friday; it is closed on Saturdays, Sundays, and U.S. federal holidays.

Those who fail to appear for a test without giving prior notice to ITPG shall forfeit the entire examination fee, unless they can document extenuating circumstances, such as: death in the family, serious illness, or military duty. In such circumstances, the candidate

should contact ITPG as soon as possible and provide an explanation of the situation in writing. (Email is acceptable).

In the event of hazardous weather or any other unforeseen emergencies occurring on the day of a scheduled exam, Kryterion™ will determine whether circumstances require the cancellation of the exam at a particular location(s). Every attempt will be made to administer all exams as scheduled. Candidates will be given as much advance notice as possible in the event of a Kryterion™ cancellation and not penalized if such a cancellation is declared by Kryterion without 72 hours notice. ITPG will contact all such candidates for rescheduling.

Approved applications are only valid for 12 months. After 12 months, your application will expire and if you wish to sit for the exam, you must reapply as a new applicant and pay the application fee once again.

Candidates who pass the examination will be sent a certificate with a unique certification number issued by the MRG within six (6) weeks of passing the examination. The

certification is valid for 3 years. Candidates who fail the exam may retake it at any time and they must pay the exam fee each time.

Name and contact changes must be updated within your candidate record. Keeping your information current is a condition of your certification. Failure to update your contact information may result in delays in receiving critical certification related information. Email is the primary mode of communication between the MRG and CMDSP® _{credential holders} and candidates.

E. Special Examination Arrangements

The MRG complies with the Americans with Disabilities Act (ADA), and is interested in ensuring that no eligible individual is deprived of the opportunity to take the exam solely by reason of a disability as defined under the ADA (or equivalent), as long as the disability is not one which would render the individual incapable of performing the duties of a certified position. Applicants needing special accommodations must make a request in writing at the time of application. Requests must include documentation of a formally diagnosed ADA-recognized disability from a qualified professional who has provided evaluation or treatment to the applicant.

F. On the Day of the Examination

Candidates should report to the exam center on the day of the exam as instructed in their appointment confirmation letter, and plan to arrive at least 15 minutes prior to the appointment time. Candidates must bring one valid form of ID. This must be a

government-issued photo ID with signature (for example, a driver’s license or passport). The name on the ID must match exactly the name submitted on the application, or the candidate will be denied admission. A second form of ID may be requested at the testing center. A credit or debit card matching the name on your government-issued ID is

acceptable.

Listen carefully to the instructions given by the proctor and read all directions thoroughly. Questions concerning the content of the exam will not be answered during the exam, but a comment form is provided within the testing software.

The CMDSP® examination is closed book. Therefore, no materials are permitted into the testing room. There will be a secure area in which to check valuables. The following items are NOT PERMITTED in the exam room:

• Books or other reference materials

• Papers of any kind, except as provided by the proctor

• Telephones and signaling devices, such as cell phones, tablet computers, etc. • Alarms or recording/playback devices

• Photographic or image-capturing or -copying devices • Electronic devices of any kind

• Food or beverages G. Examination Security

The MRG firmly believes that each candidate deserves a fair and equal opportunity to demonstrate his or her competency in the examination process. Therefore, examination security measures are intended to prevent any unfair advantage of one candidate over another.

All exam materials are the property of the MRG. Removal of any material from the exam room by unauthorized persons is prohibited. Copyright for the CMDSP® exam is owned by the MRG. Any attempt to reproduce or memorize all or part of the exam is prohibited. Any unauthorized disclosure, publication, copying, reproduction, transmission, distribution, or possession of CMDSP® exam content or materials in any form may subject the individual to civil liability and/or criminal prosecution, removal of certification, and/or restrictions on future access to CMDSP® certification examinations. The prohibition of “unauthorized disclosure” means that you may not discuss the contents of the examination with anyone except the MRG.

A proctor may dismiss a candidate from the exam site, halt an examination in progress, or report a candidate to the MRG for any unauthorized behavior, such as the following: • attempting to gain unauthorized admission to an exam site

• attempting to take the examination for someone else • creating a disturbance

• giving, receiving, or attempting to give or receive help from unauthorized sources • removing, or attempting to remove, exam materials or notes from the testing room • having in his or her possession any item prohibited from the exam site as specified above • exhibiting behavior consistent with memorization or copying of exam items

Restroom breaks are permitted, but are included as part of the 2 hours allotted for the actual exam.

4.

Certification Agreement

When an applicant signs the CMDSP® Application form, he or she is legally attesting to the fact that the applicant has read and will abide by the below Certification Agreement.

I certify that all information contained in my application to the Mobile Resource Group (MRG) for the Certified Mobile Device Security Professional (CMDSP®) examination is true and accurate to the best of my knowledge. Further, I agree to notify the MRG promptly of any change in name, address, or contact information, or in the event of any occurrence bearing upon my eligibility for certification including, but not limited to, any criminal conviction or disciplinary action by a licensing board or professional organization.

I hereby authorize the MRG and its officers, directors, employees, and agents ("the above-designated parties") to review my application, to contact employers and/or references listed on my application, and to determine my eligibility for examination and certification. I agree to cooperate promptly and fully in this review, including submitting any documents or

information deemed necessary to confirm the information in my application. I authorize the above-designated parties to communicate any and all information related to my application, examination, or certification status, and review thereof, including, but not limited to, the outcome of disciplinary proceedings, to state and federal authorities, employers, and others. I have read and I understand the MRG's instructions and policies related to the application and examination process, and I agree to abide by their terms. If any statement made on my

application or hereafter supplied to the MRG is false or inaccurate, or if I violate any other rules or regulations of the MRG, I acknowledge and agree that the penalties for doing so include, but are not limited to: denial of certification, or suspension of, revocation of, or the placement of limitations upon, my certification (if already granted). I agree to indemnify and hold harmless the above-designated parties for any action taken pursuant to the rules and standards of the MRG with regard to this application, the CMDSP® examinations I take, and/or my certification, except claims based upon gross negligence or lack of good faith by the MRG. Should my application be accepted and I am allowed to sit for the CMDSP® examination, I understand that the MRG and/or its testing agents reserve the right to refuse my admission to test if I do not have the proper photo identification, or if I do not report at the appropriate

time. If I am refused admission for any of these reasons or if I fail to appear at the test site as scheduled, I will not receive a refund of the examination fee and there will be no credit transferred to future examinations. I recognize that the proctor(s) at my assigned test site are required to maintain proper and secure test administration conditions (which may include direct observation or closed-circuit cameras), and I will follow their instructions. I will not attempt to communicate in any way with other examinees or any outside parties during the examination. I will not bring any outside materials into the testing site, including reference materials, notes, photographic or communication devices, or calculators with

user-programmable memory capacity. I understand that the content of the CMDSP® certification examination is copyrighted and is the property of the MRG. Exam materials will be provided to me for the sole purpose of testing my competencies for which I seek certification, and I am prohibited from using or possessing examination content for any other purpose or at any other time. I agree not to disclose, publish copy, reproduce, transmit, or distribute exam content, in whole or in part, in any form or by any means, for any purpose without express prior written authorization from MRG. Any unauthorized possession, disclosure, publication, copying, reproduction, transmission, or distribution of CMDSP® exam content or materials in any form is prohibited and may subject me to civil liability and/or criminal prosecution.

The MRG reserves the right to cancel any examination score if, in its professional judgment, there is any reason to question the score's validity. Candidate conduct which warrants score cancellation may include, but is not limited to: consulting study aids of any type during a testing session; copying from notes or from another examinee during a testing session; speaking or otherwise communicating with others during a testing session; copying,

photographing, transcribing, or otherwise reproducing test materials; removing test materials from the examination room; aiding other examinees or receiving aid from anyone else; or having improper access to CMDSP® examination content prior to the examination

administration. Engaging in such misconduct may disqualify me from all future CMDSP® tests and from ever being certified by MRG. Significant score increases upon retesting may also be investigated to ensure the authenticity of results.

Should I be granted CMDSP® certification, I agree that the MRG may release my name and the fact that I have been granted certification. I agree further that the MRG may include my name and contact information in a listing of certified individuals available to the public in print and/or electronic format. I understand and agree that it will be my responsibility to maintain my status by complying with all of the MRG’s certification and re-certification standards and procedures.

I understand that all notices pertaining to the examination, and to any subsequent certification I may earn, will be sent to my email address of record. Certificants are required to keep the MRG informed of updates to their contact information as a requirement of certification. Changes to contact information may be submitted through the MRG’s offices. In no instance

will any contact information (including telephone, e-mail or mailing address), financial information of any type, or any personal information be disclosed other than in verifying certification. I understand that the MRG's primary method of communication with its certificants and members is via email, and that should I opt out, block MRG's email communications, or fail to update my record of changes in email address, that I may not receive critical information concerning my examination, certification, continued education requirements and status, re-certification, and related matters. In such instances, I become solely responsible for contacting the MRG to obtain such information that is critical to maintaining my certification in good standing.

I accept full responsibility for maintaining the CMDSP® credential through re-certification, shall remain current in the field, and shall continuously uphold the Code of Ethics. I acknowledge that "Certified Mobile Device Security Professional" and "CMDSP®" are registered trademarks of the Mobile Resource Group (MRG), and that I am authorized to use these designations only so long as the certification has not expired, been suspended, revoked or voluntarily

relinquished, or converted to the "Inactive" status. I understand that violating the Code of Ethics could lead to suspension or revocation of my CMDSP® certification. I also understand that if my certification lapses or is revoked for any reason, I will no longer be authorized to use the CMDSP® designation.

BY TAKING THE EXAMINATION, YOU ARE AFFIRMING BY YOUR ACTIONS THAT THE MRG HAS YOUR PERMISSION TO CONTACT YOU ON MATTERS RELATING TO YOUR EXAMINATION AND CERTIFICATION, AND YOU UNDERSTAND THE TERMS HEREIN THIS CERTIFICATION AGREEMENT AND YOUR INTENT TO BE BOUND BY THE TERMS AND CONDITIONS SET FORTH ABOVE.

5.

Examination Specifications

To become familiar with the content areas on the examinations, candidates should refer to the examination specifications provided below. Candidates are encouraged to review the

examination specifications to assess their level of knowledge in each of the content areas, and to identify the areas in which they believe they need additional preparation.

CMDSP® Examination Specifications

SECTION 1 Mobile Industry/Hardware Overview 5 Questions

SECTION 2 Mobile Operating Systems 20 Questions

Android iOS 10 Questions

SECTION 3 Mobile Connectivity and Network 20 Questions

Connection/Mobile Device Network 5 Questions Bluetooth/Network Security 5 Questions

Wi-Fi 5 Questions

NFC 5 Questions

SECTION 4 Enterprise Mobility Management Strategy 30 Questions

Enterprise Mobility Management Strategy Overview 8 Questions Mobile Device Management 8 Questions Enterprise Mobile Apps 4 Questions BYOD & COPE 8 Questions Mobile Software Products (EFSS) 2 Questions

TOTAL 75 QUESTIONS

6.

Sample Test Items

The following questions are intended to provide an example of the types of item formats and editorial characteristics that candidates can expect to encounter on the examination. These items are not intended as a self-assessment instrument nor should they be used to predict success or failure on the CMDSP® exam.

1. What is the distinguishing address given to a device that is assigned on a hardware basis?

a) IP Address b) MAC Address c) DNS Record d) Port Number

2. Which android stack level are drivers on? a) Kernel

b) Applications c) ART

d) Libraries

3. Which type of encryption does WPA2 use? a) AES-256

b) CTR c) CBC-MAC d) CCMP

4. Which method extends a private network across a public network for mobile device securities? a) TLS b) VPNFirewall c) Jailbreak Key: b, a, d, b 7.

Suggested References

As a courtesy to individuals interested in taking a certification examination, the MRG has provided a list of suggested reference sources for examination preparation on the CMDSP web site at www.cmdsp.org. Additionally, CMDSP provides a study guide, with payment of the $395 program fee, to offer guidelines on the information and knowledge needed to take the CMDSP test. The MRG/CMDSP does not endorse any specific person, product, resource, or service as a means of preparing for or achieving certification. Candidates are encouraged to plan their own course of study by reviewing the examination specifications, identifying any areas of weakness, and securing the necessary resources to adequately prepare for the examination.

For a list of references please refer to the resources section on the cmdsp website at www.cmdsp.org/resources

8.

Challenges, Scoring and Appeals

The MRG shall provide candidates with an opportunity to provide feedback on its examination content and procedures regarding the technical accuracy of the examination or fairness in the administration of the examination. A candidate who has a concern about administrative procedures at a testing site or who has observed a breach of security or other improper conduct during a test should submit a report in writing to [email protected] within 5 calendar days after taking the examination.

A candidate who has a question or a concern about the reliability, validity, and/or fairness of the test may submit the question or concern in writing to [email protected] no later than 5 calendar days after taking the examination. The MRG will not consider reports about

improper test administration procedures or test content submitted after the 5-day deadline. The CMDSP® examination is a criterion-referenced test. This means that candidates are scored against a fixed standard (the passing score). The final passing score for the CMDSP®

examination has been established by a panel of subject-matter experts who determine the minimally acceptable level of competence for awarding the certification by utilizing acceptable psychometric procedures. The passing score is applied consistently to all test takers.

Candidates are not competing against one another, and grades are not curved. You must achieve the passing score to pass the examination. There are no exceptions.

The MRG reserves the right to cancel any examination score if, in the MRG's judgment, there is any reason to question the score’s validity. Conduct that warrants score cancellation may include, but is not limited to: consulting study aids of any type during a testing session; copying from notes or from another candidate’s answers during a testing session; unauthorized

communication with others during a testing session; copying, photographing, transcribing, or otherwise reproducing or transmitting exam materials; removing exam materials from the testing site; aiding other examinees or receiving aid from anyone else; or having improper access to CMDSP® content prior to the examination administration. Engaging in such misconduct may disqualify the individual from future CMDSP® tests and possibly from ever being certified by the MRG.

Candidates who fail the exam may appeal their results in writing within 30 days of receipt of the score report. The MRG will review the response record and any related facts and the determination will be communicated to the candidate within 30 days. The determination of the MRG shall be final.

9.

Code of Ethics

In addition to satisfying the educational and experiential requirements established above, the CMDSP® Candidate must agree to abide by the Mobile Resource Group Code of Professional Ethics to earn the CMDSP® certification. MRG sets forth this Code of Professional Ethics to guide the professional and personal conduct of its certification holders. CMDSP® certification holders shall:

 Hold paramount the safety and security of the use of Mobile Devices.

 Act for each employer or customer as faithful agents or trustees for Mobile Device Endeav-ours.

 Maintain the highest standard of personal and professional conduct.

 Support the implementation of and encourage compliance with appropriate standards and procedures for the effective management of Mobile Device security policies, projects and technology, including the installation, implementation, control, monitoring and risk man-agement for Mobile IT Programs.

 Perform duties with objectivity, due diligence and professional care, in accordance with professional standards.

 Serve in the interest of stakeholders in a lawful manner, while maintaining high standards of conduct and character, and not discrediting the profession or the CMDSP Certificate.

 Maintain the privacy and confidentiality of information obtained in the course of their ac-tivities unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties.

 Maintain competency in the field of Mobile Device Security and agree to undertake only those activities he/she can reasonably expect to complete with the necessary skills, knowl-edge and competence.

 Provide accurate, truthful information and representations concerning qualifications, expe-rience and performance of work.

 Inform appropriate parties of the results of work performed including the disclosure of all significant facts known to them that, if not disclosed, may distort the reporting of the re-sults.

 Refrain from engaging in activities for inappropriate personal gain at the expense of cus-tomers, his/her company or the profession.

 Be accurate and truthful in all dealings with customers and be careful not to misrepresent the quality, availability or ability of my services.

 Support the professional education of stakeholders in enhancing their understanding of the management of Mobile Devices in the workplace.

 Serve all members of the public impartially, providing no special privilege or substandard service based upon age, race, national origin, color, gender or handicapping condition.

 Cooperate with MRG concerning ethics violations and the collection of related information. Failure to comply with this Code of Professional Ethics can result in an investigation into a certification holder's conduct and, ultimately, in disciplinary measures.

10.

Recertification

After becoming certified, a CMDSP® must recertify for successive 3-year certification cycles. After you become certified by the MRG with a CMDSP, you are required to perform continuing education during each 3-year certification cycle to become recertified. The term "CPE" is an acronym for "Continuing Professional Education" credits. The CPE requirements are intended to ensure members maintain their competencies following initial certification. You may also demonstrate your competence for recertification by retaking the examination. To recertify, a CMDSP® must be a member in "good standing," which is defined as fulfilling one of the two methods to qualify for recertification:

1. Earn the minimum number of Continuing Professional Education (CPE) credits required within each three year certification cycle period (30 type A + 30 type B = 60 total) AND

Pay annual maintenance fees (AMF’s) ($99 per year) AND

Abide by the CMDSP® Code of Ethics

2. Retake and pass the Certification examination every three years (outstanding AMFs and late fees must be paid in advance of registration to retake the exam).

AND

Pay annual maintenance fees (AMFs) ($99 per year) AND

Abide by the CMDSP® Code of Ethics

Type A Credits - Direct Mobile Device Technical Management Activities. Type A credits are earned for completion of activities which relate directly to the Mobile IT management profession. Generally, this consists of educational activities directly focused on the areas covered by the 4 domains of the CMDSP® examination specifications (see candidate information brochure).

Type B Credits - Professional Skills Activities. Type B credits are given for completion of activities which enhance the credential holder's overall professional skills, education, knowledge or competency. These educational activities include professional development efforts, such as professional speaking engagements, taking management courses, self-improvement courses, seminars, etc. While these do not apply directly to the field of security project management, the MRG recognizes these skills are vital for the growth of all professional managers.

11. Application Form

Step #1: Enter Applicant Contact Information

First Name Middle Name Last Name Street Address

City State / Province Zip / Postal Code √ One Only: [ ] Home Address [ ] Office Address

Company Name:

Preferred Contact Method (√ One):

[ ] Home Phone [ ] Office Phone [ ] Cell [ ] Email Home Phone: Office Phone: Cell Phone: Primary Email:

Fax #: Alternate Email: Step #2: Enter Examination Specific Information

√ One Only: [ ] First-Time Test Taker [ ] Re-certifying [ ] Re-Take Candidate – Enter Attempt #: [ ] √ If Applicable

[ ] I have a physical or other disability that may require special Accommodations (please refer to the Candidate Information Brochure for complete policy on special arrangements.)

Step #3: Establish Applicant Eligibility

Examination To be eligible for the CMDSP® examination, a candidate must have a minimum of 3 years of experience in Education, Other Certifications, or Other Information Security Training, all in relation to managing mobile devices within an enterprise.

Requirement Candidates must have 5 years of experiences with mobile devices_{ 4 of the 5 years waived with a college degree in a relevant technical} discipline

◦ Last year waived with relevant master's degree Candidates must also have specific domain knowledge in:

 Mobile Hardware Knowledge

 Mobile Operating System Knowledge

 Mobile Connectivity Knowledge

 Job Experience Managing Mobile Devices

I attest that I meet the above requirements, either [ ] √ To Verify directly or through the above substitutions, and

acknowledge I may be contacted for supporting evidence including, but not limited to, educational transcripts and workplace references.

* Must be accredited by one of the six regional accreditation bodies recognized and listed by the U.S. Department of Education and the Council for Higher Education Accreditation (CHEA).

Step #4 Required experience/knowledge

Total of 5 years of experience with mobile devices

 4 of the 5 years waived with a college degree in a technical discipline ◦ Last year waived with relevant master's degree

Describe above experience

Mobile Hardware Knowledge

Different devices have different features on their hardware. Some are equipped with cameras while others are equipped with sensors. CMDSP candidates must have a strong understanding of the different types of existing mobile devices and be able to distinguish between each device’s hardware features. They must demonstrate how differences in design can lead to different security risks and problems.

Describe above domain

knowledge

Mobile Operating System Knowledge

The operating systems act as the core of mobile devices’ function. It is crucial for a mobile device security professional to understand the different components that make up the operating system, what kind of operating systems each mobile device uses, and the code used to enable Mobile Apps residing on the phone to perform app functions. He/She must also know the vulnerabilities that exist within the

operating system, and how these vulnerabilities can be exploited. The CMDSP exam will test candidates’ knowledge of the OS, particularly for the two most popular systems: the iOS and Android.

Describe above domain

knowledge

Mobile Connectivity Knowledge

This domain will cover the ways that devices communicate with other mobile devices, computers, and the wider Internet. It will also cover data connections with cloud environments, cellular data, Wi-Fi,

Bluetooth, and other networking tools. An understanding of each network system and its architecture is a bedrock fundamental to a CMDSP.

Describe above domain

knowledge

Job Experience Managing Mobile Devices

Mobile IT management within Organizations. Managing mobile devices in an enterprise setting is important. This domain covers knowledge of how to securely manage and utilize fleets of employee devices in an enterprise. This includes policies such as “bring your own device,” and other common ways and means of how mobile devices are used among enterprises. Any Mobile Strategy initiatives within an organization to help make an organization more mobile or better utilize mobile computing devices for business purposes is pertinent. CMDSP candidates should know which strategies and policies to implement in particular settings to protect and manage enterprise operations and data.

Describe above domain

knowledge

Step #5: Pay $395.00 (USD) CMDSP® Application/Program Fee Payment Method:

If Credit Card Please Tick Credit Card AND Card Type

[ ] Check

Checks Payable to:

PaRaBaL ATTN: CMDSP

8 Market Place, Suite 402 Baltimore, MD 21202

[ ] Credit Card

[ ] Visa (13 or 16 digits) [ ] MasterCard (16 digits) [ ] AMEX (15 Digits) Enter Credit Card #:

Exp Date (MMYY): Security Code: Name On Card: Authorized Signature:

Discount Code:

If Applicable

Billing Address

Step #6 Execute Legally Binding Affidavit Requirement

Affidavit By applying for CMDSP™ certification and this portfolio assessment, I hereby affirm that I understand, acknowledge, and agree to abide to the policies,

procedures, and rules governing the certification and published on the cmdsp.org web site. I agree that I meet each requirement set forth and have completely, honestly, and accurately completed this form to the best of my knowledge. The Mobile Resources Group (MRG) may, a t its sole discretion, inquire of individuals and organizations directly or indirectly referenced in any part of this application to verify the accuracy and completeness of this information provided. I further agree to cooperate in any such investigation b y the MRG regarding the information that I have provided. I understand that providing any fraudulent information, failing to completely or accurately disclose facts known to me, or failing to cooperate in any inquiry by MRG into the information I have provided, will result in the MRG’s refusal to issue my certification or a revocation of my certificate (if already awarded), and I will be forever barred from attaining an MRG credential.

I fully understand that my application is subject to potential audit, and I pledge my full cooperation should my application be selected for an audit of my assertions regarding professional qualifications, experience, or qualifying activities.

Any action arising out of the application, the examination, or the certificate must be brought in the Circuit Court of Baltimore County, Maryland, USA, and shall be governed by the laws of the State of Maryland.

[ ] I HAVE READ AND UNDERSTAND THE LEGALLY BINDING STATEMENTS OF CMDSP'S AFFIDAVIT.