This blog was created to gather all the information about the certification CISSP, a certification for information security practitioners.
My idea is to collect all the information on this study guide, and use it to help myself prepare for the exam. Here you will find:
* tips to certification;
* exam info;
* summaries of the 10 CBK domains (in each post I’ll describe the reference used);
I’m not an English native so you'll probably that you find some error, so please excuse me, more than anything else I hope you could find some information that helps you to achieve your goal.
Enjoy it.
Leandro Bennaton
Certifications Options
I was looking for a security certification; the first step was to search for the options available, and then to find one that is recognized by the market. I found three good options CISSP, CEH and CISM and must choose one.
Certification ROI (Return on investment)
I found a site with all the information that I needed to make my decision. It was based on career advancement, industry demand and return on investment (ROI).
The table below displays some points on each certification:
http://www.cramsession.com/certifications/compare-certifications.asp?cert_ids=57&cert_ids=112&cert_ids=128&submit=GO
The organization
The International Information Systems Security Certification Consortium, Inc. [(ISC)²], was founded in 1989. A non-profit organization (NPO) incorporated under the laws of the Commonwealth of Massachusetts and the U.S. Internal Revenue Code. As such, all credential holders in good standing are considered members of (ISC)² and are charged with the responsibility for maintaining the (ISC)² CBK®, a compendium of industry best practices for information security, including those for CISSPs, SSCPs, and CAPs. The CBK is a critical component for certifying the minimum acceptable competence for professionals seeking to hold various credentials. (ISC)² also provides the information security community with educational seminars, examinations and related services. In addition, (ISC)² acts to safeguard certification standards, and participates in information security conferences, etc., as some of its more important activities.
The organization manages the CISSP (Certified Information Systems Security Professional) vendor-neutral certification. This advanced-level certification is meant for IT security professionals
How to get certified
To become a CISSP, a candidate must successfully complete two separate processes: Examination and Certification.
Examination
To sit for the CISSP examination, a candidate must:
* Submit the examination fee.
* Assert that he or she possesses a minimum of four years of professional experience in the information security field or three years plus a college degree. Additionally, a Master's Degree in Information Security from a National Center of Excellence can substitute for one year toward the four-year requirement.
* Complete the Candidate Agreement, attesting to the truth of his or her assertions regarding professional experience and legally commit to adhere to the CISSP Code of Ethics.
* Successfully answer four questions regarding criminal history and related background.
Certification
To be issued a certificate, a candidate must:
* Pass the CISSP exam with a scaled score of 700 points or greater.
* Submit a properly completed and executed Endorsement Form.
* Successfully pass an audit of their assertions regarding professional experience, if the candidate is selected for audit.
Endorsement
Once a candidate has been notified that they have successfully passed the CISSP examination, he or she will be required to have his or her application endorsed by a CISSP before the credential can be awarded. If a CISSP is not available, another qualified professional with knowledge of information systems or an officer of the candidate's corporation can validate the candidate's professional experience.
The endorser attests that the candidate's assertions regarding professional experience are true to the best of their knowledge, and that the candidate is in good standing within the information security industry.
Audit
A percentage of the candidates who pass the CISSP examination and submit endorsements will be randomly subjected to audit and required to submit a resume for formal review and investigation.
https://www.isc2.org/cgi-bin/content.cgi?category=539
CISSP Code of Ethics
There are only four mandatory canons in the code. By necessity, such high-level guidance is not intended to be a substitute for the ethical judgment of the professional.
Code of Ethics Canons:
* Protect society, the commonwealth, and the infrastructure.
* Act honorably, honestly, justly, responsibly, and legally.
* Provide diligent and competent service to principals.
* Advance and protect the profession.
Related Jobs
The CISSP certification is well suited to IT professionals, who aim to be IS (Information Security) professionals, network security professionals, or system security professionals. The CISSP® designation is achieved by passing one exam.
The Exam
The CISSP Certification examination consists of 250 multiple-choice questions (25 are test questions and don’t count in the final score) the pass score for this exam is a scaled score of 700 points or greater. Candidates have up to 6 hours to complete the examination.
The exam is an extremely advanced exam to achieve “mastery of an international standard for information security and understanding of a Common Body of Knowledge (CBK®).”
There are two different fees to the examination:
US$ 499 - Early Registration, received 16 days prior to the exam date.
US$ 599 - Standard Registration, received less than 16 days from exam date.
* Cancellation/Refund/Reschedule Fees - $100
CBK - Common Body of Knowledge
The topics covered by this exam come from the CISSP Common Body of Knowledge (CBK®) and include:
* Access Control Systems & Methodology
* Applications & Systems Development
* Business Continuity & Disaster Recovery Planning
* Cryptography
* Law, Investigation & Ethics
* Operations Security (Computer)
* Physical Security
* Security Architecture & Models
* Security Management Practices
* Telecommunications & Network Security
Within this Common Body of Knowledge (CBK®), (ISC)2® will ask a series of very challenging questions involving particular points extracted from the published information. While the material itself is not considered to be overly complex, the actual amount of information on the exam can be slightly intimidating to users new to the security field.
Result
by Harold F. Tipton, Kevin Henry
