CISSP
|
|
CISSP stands for Certified Information Systems Security Professional, which is a vendor-neutral certification governed by the International Information Systems Security Certification Consortium (ISC2). It is considered one of the premiere security certifications.
Earning a CISSP certification requires 4 years of security related business experience, or 3 years of experience plus a college degree or 2 years plus a Bachelor's Degree and a Master's Degree in Information Security. There is also an Associate of the ISC2 Certification which certifies that the recipient has passed the test but has not yet gained the degree or time requirement for full CISSP certification.
The certification test consists of 250 questions to be answered over six hours. The CISSP test includes information evenly selected from 10 different domains which comprise the Common Body of Knowledge.
The CISSP has been described as covering Information Security topics "A mile wide, and an inch deep." The certification demonstrates a wide range of expertise in a variety of topics as listed below. Individuals in security systems management may be more interested in obtaining the CISSP to demonstrate their "been there, done that" experience. Those that wish to be considered for more technically focused positions may be more interested in the GIAC or other SANS sponsored certifications.
The Common Body of Knowledge includes:
- Access Control Systems & Methodology
- Applications & Systems Development
- Business Continuity Planning & Disaster Recovery
- Cryptography
- Law, Investigation & Ethics
- Operations Security
- Physical Security
- Security Architecture & Models
- Security Management Practices
- Telecommunications, Network & Internet Security
External Links
- ISC2 (https://www.isc2.org/cgi-bin/index.cgi)
- CCCure (http://cccure.org)
- ISC2 Definition of a Professional (https://www.isc2.org/cgi-bin/content.cgi?page=167)