Friday, November 6, 2009

What is the CISSP security certification about?

Several of you have asked me about my CISSP status. There have been questions such as:

  • What is it?
  • Is it useful?
  • Was it hard to obtain?
  • Once you get it, are you done?

To start, CISSP stands for "Certified Information Systems Security Professional". It is a certification granted by the (ISC)2 (ISC squared) international organization. You can find out more about (ISC)2 at their website.

As for the question of usefulness... I think it is a very useful certification. (ISC)2 defined (and continues to update) a Common Body of Knowledge (CBK) which professionals like yours truly can use to communicate effectively on matters of Information Security.

It was not easy to obtain my CISSP, but I'm not certain I would say it was hard either. The exam was allocated five hours for completion. Many of the questions required "the best" answer of several correct answers, given a particular situation. I took four hours to complete my exam. Any one thing that I sit down to do, which takes four hours, immediately loses the ability to be called "easy". I went to an exam preparation intensive course, and purchased three books to assist in taking the exam.

The ten domains of the CBK that I was tested on included:

  • Access Control Systems and Methodology
  • Application and Systems Development Security
  • Business Continuity Planning and Disaster Recovery Planning
  • Cryptography
  • Law, Investigation, and Ethics
  • Operations Security
  • Physical Security
  • Security Architecture and Models
  • Security Management Practices
  • Telecommunications and Networking Security

The above really are Information Security in a nutshell. However - that is a very large nut.

Regarding the question of being done after the test, the answer is "no". Becoming a CISSP is really the entrance into a community or society of Information Security Professionals. Each CISSP must adhere to an Ethics Policy as well as submit information concerning their ongoing education and experience within the CBK domains.

I think if anyone would say that obtaining the CISSP certification status is "hard", it would be due to the sheer broad expanse of the topics that must be studied to be prepared for whatever the exam may choose to throw at you. There is a lot of information to be assimilated. If anyone has any particular questions about the CISSP, I'd be happy to help out where I can.

No comments:

Post a Comment