Friday, November 6, 2009

What is the CISSP security certification about?

Several of you have asked me about my CISSP status. There have been questions such as:

  • What is it?
  • Is it useful?
  • Was it hard to obtain?
  • Once you get it, are you done?

To start, CISSP stands for "Certified Information Systems Security Professional". It is a certification granted by the (ISC)2 (ISC squared) international organization. You can find out more about (ISC)2 at their website.

As for the question of usefulness... I think it is a very useful certification. (ISC)2 defined (and continues to update) a Common Body of Knowledge (CBK) which professionals like yours truly can use to communicate effectively on matters of Information Security.

It was not easy to obtain my CISSP, but I'm not certain I would say it was hard either. The exam was allocated five hours for completion. Many of the questions required "the best" answer of several correct answers, given a particular situation. I took four hours to complete my exam. Any one thing that I sit down to do, which takes four hours, immediately loses the ability to be called "easy". I went to an exam preparation intensive course, and purchased three books to assist in taking the exam.

The ten domains of the CBK that I was tested on included:

  • Access Control Systems and Methodology
  • Application and Systems Development Security
  • Business Continuity Planning and Disaster Recovery Planning
  • Cryptography
  • Law, Investigation, and Ethics
  • Operations Security
  • Physical Security
  • Security Architecture and Models
  • Security Management Practices
  • Telecommunications and Networking Security

The above really are Information Security in a nutshell. However - that is a very large nut.

Regarding the question of being done after the test, the answer is "no". Becoming a CISSP is really the entrance into a community or society of Information Security Professionals. Each CISSP must adhere to an Ethics Policy as well as submit information concerning their ongoing education and experience within the CBK domains.

I think if anyone would say that obtaining the CISSP certification status is "hard", it would be due to the sheer broad expanse of the topics that must be studied to be prepared for whatever the exam may choose to throw at you. There is a lot of information to be assimilated. If anyone has any particular questions about the CISSP, I'd be happy to help out where I can.
Posted by at

1 comment:

  1. jane hollyAugust 25, 2020 at 10:47 AM

    This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:

    -Phone hacks (remotely)
    -Credit repair
    -Bitcoin recovery (any cryptocurrency)
    -Make money from home (USA only)
    -Social media hacks
    -Website hacks
    -Erase criminal records (USA & Canada only)
    -Grade change
    -funds recovery

    Email: onlineghosthacker247@ gmail .com

    ReplyDelete

Subscribe to: Post Comments (Atom)