INFORMATION SECURITY CAREER ADVISOR
Security certification: CISSP
Ed Tittel
11.02.2000
Rating: -4.22- (out of 5)
The International Information Systems Security Certifications Consortium, more popularly known as "ISC-squared" (IISSCC, get it?), represents a mix of businesses and organizations that vary from government, to academia, to the computing industry and beyond. Right now, this organization offers what is probably the best-known security certification available in today's marketplace. It's called the CISSP, which stands for Certified Information Systems Security Professional.
The CISSP is designed to do for security professionals what other licenses like the CPA do for accountants -- namely, to warrant that they understand the
general principles that dictate professional behavior, and that they know how to apply a specific body of knowledge to a well-understood area of technical
activity. In theory, CISSPs know how to handle security matters ranging from
physical security to security policies to software security. In practice, CISSPs must master a sufficiently large body of knowledge to pass a 250-question exam that covers ten important and specific areas of security:
Access control
Computer operations security
Cryptography
Application program security
Risk management and business continuity planning
Communications security
Computer architecture and systems security
Physical security
Policy, standards and organization
Law, investigations and ethics
The CISSP exam has the reputation of being fairly difficult, lasting for six hours and costing $395. And obtaining a CISSP is not a lifetime achievement, either -- CISSPs must rack up 120 continuing professional education (CPE) credits every three years thereafter to stay certified. Eighty CPEs must come from courses or other activities directly related to computer security topics, while the remaining 40 can come from any educational activities for which CPEs are reported. The idea is to keep up one's skills and knowledge base and to continue learning new topics and technologies. For those who can't meet this requirement, they must pass the CISSP exam every three years to stay certified.
At the end of 1998, ICS-squared reports that there were 1,500 CISSPs worldwide. Although they don't publish any more recent numbers, that number has probably doubled since then. Although this is a small population as most vendor certification programs go, it represents one of the largest bodies of certified security professionals in the world at present.
Given all this heady information, why might you want to consider becoming a
CISSP? Right now, according to the International Computer Security Association
(ICSA) there are 13 jobs in the U.S. for every security professional. Demand
around the world is increasing, and the security area is rife with all kinds of
opportunities -- for consulting, for outsourcing and for full-time positions.
Many certification experts (including yours truly) expect security certifications to be among the biggest growth areas in IT in this decade. To
repeat a time-honored phrase: "There's gold in them thar hills!"
As more and more organizations use their networks for mission critical
applications, and more of those networks get hooked up to the Internet, there
are boundless opportunities for those who know how to help those organizations
practice safe computing. Although it's a serious responsibility to manage
somebody's network and computer security, it's also interesting work amidst a
constantly changing and highly technical landscape. If you ever dreamt of being
a fireman or a cop as a kid, here's a way to exercise some of those do-gooder
impulses, and make a good living, all at the same time!
To obtain more information about the CISSP exam you must contact the ICS-squared in writing, by phone, or by e-mail at:
(ISC)2 Services
P.O. Box 1117
Dunedin, FL 34697 USA
Phone: 727.738.8657 or 727.738.9548
Toll Free: 888.333.4458 (North America only)
Fax: 727.738.8522
E-mail: service@isc2.org
Good luck with your certifications! Stay tuned to my tips for the next few
months, as I cover other security certifications that may also be of interest.
About the author
Ed Tittel writes books on a variety of computing subjects and teaches Windows security classes for Interop, the Internet Security Conference and Austin Community College. Contact Ed via e-mail at etittel@lanw.com.
Related Book
CISSP all-in-one certification exam guide
By Shon Harris
Summary:
This resource fully covers all exam objectives -- as developed by the International Information Systems Security Certification Consortium -- and offers essential information on IT security. Each chapter contains practice questions, sidebars with technical discussions, real-world examples and test-taking tips. You'll also get valuable information on current trends in security, disaster recovery and the benefits of obtaining this highly-coveted and advanced security certification.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
