The International Information Systems Security Certifications Consortium, more popularly known as "ISC-squared" (IISSCC, get it?), represents a mix of businesses and organizations that vary from government, to academia, to the computing industry and beyond. Right now, this organization offers what is probably the best-known security certification available in today's marketplace. It's called the CISSP, which stands for Certified Information Systems Security Professional.

The CISSP is designed to do for security professionals what other licenses like the CPA do for accountants -- namely, to warrant that they understand the general principles that dictate professional behavior, and that they know how to apply a specific body of knowledge to a well-understood area of technical activity. In theory, CISSPs know how to handle security matters ranging from physical security to security policies to software security. In practice, CISSPs must master a sufficiently large body of knowledge to pass a 250-question exam that covers ten important and specific areas of security:

  • Access control
  • Computer operations security
  • Cryptography
  • Application program security
  • Risk management and business continuity planning
  • Communications security
  • Computer architecture and systems security
  • Physical security
  • Policy, standards and organization
  • Law, investigations and ethics

    The CISSP exam has the reputation of being fairly difficult, lasting

    • Requires Free Membership to View

    • for six hours and costing $395. And obtaining a CISSP is not a lifetime achievement, either -- CISSPs must rack up 120 continuing professional education (CPE) credits every three years thereafter to stay certified. Eighty CPEs must come from courses or other activities directly related to computer security topics, while the remaining 40 can come from any educational activities for which CPEs are reported. The idea is to keep up one's skills and knowledge base and to continue learning new topics and technologies. For those who can't meet this requirement, they must pass the CISSP exam every three years to stay certified.

      At the end of 1998, ICS-squared reports that there were 1,500 CISSPs worldwide. Although they don't publish any more recent numbers, that number has probably doubled since then. Although this is a small population as most vendor certification programs go, it represents one of the largest bodies of certified security professionals in the world at present.

      Given all this heady information, why might you want to consider becoming a CISSP? Right now, according to the International Computer Security Association (ICSA) there are 13 jobs in the U.S. for every security professional. Demand around the world is increasing, and the security area is rife with all kinds of opportunities -- for consulting, for outsourcing and for full-time positions. Many certification experts (including yours truly) expect security certifications to be among the biggest growth areas in IT in this decade. To repeat a time-honored phrase: "There's gold in them thar hills!"

      As more and more organizations use their networks for mission critical applications, and more of those networks get hooked up to the Internet, there are boundless opportunities for those who know how to help those organizations practice safe computing. Although it's a serious responsibility to manage somebody's network and computer security, it's also interesting work amidst a constantly changing and highly technical landscape. If you ever dreamt of being a fireman or a cop as a kid, here's a way to exercise some of those do-gooder impulses, and make a good living, all at the same time!

      To obtain more information about the CISSP exam you must contact the ICS-squared in writing, by phone, or by e-mail at:

      (ISC)2 Services

      P.O. Box 1117

      Dunedin, FL 34697 USA

      Phone: 727.738.8657 or 727.738.9548
      Toll Free: 888.333.4458 (North America only)
      Fax: 727.738.8522
      E-mail: service@isc2.org

      Good luck with your certifications! Stay tuned to my tips for the next few months, as I cover other security certifications that may also be of interest.

      About the author
      Ed Tittel writes books on a variety of computing subjects and teaches Windows security classes for Interop, the Internet Security Conference and Austin Community College. Contact Ed via e-mail at etittel@lanw.com.


    Related Book

    CISSP all-in-one certification exam guide
    By Shon Harris
    Summary:
    This resource fully covers all exam objectives -- as developed by the International Information Systems Security Certification Consortium -- and offers essential information on IT security. Each chapter contains practice questions, sidebars with technical discussions, real-world examples and test-taking tips. You'll also get valuable information on current trends in security, disaster recovery and the benefits of obtaining this highly-coveted and advanced security certification.


    This was first published in November 2000

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.