Preparing for the CISSP exam, Part 1
A reader and colleague recently asked me a few questions about the Certified Information Systems Security Professional exam, and I thought readers might benefit from the interchange.
N. Todd Pritsky (see http://www.pritsky.net) is one of the authors collaborating in the preparation of "The Computer Security Handbook, Fourth Edition," edited by Sy Bosworth and me. It will be published this year by Wiley.
In this first segment of a three-part series, I look at the exam.
Pritsky asked:
" How does the CISSP compare to the [Systems Security Certified Practitioner] in terms of the exam itself and the relative weight/importance of the certification? "
Both are useful stages in professional development. Visit the International Information Systems Security Certification Consortium (ISC)² Web site -- http://www.isc2.org/ -- where you will find a wealth of material about the CISSP and the SSCP.
The SSCP is more hands-on and limited to technical issues. According to the description at https://www.isc2.org/sscp_examover.html: "The International Information Systems Security Certification Consortium, or (ISC)², working with a professional testing service, has developed a certification examination based on the SSCP Common Body of Knowledge (CBK). Candidates have up to 3 hours to complete the examination… which consists of multiple-choice questions that address the seven topical test domains of the CBK. The information systems security test domains are:
* Access Control.
* Administration.
* Audit and Monitoring.
* Risk, Response, and Recovery.
* Cryptography.
* Data Communications.
* Malicious Code."
In contrast, the CISSP is deliberately designed to cover a wide range of topics that distinguish information security experts from other kinds of IT experts. As described at https://www.isc2.org/cissp_examover.html: "Candidates have up to 6 hours to complete the examination… which consists of 250 multiple-choice questions that address the [10] topical test domains of the CBK. The information systems security test domains are:
* Access Control Systems & Methodology.
* {Computer} Operations Security.
* Cryptography.
* Application & Systems Development.
* Business Continuity & Disaster Recovery Planning.
* Telecommunications & Network Security.
* Security Architecture & Models.
* Physical Security.
* Security Management Practices.
* Law, Investigations & Ethics."
Pritsky also asked:
"What can you tell me about the exam itself? A lot of questions? Evenly distributed amongst the 10 domains? Multiple choice? Hands-on? I don't really know what to expect."
CISSPs and all who take the exam are under nondisclosure agreement not to divulge the detailed content. See sample questions on the (ISC)² Web site.
In the next segment of this three-part series, I will look at useful reading for future CISSPs.
» posted by ITworld staff
Network World
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
