A reader and colleague recently asked me a few questions about the Certified Information Systems Security Professional exam, and I thought readers might benefit from the interchange.

Mr. Pritsky (see http://www.pritsky.net) is one of the authors collaborating in the preparation of "The Computer Security Handbook, Fourth Edition," edited by Sy Bosworth and me. It will be published in 2001 by Wiley. In the second of this three-part series, I review some sources of regular INFOSEC news.

N. Todd Pritsky asked:

"What's the best way to go about preparing for the exam?"

Read a lot. Or at least, read:

Tipton, H. F. & M. Krause (2000), eds. "Information Security Management

Handbook," 4th edition. Auerbach (Boca Raton, FL). ISBN 0-8493-9829-0. xiii

+ 711. Index.

Hal Tipton and Micki Krause are devoted founders and supporters of The International Information Systems Security Certification Consortium (ISC)², and their books are deliberately organized to support professionals working towards the CISSP.

There are also independent (i.e., unofficial) study guides; the latest, scheduled for publication in August 2001, is:

Krutz, R. & R. D. Vines (2001). "The CISSP Prep Guide: Mastering the Ten Domains of Computer Security." John Wiley & Sons (New York). ISBN 0-4714-1356-9 512. Index.

The (ISC)² itself offers common body of knowledge review seminars for both the CISSP and the SSCP; there are schedules posted on the Web site. In addition, there are a number of independent courses available which claim to be tied to the CBK and preparation for the CISSP exam.

Read security newsletters.

In the last of this three-part series, I review some useful conferences for aspiring CISSPs.

» posted by ITworld staff

Network World

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine