How to prepare for the CISSP

The CISSP is a valuable certification, but it takes a lot more than just your many years of experience to prepare for it. You will likely have to learn about a lot of technology and processes that you’ve never worked with, some of it not especially current and all of it a lot less vendor-specific than you’ve ever imagined.

By  

If you’ve decided to pit your information security knowledge against the CISSP exam, it’s a good idea to first step back and assess your preparedness. Even if you’re an ace security manager, you might discover that there are huge gaps in what you know about this increasingly important field. Having just taken a prep course, I understand that my experiences as a programmer, Unix systems administrator and information security manager – several decades of it – isn’t enough to make me a shoe-in for this highly prized certification. Instead, I have to learn about a lot of technology that has never fallen within my range of responsibilities. This includes such things as fire extinguishers, old encryption algorithms and legal code that applies to both security and privacy. Normally, if ever I need to remember something like which RAID level is which, I simply look it up. For the exam, I will have to remember which is which – even RAID levels like 3 and 4. And I have to quickly able to decipher which security controls are preventative, which are detective and which are corrective.

Fortunately, I was able to take a superb “boot camp”, offered through the University of Texas at San Antonio, which went through all ten of the “domains” that the exam covers. These include (from the isc2.org site):

  • Access Control – a collection of mechanisms that work together to create security architecture to protect the assets of the information system.
  • Telecommunications and Network Security – discusses network structures, transmission methods, transport formats and security measures used to provide availability, integrity and confidentiality.
  • Information Security Governance and Risk Management – the identification of an organization’s information assets and the development, documentation and implementation of policies, standards, procedures and guidelines.
  • Software Development Security – refers to the controls that are included within systems and applications software and the steps used in their development.
  • Cryptography – the principles, means and methods of disguising information to ensure its integrity, confidentiality and authenticity.
  • Security Architecture and Design – contains the concepts, principles, structures and standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity and availability.
  • Operations Security – used to identify the controls over hardware, media and the operators with access privileges to any of these resources.
  • Business Continuity and Disaster Recovery Planning – addresses the preservation of the business in the face of major disruptions to normal business operations.
Photo Credit: 

Sandra H-S

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness