Abstract image of a woman sitting on books and studying on a laptop

CISSP-WEB

M
MEHMET FATIH YALDIZ

The document provides information about the Certified Information Systems Security Professional (CISSP) certification. It discusses how the CISSP certification demonstrates that individuals have the necessary skills and experience to build and manage security for organizations. It also outlines the requirements to obtain the CISSP certification, including having 5 years of relevant work experience in 2 or more security domains or 4 years with a degree, passing the exam, completing the endorsement process, and maintaining the certification through ongoing training requirements.

1 of 6
Download to read offline
1
2
3
4
5
6
The Next Generation of Security Leaders Certified Information Systems Security Professional (CISSP®) is the most globally recognized certification in the information security market. Required by some of the world’s most security- conscious organizations, the CISSP is considered the gold standard credential that assures information security leaders possess the breadth of knowledge, skills and experience required to credibly build and manage the security posture of an organization. Backed by (ISC)2® , the global leader in information security certifications, CISSPs have earned their place as trusted advisors. Their expertise plays a critical role in helping organizations integrate stronger security protocols and protect against threats in an increasingly complex cyber security landscape. CISSP was the first credential in the field of information to meet the stringent requirements of ISO/IEC Standard 17024.Not only is the CISSP an objective measure of excellence,but also a globally recognized standard of achievement. The CISSP HelpsYou: • Demonstrate your ability to effectively define the architecture, design, management and controls that assure the security of business environments. • Validate your experience, skills and commitment as an information security professional. • Advance your career with the most globally recognized information security certification in the industry. • Affirm your commitment to continued competence in the most current information security practices through (ISC)2 ’s Continuing Professional Education (CPE) requirement. • Fulfill government and organization requirements for information security certification mandates. The CISSP Helps Employers: • Increase credibility of the organization when working with vendors and contractors. • Position candidates on a level playing field as the CISSP is internationally recognized. • Ensure their employees use a universal language, circumventing ambiguity with industry-accepted terms and practices. • Increase confidence that job candidates and employees possess the knowledge and experience to do the job right. • Increase confidence that information security personnel are current and capable through CISSP’s CPE credits requirement. • Confirm their employee’s commitment and years of experience gained in the industry. WHY BECOME A CISSP CISSP in the News “Today’s Most In-Demand Certifications” - Certification Magazine “The top five in-demand IT certifications for 2013” - TechRepublic “The Most In-Demand Certifications in IT for 2013” - IT Strategy News “The CISSP certification I got after attending the official (ISC)2 [review] seminar greatly added to my competitive edge and, as a result, I won my current position. I am now making the (ISC)2 certification a requirement for the members of my team, confident in the knowledge that their skills are genuine and current.” Daniel, CISSP The Netherlands “Obtaining the CISSP certification opened up doors I thought inviolable. My career - both professional and academic - grew dramatically!” Claudi, CISSP, CIA, CISA, CISM Italy CISSP INSIGHTS 1
WHO SHOULD BECOME A CISSP CISSP candidates must have a minimum of five years of cumulative paid full-time professional security work experience in two or more of the ten domains of the (ISC)2® CISSP CBK® , or four years of cumulative paid full- time professional security work experience in two or more of the ten domains of the CISSP CBK with a college degree.Alternatively, there is a one-year waiver of the professional experience requirement for holding an additional credential on the (ISC)2 approved list. Associate of (ISC)2 You don’t have to spend years in the field to demonstrate your competence in information security. Become an Associate of (ISC)2 , and you’re already part of a reputable and credible organization, earning recognition from employers and peers for the industry knowledge you’ve already gained. Participation Requirements Associate of (ISC)2 status is available to those knowledgeable in key areas of industry concepts but lacking the work experience. As a candidate, you may successfully pass the CISSP examination and subscribe to the (ISC)2 Code of Ethics, however to earn the CISSP credential you will have to acquire the necessary years of professional experience required, provide proof and be endorsed by a member of (ISC)2 in good standing.If you are working towards this credential,you will have a maximum of six years from your exam pass date to acquire the necessary five years of professional experience.An Annual Maintenance Fee (AMF) of US$35 applies and 20 Continuing Professional Education (CPE) credits must be earned each year to remain in good standing. For more information on how you can become an Associate of (ISC)2 , visit www.isc2.org/associate. CISSP Concentrations After the original conception of the CISSP, and the continuous evolution of information security, (ISC)2 discovered a need to develop credentials which address the specific needs of our members. With this in mind, we produced our CISSP Concentrations to provide a career path that would open up new opportunities for our CISSP credential holders. Specifically, these credentials allow for more demanding roles in larger enterprises and recognize the specialized talents of CISSPs. • Information Systems Security Architecture Professional (CISSP-ISSAP® ) • Information Systems Security Engineering Professional (CISSP-ISSEP® ) • Information Systems Security Management Professional (CISSP-ISSMP® ) To qualify for the CISSP-ISSAP, CISSP-ISSEP or the CISSP-ISSMP, a CISSP must maintain their credential in good standing and pass the appropriate concentration examination. Each of the three concentrations has its own CBK Domains. For more information, visit www.isc2.org/concentrations. o Security Consultant o Security Analyst o Security Manager o Security Systems Engineer o IT Director/Manager o Chief Information Security Officer o Security Auditor o Director of Security o Security Architect o Network Architect ENGAGE WHILE OBTAINING EXPERIENCE ADVANCE BEYOND THE CISSP CISSP® credential holders often hold job functions including: 2
The CISSP CBK consists of the following ten domains: • Access Control – a collection of mechanisms that work together to create a security architecture to protect the assets of the information system. • Concepts/methodologies/techniques • Effectiveness • Attacks • Telecommunications and Network Security – discusses network structures, transmission methods, transport formats and security measures used to provide availability, integrity and confidentiality. • Network architecture and design • Communication channels • Network components • Network attacks • Information Security Governance and Risk Management – the identification of an organization’s information assets and the development, documentation and implementation of policies, standards, procedures and guidelines. • Security governance and policy • Information classification/ownership • Contractual agreements and procurement processes • Risk management concepts • Personnel security • Security education, training and awareness • Certification and accreditation • Software Development Security – refers to the controls that are included within systems and applications software and the steps used in their development. • Systems development life cycle (SDLC) • Application environment and security controls • Effectiveness of application security • Cryptography – the principles, means and methods of disguising information to ensure its integrity, confidentiality and authenticity. • Encryption concepts • Digital signatures • Cryptanalytic attacks • Public Key Infrastructure (PKI) • Information hiding alternatives • Security Architecture and Design – contains the concepts, principles, structures and standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity and availability. • Fundamental concepts of security models • Capabilities of information systems (e.g. memory protection, virtualization) • Countermeasure principles • Vulnerabilities and threats (e.g. cloud computing, aggregation, data flow control) • Operations Security – used to identify the controls over hardware, media and the operators with access privileges to any of these resources. • Resource protection • Incident response • Attack prevention and response • Patch and vulnerability management • Business Continuity and Disaster Recovery Planning – addresses the preservation of the business in the face of major disruptions to normal business operations. • Business impact analysis • Recovery strategy • Disaster recovery process • Provide training • Legal, Regulations, Investigations and Compliance – addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed and methods to gather evidence. • Physical (Environmental) Security – addresses the threats, vulnerabilities and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information. • Site/facility design considerations • Perimeter security • Internal security • Facilities security Download a copy of the CISSP Exam Outline at www.isc2.org/exam-outline. THE CISSP CBK The CISSP® domains are drawn from various information security topics within the (ISC)2® CBK® .Updated annually, the domains reflect the most up-to-date best practices worldwide, while establishing a common framework of terms and principles to discuss, debate and resolve matters pertaining to the profession. • Legal issues • Investigations • Forensic procedures • Compliance requirements/procedures 3
Official (ISC)2® CISSP® CBK® Training Seminar This official training seminar is the most comprehensive, complete review of information systems security concepts and industry best practices, and the only training course endorsed by (ISC)2 .As your exclusive way to review and refresh your knowledge of the domains and sub-domains of the CISSP CBK, the seminar will help you identify areas you need to study and includes: • 100% up-to-date material • An overview of the information security field • Contributions from CISSPs, (ISC)2 Authorized Instructors and subject matter experts • Post-Seminar Self-Assessment The Official CISSP CBKTraining Seminar is offered in the following formats: • Classroom Delivered in a multi-day, classroom setting. Course material focuses on covering the ten CISSP domains.Available throughout the world at (ISC)2 facilities and (ISC)2 OfficialTraining Providers. • Private On-site Host your ownTraining Seminar on- or off-site. Available for larger groups, this option often saves employee travel time and expense. Group pricing is also available to organizations with 15 or more employees planning to sit for the exam. • Live OnLine Educate yourself from the convenience of your computer. Live OnLine brings you the same award winning course content as the classroom based or private on-site seminars and the benefit of an (ISC)2 Authorized Instructor. Visit www.isc2.org/cissprevsem for more information or to register. Official (ISC)2 CBK Training Seminars are available throughout the world at (ISC)2 facilities and through (ISC)2 Official Training Providers. Official (ISC)2 CBK Training Seminars are conducted only by (ISC)2 Authorized Instructors who are experts in their field and have demonstrated their mastery of the covered domains. Be wary of training providers that are not authorized by (ISC)2 .Be certain that your educator carries the (ISC)2 OfficialTraining Provider logo to ensure that you are experiencing the best and most current programs available. 2014 SC Magazine Award Winner – Best Professional Certification Program, CISSP 2013 SC Magazine Award Winner – Best Professional Training Program, (ISC)2 Education EDUCATION DELIVEREDYOUR WAY OFFICIAL TRAINING PROVIDERS “Our training and trainer was excellent. All ten domains were covered with exact knowledge and experience that conveyed understanding. Dennis’ use of difficult questions to prepare us for the test made it possible for me to pass.” Joe, CISSP Virginia, USA “I have been CISSP certified since 2005 and hope to attain CISSP-ISSAP certification this year.The benefits of the formalisation of my domain knowledge have always been clear, CISSP is recognised the world over, and when colleagues and customers alike see those letters on your business card, it visibly gives them a sense that they are talking to a domain expert, and more importantly a person that they can trust. The (ISC)2 training that I have attended has always been run by knowledgeable and personable trainers with a wealth of real world experience to share.” Rik, CISSP United Kingdom 4
Exam Outline - Free Your primary resource in your study efforts to become a CISSP® .The Exam Outline contains an exam blueprint that outlines major topics and subtopics within the domains, a suggested reference list for further study, exam information and registration/administration policies and instructions. www.isc2.org/exam-outline Official (ISC)²® Guide to the CISSP CBK® The textbook is an authoritative information security textbook based on the CISSP CBK, a global compendium of security best practices.The textbook is available in hardcover or as an ebook and contains mandatory information written and compiled by world-class CISSP certified experts - an absolute essential for those seeking CISSP certification. www.isc2.org/store studISCope Self Assessment Experience the CISSP certification exam as closely as possible before you take it. Each 100 question studISCope provides the look and feel of the exam while identifying key domains to study. You’ll even receive a personalized study plan. www.isc2.org/studiscope CBK Domain Previews – Free Webcast Channel View a series of short webcasts that provide a detailed overview of each domain of the CISSP, the value of certification and how to study for the exam. www.isc2.org/previews eLearning These self-paced dynamic eLearning lectures and exercises are based on the proven CBK Training Seminars. Offered in 60 or 120-days access in an Internet-friendly format, these lectures and exercises are broken into individual domain review modules for focused study. Each eLearning package features end-of domain and end-of-course review questions modeled after the certification exam. eLearning also qualifies as Continuing Professional Education credits (CPEs) for (ISC)2 members. www.isc2.org/self-paced STUDY TOOLS % @ 5
Obtain the Required Experience - For the CISSP® certification, candidates must have five years of cumulative paid full-time professional security work experience in two or more of the ten domains of the (ISC)2® CISSP CBK® , or four years of cumulative paid full-time professional security work experience in two or more of the ten domains of the CISSP CBK with a college degree. If you do not have the required experience, you may still sit for the exam and become an Associate of (ISC)2 until you have gained the required experience. Study for the Exam - Utilize these optional educational tools to learn the CISSP CBK. • Exam Outline • CBK Domain Preview Webcasts • OfficialTextbook • studISCope Self Assessment • Self-paced eLearning • OfficialTraining Seminar Register for the Exam • Visit www.isc2.org/certification-register-now to schedule an exam date • Submit the examination fee Pass the Exam - Pass the CISSP examination with a scaled score of 700 points or greater. Read the Exam Scoring FAQs at www.isc2.org/exam-scoring-faqs. Complete the Endorsement Process - Once you are notified that you have successfully passed the examination, you will have nine months from the date you sat for the exam to complete the following endorsement process: • Complete an Application Endorsement Form • Subscribe to the (ISC)2 code of ethics • Have your form endorsed by an (ISC)2 member The credential can be awarded once the steps above have been completed and your form has been submitted.* Get the guidelines and form at www.isc2.org/endorsement. Maintain the Certification - Recertification is required every three years, with ongoing requirements to maintain your credentials in good standing.This is primarily accomplished through earning 120 Continuing Professional Education (CPE) credits every three years, with a minimum of 20 CPEs earned each year after certification. If the CPE requirements are not met, CISSPs must retake the exam to maintain certification. CISSPs must also pay an Annual Maintenance Fee (AMF) of US$85. For more information on the CISSP, visit www.isc2.org/cissp. *Audit Notice - Passing candidates will be randomly selected and audited by (ISC)2 prior to issuance of any certificate. Multiple certifications may result in a candidate being audited more than once. CIS.0 (01/14) ©2014InternationalInformationSystemsSecurityCertificationConsortium,Inc.AllRightsReserved. Maintain the certification with required CPEs and AMF Formed in 1989 and celebrating its 25th anniversary, (ISC)2® is the largest not-for-profit membership body of certified information and software security professionals worldwide, with nearly 100,000 members in more than 135 countries. Globally recognized as the Gold Standard, (ISC)2 issues the Certified Information Systems Security Professional (CISSP® ) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP® ), the Certified Cyber Forensics Professional (CCFPSM ), Certified Authorization Professional (CAP® ), HealthCare Information Security and Privacy Practitioner (HCISPPSM ), and Systems Security Certified Practitioner (SSCP® ) credentials to qualifying candidates. (ISC)2 ’s certifications are among the first information technology credentials to meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)2 also offers education programs and services based on its CBK® , a compendium of information and software security topics. More information is available at www.isc2.org. CHECKLIST FOR CERTIFICATION (ISC)2 One-Day SecureEvents Industry Initiatives CertificationVerification Chapter Program (ISC)2 Receptions/Networking Opportunities (ISC)2 Global Awards Program Online Forum (ISC)2 e-Symposium Webinars ThinkTANK Global Information Security Workforce Study InfoSecurity Professional Magazine Safe and Secure OnlineVolunteer Opportunities InterSeC (ISC)2 Security Congress (ISC)2 LocalTwo-Day Secure Events Industry Conferences The (ISC)2 Journal FREE: DISCOUNTED: MEMBER BENEFITS 6

More Related Content

PDF
Slide Deck CISSP Class Session 2
FRSecure
 
PDF
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
Sam Bowne
 
PDF
Slide Deck CISSP Class Session 3
FRSecure
 
PPTX
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017
FRSecure
 
PDF
Slide Deck - CISSP Mentor Program Class Session 1
FRSecure
 
PDF
2. Asset Security
Sam Bowne
 
PPTX
HHS Ransomware and Breach Guidance - Brad Nigh
FRSecure
 
PDF
1. Security and Risk Management
Sam Bowne
 
Slide Deck CISSP Class Session 2
FRSecure
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
Sam Bowne
 
Slide Deck CISSP Class Session 3
FRSecure
 
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017
FRSecure
 
Slide Deck - CISSP Mentor Program Class Session 1
FRSecure
 
2. Asset Security
Sam Bowne
 
HHS Ransomware and Breach Guidance - Brad Nigh
FRSecure
 
1. Security and Risk Management
Sam Bowne
 

What's hot(20)

PDF
CNIT 125: Ch 2. Security and Risk Management (Part 1)
Sam Bowne
 
PPTX
Chapter 1 Law & Ethics
Karthikeyan Dhayalan
 
PDF
CISSP Prep: Ch 3. Asset Security
Sam Bowne
 
PPTX
Chapter 1 Personal security
Karthikeyan Dhayalan
 
PDF
CNIT 125: Ch 2. Security and Risk Management (Part 2)
Sam Bowne
 
PDF
1. Security and Risk Management
Sam Bowne
 
PPTX
CISSP - Security Assessment
Karthikeyan Dhayalan
 
PDF
CNIT 160 Ch 4c: Security Program Development (Part 3)
Sam Bowne
 
PDF
CISSP Prep: Ch 2. Security and Risk Management I (part 2)
Sam Bowne
 
PDF
3. Security Engineering
Sam Bowne
 
PPTX
CISSP - Chapter 2 - Asset Security
Karthikeyan Dhayalan
 
PDF
CNIT 160 Ch 4 Information Security Program Development (Part 3)
Sam Bowne
 
PPTX
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
PDF
Chapter 15 incident handling
newbie2019
 
PDF
CNIT 160 4d Security Program Management (Part 4)
Sam Bowne
 
PPTX
Chapter 5 - Identity Management
Karthikeyan Dhayalan
 
PPTX
Insider threat kill chain
Tarun Gupta,CRISC CISSP CISM CISA BCCE
 
PDF
CNIT 125: Ch 2. Security and Risk Management (Part 2)
Sam Bowne
 
PPT
Information Security
Dhilsath Fathima
 
PDF
3. Security Engineering
Sam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
Sam Bowne
 
Chapter 1 Law & Ethics
Karthikeyan Dhayalan
 
CISSP Prep: Ch 3. Asset Security
Sam Bowne
 
Chapter 1 Personal security
Karthikeyan Dhayalan
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
Sam Bowne
 
1. Security and Risk Management
Sam Bowne
 
CISSP - Security Assessment
Karthikeyan Dhayalan
 
CNIT 160 Ch 4c: Security Program Development (Part 3)
Sam Bowne
 
CISSP Prep: Ch 2. Security and Risk Management I (part 2)
Sam Bowne
 
3. Security Engineering
Sam Bowne
 
CISSP - Chapter 2 - Asset Security
Karthikeyan Dhayalan
 
CNIT 160 Ch 4 Information Security Program Development (Part 3)
Sam Bowne
 
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Chapter 15 incident handling
newbie2019
 
CNIT 160 4d Security Program Management (Part 4)
Sam Bowne
 
Chapter 5 - Identity Management
Karthikeyan Dhayalan
 
Insider threat kill chain
Tarun Gupta,CRISC CISSP CISM CISA BCCE
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
Sam Bowne
 
Information Security
Dhilsath Fathima
 
3. Security Engineering
Sam Bowne
 

Similar to CISSP-WEB(20)

PDF
CISSP introduction 2016 Udemy Course
Adrian Mikeliunas
 
PDF
Certified Information Systems Security Professional (CISSP) brochure
Knowledgehut
 
PDF
Certified Information Systems Security Professional
Helen Njuguna
 
PDF
CISSP Certification Course InfosecTrain.pdf
infosec train
 
DOCX
Certifications on Security - IS AUDIT
Shahzeb Pirzada
 
PDF
Cissp exam-outline
Ahmet E
 
PPTX
CISSP with Net Security Training
Drew Kahrs
 
PDF
OOO
Alaa Khateeb
 
PPTX
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
ITpreneurs
 
PDF
Cissp exam outline 121417- final (2)
Joshua Fonseca
 
PDF
Cissp Training |IEVISION
IEVISION IT SERVICES Pvt. Ltd
 
PPTX
Cissp Training |IEVISION
IEVISION IT SERVICES Pvt. Ltd
 
PPTX
Cissp training and certification in mumbai
IEVISION IT SERVICES Pvt. Ltd
 
PPT
Cissp why
7wounders
 
PDF
Cissp classroom program ievision
IEVISION IT SERVICES Pvt. Ltd
 
DOCX
Step Into Cybersecurity Leadership: The Strategic Value of the CISSP
certpasscenter1
 
PDF
CISSP Training Program
IEVISION IT SERVICES Pvt. Ltd
 
PDF
Best Cyber Security Training Certification | ACS Networks and Technologies Pv...
ACS Networks and Technologies Pvt. Ltd.
 
PPTX
CISSP Online & Classroom Training & Certification Course - ievision.org
IEVISION IT SERVICES Pvt. Ltd
 
PPTX
SSCP Certification Training in Dallas & Arlington, TX
CCI Training Center
 
CISSP introduction 2016 Udemy Course
Adrian Mikeliunas
 
Certified Information Systems Security Professional (CISSP) brochure
Knowledgehut
 
Certified Information Systems Security Professional
Helen Njuguna
 
CISSP Certification Course InfosecTrain.pdf
infosec train
 
Certifications on Security - IS AUDIT
Shahzeb Pirzada
 
Cissp exam-outline
Ahmet E
 
CISSP with Net Security Training
Drew Kahrs
 
OOO
Alaa Khateeb
 
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
ITpreneurs
 
Cissp exam outline 121417- final (2)
Joshua Fonseca
 
Cissp Training |IEVISION
IEVISION IT SERVICES Pvt. Ltd
 
Cissp Training |IEVISION
IEVISION IT SERVICES Pvt. Ltd
 
Cissp training and certification in mumbai
IEVISION IT SERVICES Pvt. Ltd
 
Cissp why
7wounders
 
Cissp classroom program ievision
IEVISION IT SERVICES Pvt. Ltd
 
Step Into Cybersecurity Leadership: The Strategic Value of the CISSP
certpasscenter1
 
CISSP Training Program
IEVISION IT SERVICES Pvt. Ltd
 
Best Cyber Security Training Certification | ACS Networks and Technologies Pv...
ACS Networks and Technologies Pvt. Ltd.
 
CISSP Online & Classroom Training & Certification Course - ievision.org
IEVISION IT SERVICES Pvt. Ltd
 
SSCP Certification Training in Dallas & Arlington, TX
CCI Training Center
 

CISSP-WEB

  • 1.
    The Next Generationof Security Leaders Certified Information Systems Security Professional (CISSP®) is the most globally recognized certification in the information security market. Required by some of the world’s most security- conscious organizations, the CISSP is considered the gold standard credential that assures information security leaders possess the breadth of knowledge, skills and experience required to credibly build and manage the security posture of an organization. Backed by (ISC)2® , the global leader in information security certifications, CISSPs have earned their place as trusted advisors. Their expertise plays a critical role in helping organizations integrate stronger security protocols and protect against threats in an increasingly complex cyber security landscape. CISSP was the first credential in the field of information to meet the stringent requirements of ISO/IEC Standard 17024.Not only is the CISSP an objective measure of excellence,but also a globally recognized standard of achievement. The CISSP HelpsYou: • Demonstrate your ability to effectively define the architecture, design, management and controls that assure the security of business environments. • Validate your experience, skills and commitment as an information security professional. • Advance your career with the most globally recognized information security certification in the industry. • Affirm your commitment to continued competence in the most current information security practices through (ISC)2 ’s Continuing Professional Education (CPE) requirement. • Fulfill government and organization requirements for information security certification mandates. The CISSP Helps Employers: • Increase credibility of the organization when working with vendors and contractors. • Position candidates on a level playing field as the CISSP is internationally recognized. • Ensure their employees use a universal language, circumventing ambiguity with industry-accepted terms and practices. • Increase confidence that job candidates and employees possess the knowledge and experience to do the job right. • Increase confidence that information security personnel are current and capable through CISSP’s CPE credits requirement. • Confirm their employee’s commitment and years of experience gained in the industry. WHY BECOME A CISSP CISSP in the News “Today’s Most In-Demand Certifications” - Certification Magazine “The top five in-demand IT certifications for 2013” - TechRepublic “The Most In-Demand Certifications in IT for 2013” - IT Strategy News “The CISSP certification I got after attending the official (ISC)2 [review] seminar greatly added to my competitive edge and, as a result, I won my current position. I am now making the (ISC)2 certification a requirement for the members of my team, confident in the knowledge that their skills are genuine and current.” Daniel, CISSP The Netherlands “Obtaining the CISSP certification opened up doors I thought inviolable. My career - both professional and academic - grew dramatically!” Claudi, CISSP, CIA, CISA, CISM Italy CISSP INSIGHTS 1
  • 2.
    WHO SHOULD BECOMEA CISSP CISSP candidates must have a minimum of five years of cumulative paid full-time professional security work experience in two or more of the ten domains of the (ISC)2® CISSP CBK® , or four years of cumulative paid full- time professional security work experience in two or more of the ten domains of the CISSP CBK with a college degree.Alternatively, there is a one-year waiver of the professional experience requirement for holding an additional credential on the (ISC)2 approved list. Associate of (ISC)2 You don’t have to spend years in the field to demonstrate your competence in information security. Become an Associate of (ISC)2 , and you’re already part of a reputable and credible organization, earning recognition from employers and peers for the industry knowledge you’ve already gained. Participation Requirements Associate of (ISC)2 status is available to those knowledgeable in key areas of industry concepts but lacking the work experience. As a candidate, you may successfully pass the CISSP examination and subscribe to the (ISC)2 Code of Ethics, however to earn the CISSP credential you will have to acquire the necessary years of professional experience required, provide proof and be endorsed by a member of (ISC)2 in good standing.If you are working towards this credential,you will have a maximum of six years from your exam pass date to acquire the necessary five years of professional experience.An Annual Maintenance Fee (AMF) of US$35 applies and 20 Continuing Professional Education (CPE) credits must be earned each year to remain in good standing. For more information on how you can become an Associate of (ISC)2 , visit www.isc2.org/associate. CISSP Concentrations After the original conception of the CISSP, and the continuous evolution of information security, (ISC)2 discovered a need to develop credentials which address the specific needs of our members. With this in mind, we produced our CISSP Concentrations to provide a career path that would open up new opportunities for our CISSP credential holders. Specifically, these credentials allow for more demanding roles in larger enterprises and recognize the specialized talents of CISSPs. • Information Systems Security Architecture Professional (CISSP-ISSAP® ) • Information Systems Security Engineering Professional (CISSP-ISSEP® ) • Information Systems Security Management Professional (CISSP-ISSMP® ) To qualify for the CISSP-ISSAP, CISSP-ISSEP or the CISSP-ISSMP, a CISSP must maintain their credential in good standing and pass the appropriate concentration examination. Each of the three concentrations has its own CBK Domains. For more information, visit www.isc2.org/concentrations. o Security Consultant o Security Analyst o Security Manager o Security Systems Engineer o IT Director/Manager o Chief Information Security Officer o Security Auditor o Director of Security o Security Architect o Network Architect ENGAGE WHILE OBTAINING EXPERIENCE ADVANCE BEYOND THE CISSP CISSP® credential holders often hold job functions including: 2
  • 3.
    The CISSP CBKconsists of the following ten domains: • Access Control – a collection of mechanisms that work together to create a security architecture to protect the assets of the information system. • Concepts/methodologies/techniques • Effectiveness • Attacks • Telecommunications and Network Security – discusses network structures, transmission methods, transport formats and security measures used to provide availability, integrity and confidentiality. • Network architecture and design • Communication channels • Network components • Network attacks • Information Security Governance and Risk Management – the identification of an organization’s information assets and the development, documentation and implementation of policies, standards, procedures and guidelines. • Security governance and policy • Information classification/ownership • Contractual agreements and procurement processes • Risk management concepts • Personnel security • Security education, training and awareness • Certification and accreditation • Software Development Security – refers to the controls that are included within systems and applications software and the steps used in their development. • Systems development life cycle (SDLC) • Application environment and security controls • Effectiveness of application security • Cryptography – the principles, means and methods of disguising information to ensure its integrity, confidentiality and authenticity. • Encryption concepts • Digital signatures • Cryptanalytic attacks • Public Key Infrastructure (PKI) • Information hiding alternatives • Security Architecture and Design – contains the concepts, principles, structures and standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity and availability. • Fundamental concepts of security models • Capabilities of information systems (e.g. memory protection, virtualization) • Countermeasure principles • Vulnerabilities and threats (e.g. cloud computing, aggregation, data flow control) • Operations Security – used to identify the controls over hardware, media and the operators with access privileges to any of these resources. • Resource protection • Incident response • Attack prevention and response • Patch and vulnerability management • Business Continuity and Disaster Recovery Planning – addresses the preservation of the business in the face of major disruptions to normal business operations. • Business impact analysis • Recovery strategy • Disaster recovery process • Provide training • Legal, Regulations, Investigations and Compliance – addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed and methods to gather evidence. • Physical (Environmental) Security – addresses the threats, vulnerabilities and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information. • Site/facility design considerations • Perimeter security • Internal security • Facilities security Download a copy of the CISSP Exam Outline at www.isc2.org/exam-outline. THE CISSP CBK The CISSP® domains are drawn from various information security topics within the (ISC)2® CBK® .Updated annually, the domains reflect the most up-to-date best practices worldwide, while establishing a common framework of terms and principles to discuss, debate and resolve matters pertaining to the profession. • Legal issues • Investigations • Forensic procedures • Compliance requirements/procedures 3
  • 4.
    Official (ISC)2® CISSP® CBK® Training Seminar Thisofficial training seminar is the most comprehensive, complete review of information systems security concepts and industry best practices, and the only training course endorsed by (ISC)2 .As your exclusive way to review and refresh your knowledge of the domains and sub-domains of the CISSP CBK, the seminar will help you identify areas you need to study and includes: • 100% up-to-date material • An overview of the information security field • Contributions from CISSPs, (ISC)2 Authorized Instructors and subject matter experts • Post-Seminar Self-Assessment The Official CISSP CBKTraining Seminar is offered in the following formats: • Classroom Delivered in a multi-day, classroom setting. Course material focuses on covering the ten CISSP domains.Available throughout the world at (ISC)2 facilities and (ISC)2 OfficialTraining Providers. • Private On-site Host your ownTraining Seminar on- or off-site. Available for larger groups, this option often saves employee travel time and expense. Group pricing is also available to organizations with 15 or more employees planning to sit for the exam. • Live OnLine Educate yourself from the convenience of your computer. Live OnLine brings you the same award winning course content as the classroom based or private on-site seminars and the benefit of an (ISC)2 Authorized Instructor. Visit www.isc2.org/cissprevsem for more information or to register. Official (ISC)2 CBK Training Seminars are available throughout the world at (ISC)2 facilities and through (ISC)2 Official Training Providers. Official (ISC)2 CBK Training Seminars are conducted only by (ISC)2 Authorized Instructors who are experts in their field and have demonstrated their mastery of the covered domains. Be wary of training providers that are not authorized by (ISC)2 .Be certain that your educator carries the (ISC)2 OfficialTraining Provider logo to ensure that you are experiencing the best and most current programs available. 2014 SC Magazine Award Winner – Best Professional Certification Program, CISSP 2013 SC Magazine Award Winner – Best Professional Training Program, (ISC)2 Education EDUCATION DELIVEREDYOUR WAY OFFICIAL TRAINING PROVIDERS “Our training and trainer was excellent. All ten domains were covered with exact knowledge and experience that conveyed understanding. Dennis’ use of difficult questions to prepare us for the test made it possible for me to pass.” Joe, CISSP Virginia, USA “I have been CISSP certified since 2005 and hope to attain CISSP-ISSAP certification this year.The benefits of the formalisation of my domain knowledge have always been clear, CISSP is recognised the world over, and when colleagues and customers alike see those letters on your business card, it visibly gives them a sense that they are talking to a domain expert, and more importantly a person that they can trust. The (ISC)2 training that I have attended has always been run by knowledgeable and personable trainers with a wealth of real world experience to share.” Rik, CISSP United Kingdom 4
  • 5.
    Exam Outline -Free Your primary resource in your study efforts to become a CISSP® .The Exam Outline contains an exam blueprint that outlines major topics and subtopics within the domains, a suggested reference list for further study, exam information and registration/administration policies and instructions. www.isc2.org/exam-outline Official (ISC)²® Guide to the CISSP CBK® The textbook is an authoritative information security textbook based on the CISSP CBK, a global compendium of security best practices.The textbook is available in hardcover or as an ebook and contains mandatory information written and compiled by world-class CISSP certified experts - an absolute essential for those seeking CISSP certification. www.isc2.org/store studISCope Self Assessment Experience the CISSP certification exam as closely as possible before you take it. Each 100 question studISCope provides the look and feel of the exam while identifying key domains to study. You’ll even receive a personalized study plan. www.isc2.org/studiscope CBK Domain Previews – Free Webcast Channel View a series of short webcasts that provide a detailed overview of each domain of the CISSP, the value of certification and how to study for the exam. www.isc2.org/previews eLearning These self-paced dynamic eLearning lectures and exercises are based on the proven CBK Training Seminars. Offered in 60 or 120-days access in an Internet-friendly format, these lectures and exercises are broken into individual domain review modules for focused study. Each eLearning package features end-of domain and end-of-course review questions modeled after the certification exam. eLearning also qualifies as Continuing Professional Education credits (CPEs) for (ISC)2 members. www.isc2.org/self-paced STUDY TOOLS % @ 5
  • 6.
    Obtain the RequiredExperience - For the CISSP® certification, candidates must have five years of cumulative paid full-time professional security work experience in two or more of the ten domains of the (ISC)2® CISSP CBK® , or four years of cumulative paid full-time professional security work experience in two or more of the ten domains of the CISSP CBK with a college degree. If you do not have the required experience, you may still sit for the exam and become an Associate of (ISC)2 until you have gained the required experience. Study for the Exam - Utilize these optional educational tools to learn the CISSP CBK. • Exam Outline • CBK Domain Preview Webcasts • OfficialTextbook • studISCope Self Assessment • Self-paced eLearning • OfficialTraining Seminar Register for the Exam • Visit www.isc2.org/certification-register-now to schedule an exam date • Submit the examination fee Pass the Exam - Pass the CISSP examination with a scaled score of 700 points or greater. Read the Exam Scoring FAQs at www.isc2.org/exam-scoring-faqs. Complete the Endorsement Process - Once you are notified that you have successfully passed the examination, you will have nine months from the date you sat for the exam to complete the following endorsement process: • Complete an Application Endorsement Form • Subscribe to the (ISC)2 code of ethics • Have your form endorsed by an (ISC)2 member The credential can be awarded once the steps above have been completed and your form has been submitted.* Get the guidelines and form at www.isc2.org/endorsement. Maintain the Certification - Recertification is required every three years, with ongoing requirements to maintain your credentials in good standing.This is primarily accomplished through earning 120 Continuing Professional Education (CPE) credits every three years, with a minimum of 20 CPEs earned each year after certification. If the CPE requirements are not met, CISSPs must retake the exam to maintain certification. CISSPs must also pay an Annual Maintenance Fee (AMF) of US$85. For more information on the CISSP, visit www.isc2.org/cissp. *Audit Notice - Passing candidates will be randomly selected and audited by (ISC)2 prior to issuance of any certificate. Multiple certifications may result in a candidate being audited more than once. CIS.0 (01/14) ©2014InternationalInformationSystemsSecurityCertificationConsortium,Inc.AllRightsReserved. Maintain the certification with required CPEs and AMF Formed in 1989 and celebrating its 25th anniversary, (ISC)2® is the largest not-for-profit membership body of certified information and software security professionals worldwide, with nearly 100,000 members in more than 135 countries. Globally recognized as the Gold Standard, (ISC)2 issues the Certified Information Systems Security Professional (CISSP® ) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP® ), the Certified Cyber Forensics Professional (CCFPSM ), Certified Authorization Professional (CAP® ), HealthCare Information Security and Privacy Practitioner (HCISPPSM ), and Systems Security Certified Practitioner (SSCP® ) credentials to qualifying candidates. (ISC)2 ’s certifications are among the first information technology credentials to meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)2 also offers education programs and services based on its CBK® , a compendium of information and software security topics. More information is available at www.isc2.org. CHECKLIST FOR CERTIFICATION (ISC)2 One-Day SecureEvents Industry Initiatives CertificationVerification Chapter Program (ISC)2 Receptions/Networking Opportunities (ISC)2 Global Awards Program Online Forum (ISC)2 e-Symposium Webinars ThinkTANK Global Information Security Workforce Study InfoSecurity Professional Magazine Safe and Secure OnlineVolunteer Opportunities InterSeC (ISC)2 Security Congress (ISC)2 LocalTwo-Day Secure Events Industry Conferences The (ISC)2 Journal FREE: DISCOUNTED: MEMBER BENEFITS 6