For Dummies CISSP, 3rd Edition 978-0-470-53791-6 User Manual
Product codes
978-0-470-53791-6
10
Part I: Certification Basics
The CISSP was the first information security credential to be accredited by
the American National Standards Institute (ANSI) to the ISO/IEC 17024:2003
standard. This international standard helps to ensure that personnel cer-
tification processes define specific competencies and identify required
knowledge, skills, and personal attributes. It also requires examinations to be
independently administered and designed to properly test a candidate’s com-
petence for the certification. This process helps a certification gain industry
acceptance and credibility as more than just a marketing tool for certain
vendor-specific certifications (a widespread criticism that has caused many
vendor certifications to lose relevance over the years).
the American National Standards Institute (ANSI) to the ISO/IEC 17024:2003
standard. This international standard helps to ensure that personnel cer-
tification processes define specific competencies and identify required
knowledge, skills, and personal attributes. It also requires examinations to be
independently administered and designed to properly test a candidate’s com-
petence for the certification. This process helps a certification gain industry
acceptance and credibility as more than just a marketing tool for certain
vendor-specific certifications (a widespread criticism that has caused many
vendor certifications to lose relevance over the years).
The ISO (International Organization for Standardization) and IEC (International
Electrotechnical Commission) are two organizations that work together to
prepare and publish international standards for businesses, governments, and
societies worldwide.
prepare and publish international standards for businesses, governments, and
societies worldwide.
The CISSP certification is based on a Common Body of Knowledge (CBK)
identified by the (ISC)
identified by the (ISC)
2
and defined through ten distinct domains:
✓
Access Control
✓
Application Development Security
✓
Business Continuity and Disaster Recovery Planning
✓
Cryptography
✓
Information Security Governance and Risk Management
✓
Legal, Regulations, Investigations, and Compliance
✓
Operations Security
✓
Physical (Environmental) Security
✓
Security Architecture and Design
✓
Telecommunications and Network Security
You Must Be This Tall to Ride
(And Other Requirements)
The CISSP candidate must have a minimum of five cumulative years of profes-
sional, full-time, direct work experience in two or more of the domains listed
in the preceding section. The work experience requirement is a hands-on
one — you can’t satisfy the requirement by just having “information security”
listed as one of your job responsibilities. You need to have information secu-
rity knowledge and perform work that requires you to regularly apply that
knowledge.
sional, full-time, direct work experience in two or more of the domains listed
in the preceding section. The work experience requirement is a hands-on
one — you can’t satisfy the requirement by just having “information security”
listed as one of your job responsibilities. You need to have information secu-
rity knowledge and perform work that requires you to regularly apply that
knowledge.
05_537916-ch01.indd 10
05_537916-ch01.indd 10
11/3/09 11:25 PM
11/3/09 11:25 PM