Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIT 694 Introduction. CISSP Certified Information Systems Security Professional “The credential for professionals who develop policies and procedures.

Published byCecil Bradley Modified over 8 years ago

Similar presentations

Presentation on theme: "CIT 694 Introduction. CISSP Certified Information Systems Security Professional “The credential for professionals who develop policies and procedures."— Presentation transcript:

1 CIT 694 Introduction

2 CISSP Certified Information Systems Security Professional “The credential for professionals who develop policies and procedures in information security.” The CISSP is a very popular among information security professionals. – >94,000

3 (ISC)2 Certification from (ISC) 2 – International Information Systems Security Certification Consortium “the global, not-for-profit leader in educating and certifying information security professionals throughout their careers. We are recognized for Gold Standard certifications and world class education programs.”

4 Obtaining CISSP Certification Four years of professional experience with a college degree. Pass examination. Agree to a code of ethics. Submit your résumé with an endorsement by someone who has a CISSP certification and is familiar with your work.

5 Charles Frank, CISSP Passed the CISSP examination in November 2010 Obtained the CISSP in March 2011. Renewed in March 2014.

6 CISSP Ten Domains 1.Access Control 2.Business Continuity and Disaster Recovery 3.Cryptography 4.Information Security Governance and Risk Management 5.Legal, Regulations, Investigations and Compliance 6.Operations Security 7.Physical and Environmental Security 8.Security Architecture and Design 9.Software Development Security 10.Telecommunications and Network Security

7 Textbook

8 Shon Harris Book Chapter 2-11 cover the 10 domains Study Guide for the CISSP exam

9 We’re Specialized Information security professionals are specialized. Professors are strong in the domains related to their discipline. – Computer Science: Application Security – Computer Information Technology: Network Security – Information systems : Information Security Governance and Risk Management

10 Me Computer science professor – Teach Computer Security – Research Secure Software Engineering Background emphasized technology as the way to address security. Develop a broader view and a deeper understanding of information security.

11 Preparation Read Shon Harris’ CISSP All-in-One Exam Guide (1,160 pages – now 1383) (ISC)2 ten week online course – $1,995 – Good review – Insufficient to pass the exam – Insights into CISSP test gamesmanship

12 CISSP Exam $599 Six hours Challenging Exam. Tests applying knowledge rather than memorization of terms or facts 250 multiple choice questions – All four selectable answers might have some degree of correctness – Need to pick the best answer. Average 86 seconds per question. >= 70% to pass

13 Test Taking Approach 1.Read each question carefully, underlining key words. 2.Review the question, focusing on the key words. 3.Select the best answer 4.Move on

14 Recertification Required every three years. Earn 120 continuing professional education (CPE) hours Minimum of 20 CPEs each year Annual maintenance fee of $85.

15 CPEs Professional association chapter meeting – OWASP – ISSA – InfraGard Listen to webcast or podcast – Gary McGraw’s Silver Bullet – OWASP Podcasts – Vendor webcasts

16 CPEs Publish a security paper – Thank you InfoSecCD Attend a security conference – DerbyCon – Louisville 16 hours of participation – InfoSecCD

17 CPEs Read information security book (5 CPEs) – It takes more than 5 hours to read a book – Do you always want to read the whole book? Read an information security magazine – IEEE Security and Privacy – ISSA Journal – Do you always want to read the whole magazine?

18 CPEs Recording CPEs are easily done on the (ISC)²® website Rare random audit – Email documentation Six months, earned 140 CPEs 120 CPEs over three years minimal indicator of keeping up-to-date in the dynamic field of information security.

19 Critique: (ISC)2 Revenue Cost – (ISC)2 Training course $1,995 (to $2,495) – (ISC)2 CISSP Study Book $69.95 – Test $599 – Annual Maintenance Fee $85 (ISC)2 is generating revenue from this certification (ISC)2 regularly sends me email marketing CISSP preparation materials.

20 (ISC)2 Defense All revenue and expenses are balanced and invested for the benefit of our membership. It is important to note that (ISC)2 is a highly successful organization that has not raised the costs to membership since our inception, while continually increasing member benefits.”

21 Cost Issue An employer should consider whether the CISSP certification is cost effective in educating key employees in information security. If an employer does not pay, this places a significant financial burden on the applicant employee.

22 Knowledge not Credentials “What you know and can do is more important than a certification.” Is a college degree important? – Bill Gates

23 DerbyCon Penetration Testers, Social Engineers, Hackers They do their penetration tests for CISSPs We are the Ninjas. They are the bureaucrats. Do you know more than a CISSP?

24 Gary McGraw Information security “leaves plenty of room for hacks and hucksters.” “A CISSP certification is an indicator that someone has mastered a common body of practical security knowledge”.

25 Reality In a highly competitive job market, certifications can make a professional more marketable. CISSP has become a fairly standard requirement for getting one’s résumé to be looked at.

26 Salary (ISC)2 sponsored survey found the average salary for a professional with an (ISC)² certification is $106,900. DerbyCon speaker. – CISSP in corner office driving a BMW

27 Personal Benefits Broadened my security prospective in areas such as governance. Obtaining CPEs required me to spend time on professional development. CBK provided curriculum guidance to educate my students. Credibility within the local information security community.

28 Conclusion CISSP does not guarantee that you will be a quality professional. A Ph.D. does not guarantee you will be a quality professor. CISSP certification validates that you have broad security knowledge. Maintaining the CISSP requires professional development.

Download ppt "CIT 694 Introduction. CISSP Certified Information Systems Security Professional “The credential for professionals who develop policies and procedures."

Similar presentations

Reasons to Become CISSP Certified Keith A. Watson, CISSP CERIAS.

Reasons to Become CISSP Certified Keith A. Watson, CISSP CERIAS.
Introduction to the CGFM Program

Introduction to the CGFM Program
Information Technology as a Profession

Information Technology as a Profession
Professional Certification Programs from the National Contract Management Association.

Professional Certification Programs from the National Contract Management Association.
Elevate Your BC Career Presented by: Cheyene Haase of BC Management, Inc. The Skills, Experience and Credentials in Demand for Business Continuity Professionals.

Elevate Your BC Career Presented by: Cheyene Haase of BC Management, Inc. The Skills, Experience and Credentials in Demand for Business Continuity Professionals.
CMA Awareness Stacie Hughes, CMA, CFM, CPA, CFE Athens State University Student Chapter IMA.

CMA Awareness Stacie Hughes, CMA, CFM, CPA, CFE Athens State University Student Chapter IMA.
Security and Personnel

Security and Personnel
1 CMAA Student Chapter | | 12 Pages Washington DC ‘11 RISING CONSTRUCTION MANAGER CONFERENCE November 5-6 Grand Hyatt Texas A&M Department of Construction.

1 CMAA Student Chapter | | 12 Pages Washington DC ‘11 RISING CONSTRUCTION MANAGER CONFERENCE November 5-6 Grand Hyatt Texas A&M Department of Construction.
American College of Healthcare Executives Your Partner in Career Success.

American College of Healthcare Executives Your Partner in Career Success.
UMBC TRAINING CENTERS © 2010, Paladin Group, LLC Certified Information System Security Professional (CISSP)

UMBC TRAINING CENTERS © 2010, Paladin Group, LLC Certified Information System Security Professional (CISSP)
Regional Competitiveness Initiative: 4 th Annual Regional Conference on Competitiveness and Economic Growth International Standards and Certifications.

Regional Competitiveness Initiative: 4 th Annual Regional Conference on Competitiveness and Economic Growth International Standards and Certifications.
CMP, CGMP – Are these the designations your were looking for? Jim Cacabelos, CMP, CGMP.

CMP, CGMP – Are these the designations your were looking for? Jim Cacabelos, CMP, CGMP.
Practice for the CISSP Exam Steve Santy, MBA, CISSP IT Security Project Manager IT Networks and Security.

Practice for the CISSP Exam Steve Santy, MBA, CISSP IT Security Project Manager IT Networks and Security.
Australian Computer Society Helping Students Launch a Successful Career.

Australian Computer Society Helping Students Launch a Successful Career.
Chapter 15 Information Technology Careers.

Chapter 15 Information Technology Careers.
Security Certification

Security Certification
1 DRI International’s Certification Process Professional certification for leaders in continuity management.

1 DRI International’s Certification Process Professional certification for leaders in continuity management.
Software Quality Certifications CSQA and CSTE By: Laura Widder, CSQA.

Software Quality Certifications CSQA and CSTE By: Laura Widder, CSQA.
IT Project Management, Third Edition Appendix B1 Appendix B: Advice for the Project Management Professional (PMP) Exam and Related Certifications.

IT Project Management, Third Edition Appendix B1 Appendix B: Advice for the Project Management Professional (PMP) Exam and Related Certifications.
Copyright Course Technology 2001 1 Appendix B: Advice for the PMP Exam and Related Certifications.

Copyright Course Technology Appendix B: Advice for the PMP Exam and Related Certifications.

Similar presentations

Ads by Google