What is CISSP Anyway?
A Presentation by:
George L. McMullin II, CISSPCOO, CorpNet Security, Inc.
Executive Director, NEbraskaCERT
Where we’re headed today
• A little history
• A little certification
• And a little more
The Certification Movement
• Security organizations already exist pre-’88
• Special Interest Group for Computer Security (SIG-CS) of the Data Processing Management Association (DPMA) - Nov ‘88
• Volunteers from several organizations began a joint effort to forge a certification program
– SIG-CS of the DPMA
– Information Systems Security Association (ISSA)
– Computer Security Institute (CSI)
– Canadian Information Processing Society (CIPS)
– Several agencies of the U.S. and Canadian governments
– Idaho State University
Certification Realized
• International Information Systems Security Certification Consortium (ISC)² established mid-’89– nonprofit corporation
– develop a certification program for information systems security practitioners
– certification body, not a membership organization
(ISC)²
• Code of Ethics established
– Canons
• Protect society, the commonwealth, and the infrastructure
• Act honorably, honestly, justly, responsibly, and legally
• Provide diligent and competent service to principals
• Advance and protect the profession
(ISC)²
• Certification for Information Systems Security Professionals (CISSP)– Ten “Common Body of Knowledge” (CBK) areas defined
• Access Control Systems and Methodology
• Telecommunications and Network Security
• Security Management Practices
• Applications and System Development Security
• Cryptography
• Security Architecture and Models
• Operations Security
• Business Continuity Planning and Disaster Recovery Planning
• Law, Investigations and Ethics
CISSP
• Certification for Information Systems Security Professionals (CISSP)– Examination
• Prerequisites:– Subscribe to code of ethics
– Have 3 years direct work experience in one of 10 areas of CBK
• $450 fee
• 6 hours
• 250 multiple-choice questions
– Recertification• Annual fee of $85
• Abide by code of ethics
• Earn 120 Continuing Professional Education (CPE) credits every 3 years
CISSP
• Preparation
– (ISC)² CBK review seminars• Four days - $1550 (w/ exam add $275)
• Eight days - $2800 (w/ exam add $275)
– NEbraskaCERT CISSP Exam Preparation Course• Ten weeks - $1495 (discounts available)
– Self study
Coming Certification . . .
• Systems Security Certified Practitioner (SSCP)– Aimed at network and systems security administrators
– Multiple examinations• Core examination - multiple choice
• Optional specialty exams specific to technologies - scenario based
• Seven areas of CBK– Access controls
– Administration
– Audit and monitoring
– Risk, response and recovery
– Cryptography
– Data communications
– Malicious code
Contacting George• NEbraskaCERT
• CorpNet Security
• Cell phone
– (402) 968-6830