A CISSP is a certification given out by ISC2.org. They state:
As the first credential accredited by ANSI to ISO Standard 17024:2003 in the field of information security, the Certified Information Systems Security Professional (CISSP®) certification provides information security professionals with not only an objective measure of competence but a globally recognized standard of achievement. The CISSP credential demonstrates competence in the 10 domains of the (ISC)² CISSP® CBK®.
So, it is a internationally known information security certification. It is generally recognized as one of the toughest and most comprehensive security certifications out there. However, it is not necessarily a technical certification such as a Checkpoint certification or a Bluecoat certification. It covers a broad spectrum of topics. In fact, it covers 10 domains of information as you can see in the quote above.
Most people refer to the CISSP certification as a mile wide and an inch deep. This is because the knowledge required for a certification covers a lot of topics. However, it does not require you to be an expert in all of them. Though, most people who are taking the test are security professionals and can answer some of the topics comprehensively.
So, what are the subjects that are covered? These are the 10 domains referenced earlier.
These are the 10 domains (they have been renamed recently):
Access Control
Application Security
Business Continuity and Disaster Recovery Planning
Cryptography
Information Security and Risk Management
Legal, Regulations, Compliance and Investigations
Operations Security
Physical (Environmental) Security
Security Architecture and Design
Telecommunications and Network Security
This is just a brief introduction in the requirements for the CISSP. Later I will break down each domain and discuss some of the information required. For more information, visit CCCure. There is a whole host of information there.
Post a Comment