Certifiably Secure: CISSP
The Certified Information Systems Security Professional (CISSP) certification is the brainchild of the International Information Systems Security Certification Consortium, usually known as “ISC-squared” (ISC)2. It’s a vendor-neutral information security certification with a strong emphasis on concepts, theory and general information security planning, policy, best practices and procedures that is pretty well recognized. The current number of CISSPs is about 10,000; growth estimates based on last year indicate the program might double (to 18,000 to 20,000 CISSPs) by the end of 2003. According to numerous sources, the CISSP remains the infosec certification most often mentioned by name in job postings and classified ads and is probably the best-known credential to HR personnel and placement firms.
The CISSP requirements include a six-hour exam with 250 multiple-choice questions. (ISC)2 hasn’t made a deal with Prometric or VUE for exam delivery, and it manages its own testing schedule at locations around the United States and Canada (with an increasing number overseas as well). Some planning—and even travel—may be necessary to take this exam, depending on where you live. The exam costs $450 and is based on a 10-domain Common Body of Knowledge (CBK) that includes the following areas:
- Access Control Systems and Methodology
- Applications and Systems Development
- Business Continuity Planning
- Law, Investigation and Ethics
- Operations Security
- Physical Security
- Security Architecture and Models
- Security Management Practices
- Telecommunications, Network and Internet Security
For complete details on this exam, consult the CISSP Exam Dissection in the February 2003 StudyGuide portion of Certification Magazine, online now at http://www.certmag.com. You’ll also find great pointers to more information, study tips and so forth. For more official exam and requirements information, please visit http://www.isc2.org/cgi/content.cgi?category=19.