Looking Ahead to Security Certs

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Secure Your Future



If you want to break into information security, you probably need to
earn a security cert. Here’s one for you: The International Information
Systems Security Certification Consortium (ISC)2 runs the Certified
Information Systems Security Professional (CISSP) program, which
experienced impressive growth in 2001.



“From 2000 to 2001, the CISSP program saw 134 percent growth,” said Tony
Baratta, manager of professional programs for (ISC)2. “If the trend
continues, we’re going to see a heck of a lot more growth in the year to



Growth leads to change, and the CISSP program has seen some changes
recently. First, the board of directors of (ISC)2 changed the experience
requirements. The new requirements go into effect Jan. 1, 2003, and will
raise the minimum requirement to four years of experience, or three
years with a college degree or equivalent life experience. The current
requirement is three years. Current CISSPs and those who earn the
certification in 2002 will not be affected by the change.



“Information security is an evolving industry, and more experience and
education is needed to make sure the high standards are upheld,” said
Baratta of the additional experience requirement.



(ISC)2 has also introduced the (ISC)2 Training Institute. The (ISC)2
Institute will be run by IT Professional Group (ITPG), based in Vienna,
Va., which has licensed intellectual property rights for the CBK review
courses and will conduct training. (ISC)2 will provide instructors for
the seminars in addition to qualifying exam candidates and proctoring
the CISSP exams.



The vendor-independent CISSP exam covers the Common Body of Knowledge
(CBK) domains: Access Control Systems and Methodology; Applications and
Systems Development; Business Continuity and Disaster Recovery Planning;
Cryptography; Law, Investigation and Ethics; Operations Security
(Computer); Physical Security; Security Architecture and Models;
Security Management Practices; and Telecommunications and Network
Security. Recertification is required every three years.



For more information on CISSP and (ISC)2, go to http://www.isc2.org.

Group Work



Whether you’re taking an instructor-led course or studying on your own,
you might benefit by joining a study group. Studying with a group gives
you the chance to reinforce what you’ve learned. And, you will be
exposed to other opinions on what you need to know, which is important
in gaining the well-rounded knowledge base you need to pass your exams.



There are tons of existing study groups out there. Some meet weekly;
some meet monthly. Some charge dues; some are free. The Atlanta
MCSE/MCSD Study Group,
http://www.atlantamcse.org, is free to join and
organizes study groups for Microsoft certification. The Central Texas
LAN Association (
http://www.ctla.org), based in Austin, Texas, also
offers study groups for Microsoft certification. You can also look into
local chapters of national organizations. The Information Systems
Security Organization (ISSA),
http://www.issa.org, has chapters that
organize study groups for CISSP exams. Search online or consult local
organizations for a study group near you.



If you’re not interested in joining one of these groups, you can always
start your own. This will be easiest if you’re already enrolled in
instructor-led training because you can just enlist some of your
classmates, but you can also start a study group with friends or co-



Here are some things to remember. Keep it small—four or five people—any
more than that, and one or two people might dominate the meeting. Choose
members of the group based on goals you have in common, like passing the
Windows XP Professional exam. Decide on a regular time and place, and
hold yourselves to it. At the end of each week’s meeting, decide on next
week’s topics and determine how everyone should prepare. Then, make sure
you come prepared and keep yourselves on track. If there’s an argument
about whether Bill or Phil is right, set the subject of the argument
aside for a week, and consult your instructor or another expert for the



By working together, you increase your chances of success.



Welcome to Safety Town



Do you remember Safety Town? When I was a kid, we took a field trip
there—we all drove around in pedal cars, learning about stop signs and
crosswalks. Ah, the safety rules of childhood—Don’t talk to strangers;
don’t run with scissors. How things change as we age…now we need to
focus on changing our passwords regularly and keeping our offices locked
up. So how good are we at protecting our workplaces?



According to a techies.com survey, tech employees claim their employers
are not doing enough. But these techies also said they would resist
security measures that would infringe on their personal life, and many
of them didn’t do what they could to protect themselves.



The survey was conducted in late 2001. Part one, which was released Jan.
21, 2002, surveyed 888 IT professionals on employers’ security measures
that ensure personal and electronic safety as well as the aactions
employees took to protect themselves.



The survey asked, “Compared with two years ago, how do you feel your
company’s security levels have changed in the following areas?” Areas
covered included access to employee desks, parking safety, access to
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|