Information system security is a unique aspect of business, government, and society today. People who work to protect and secure information systems need a unique set of qualifications, of which technical knowledge is only one component. These individuals, to whom organizations regularly entrust their innermost secrets, must be experienced, trustworthy, and bound to a code of ethics.
CISSP stands for Certified Information Systems Security Professional. CISSP is a trademarked certification for information system security professionals. (ISC)² is the name of the non-profit organization that owns the CISSP trademark and is in charge of the entire CISSP program. (ISC)² stands for International Information Systems Security Certification Consortium (pronounce as "I-S-C-squared"). Becoming a CISSP requires several things of an individual, one of which is passing a rigorous and wide-ranging examination which includes a lot of the theory, as well as the practice, of information system security. The reasons for this requirement can be found in the CISSP name itself:
Certified: The title of CISSP would not carry weight without a high degree of assurance that individuals so designated have demonstrated both depth and breadth of understanding of their discipline. Of necessity, this includes not only the practice of information system security, but also the theoretical basis of the discipline. This helps to insure that successful CISSP candidates don't just know how to secure certain specific systems. They also know how to: manage security on a broad scale, across multiple systems or an entire organization develop security policy and explain security issues to both users and management address security issues raised by new systems using consistent and proven methodologies.
Information System Security: This is subtly different from computer security or network security or communications security. It is all of these things and more.
Professional: Anyone holding the CISSP title should understand more than the mechanics of security. They must understand the role of information system security within companies, governments, and society. They should also grasp the importance of their role in creating and ensuring the security of information systems.
To become a CISSP, a candidate must successfully complete two separate processes: Examination and Certification. The eligibility requirements to sit for the CISSP examination are completely separate from the eligibility requirements necessary to be certified.
The Ten Domains of the CISSP are: 1. Access Control Systems & Methodology; 2. Telecommunications & Network Security; 3. Security Management Practices; 4. Applications & Systems Development Security; 5. Cryptography; 6. Security Architecture & Models; 7. Operations Security; 8. Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP); 9. Law, Investigations & Ethics; 10. Physical Security.
Benefits of Certification to the Professional: Demonstrates a working knowledge of information security; Confirms commitment to profession; Offers a career differentiation, with enhanced credibility and marketability; Provides access to valuable resources, such as peer networking and idea exchange.
Benefits of Certification to the Enterprise: Establishes a standard of best practices; Offers a solutions-orientation, not specialization, based on the broader understanding of the (ISC)² Common Body of Knowledge (CBK); Allows access to a network of global industry and subject matter/domain experts; Makes broad-based security information resources readily available; Adds to credibility with the rigor and regimen of the certification examinations; Provides a business and technology orientation to risk management.
If you want to become a CISSP, visit www.isc2.org
**********
For your questions, comments, suggestions, press releases and stories, please e-mail techtvhost@yahoo.com. God Bless us all!!!
**********
