Скачать книгу

rel="nofollow" href="#fb3_img_img_7faf9e90-0e60-5326-9d20-650ac11248c0.png" alt="Bullet"/> Developing a study plan

      Bullet Registering for the exam

      Bullet Taking the CISSP exam

      Bullet Getting your exam results

      In this chapter, you get to know the (ISC)2 and learn about the CISSP certification, including professional requirements, how to study for the exam, how to get registered, what to expect during the exam, and (of course) what to expect after you pass the CISSP exam!

      The International Information System Security Certification Consortium (ISC)2 (https://www.isc2.org) was established in 1989 as a not-for-profit, tax-exempt corporation chartered for the explicit purpose of developing a standardized security curriculum and administering an information security certification process for security professionals worldwide. In 1994, the Certified Information Systems Security Professional (CISSP) credential was launched.

      Technicalstuff The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) are two organizations that work together to prepare and publish international standards for businesses, governments, and societies worldwide.

      The CISSP certification is based on a Common Body of Knowledge (CBK) identified by the (ISC)2 and defined through eight distinct domains:

       Security and Risk Management

       Asset Security

       Security Architecture and Engineering

       Communication and Network Security

       Identity and Access Management (IAM)

       Security Assessment and Testing

       Security Operations

       Software Development Security

      The work experience requirement is a hands-on one; you can’t satisfy the requirement just by having “information security” listed as one of your job responsibilities. You need to have specific knowledge of information security and to perform work that requires you to apply that knowledge regularly. Some examples of full-time information security roles that might satisfy the work experience requirement include (but aren’t limited to)

       Security analyst

       Security architect

       Security auditor

       Security consultant

       Security engineer

       Security manager

      Examples of information technology roles for which you can gain partial credit for security work experience include (but aren’t limited to)

       Systems administrator

       Network administrator

       Database administrator

       Software developer

      For any of these preceding job titles, your particular work experience might result in your spending some of your time (say, 25 percent) doing security-related tasks. This is legitimate for security work experience. Five years as a systems administrator, for example, spending a quarter of your time doing security-related tasks, earns you 1.25 years of security experience.

      Furthermore, you can get a waiver for a maximum of one year of the five-year professional experience requirement if you have one of the following:

       A four-year college degree (or regional equivalent)

       An advanced degree in information security from one of the National Centers of Academic Excellence in Cyber Defense (CAE-CD)

       A credential that appears on the (ISC)2-approved list, which includes more than 45 technical and professional certifications, such as various SANS GIAC certifications, Cisco and Microsoft certifications, and CompTIA Security+ (For the complete list, go to https://www.isc2.org/Certifications/CISSP/Prerequisite-Pathway.)

      See Chapter 2 to learn more about relevant certifications on the (ISC)2-approved list for an experience waiver.

      Tip In the U.S., CAE-CD programs are jointly sponsored by the National Security Agency and the Department of Homeland Security. For more information, go to www.nsa.gov/resources/educators/centers-academic-excellence/cyber-defense.

      If you don’t have the minimum required experience to become a CISSP, you can still take the CISSP certification exam and become an associate of (ISC)2. Then you’ll have six years to meet the minimum experience requirement and become a fully certified CISSP.

      Many resources are available to help the CISSP candidate prepare for the exam. Self-study is a major part of any study plan. Work experience is also critical to success, and you can incorporate it into your study plan. For those who learn best in a classroom or online training environment, (ISC)2 offers CISSP training seminars.

      We recommend that you commit to an intense 60-day study plan leading up to the CISSP exam. How intense? That depends on your personal experience and learning ability, but plan on a minimum of 2 hours a day for 60 days. If you’re a slow learner or reader, or perhaps find yourself weak in many areas, plan on four to six hours a day — and more on the weekends. But stick

Скачать книгу