Introduction

Since 1994, security practitioners around the world have been pursuing a
well-known and highly regarded professional credential: the Certified
Information Systems Security Professional (CISSP) certification. And
since 2001, CISSP For Dummies has been helping security practitioners
enhance their security knowledge and earn the coveted CISSP
certification.
Today, there are more than 120,000 CISSPs worldwide. Ironically, some
certification skeptics might argue that the CISSP certification is
becoming less relevant because so many people have earned the
certification. However, the CISSP certification isn’t less relevant
because more people are attaining it — more people are attaining it
because it’s now more relevant than ever. Information security is far
more important than at any time in the past, with extremely large-scale
data security breaches and highly sophisticated cyberattacks becoming
all too frequent occurrences in our modern era.
There are many excellent and reputable information security training and
education programs available. In addition to technical and industry
certifications, there are also many fully accredited postsecondary degree,
certificate and apprenticeship programs available for information
security practitioners. And there are certainly plenty of self-taught,
highly skilled individuals working in the information security field who
have a strong understanding of core security concepts, techniques and
technologies.
But inevitably, there are also far too many charlatans who are all too
willing to overstate their security qualifications and prey on the
obliviousness of business and other leaders — who think “wiping” a
server, for example, means “like, with a cloth or something” — in order
to pursue a fulfilling career in the information security field, or perhaps
for other more dubious purposes.
The CISSP certification is widely held as the professional standard for
information security professionals. It enables security professionals to