Professional Documents
Culture Documents
w.camilleri@isc2.org
Purpose
.
2
Agenda
.
• About (ISC)2
• Review of the CISSP™ & SSCP™ Certification
Programs
• Qualifications for Certification
• Common Body of Knowledge (CBK)
• Examinations
• Study Guides
• Resources
3
International Information Systems Security Certification
Consortium, Inc.
• Non-profit/tax-exempt
• Sole purposes - certification and education
• Board of Directors
• Committees
• (ISC)2 Services
• Testing Service - Schroeder Measurement Technologies
4
(ISC)2
A Brief History
• Formed in 1989
• Consortium:
– ISSA, DPMA, CIPS, IFIPS, CSI, Idaho State University, US
Government, Senior Information Security Practitioners
• First public examination in 1995 In Toronto, Canada
• Certified thousands of information security practitioners in
over twenty-seven countries.
5
CISSP Certification
.
6
SSCP Certification
.
7
CISSP Certification
Applicant Requirements
8
SSCP Certification
Applicant Requirements
9
SSCP Certification
Applicant Requirements
10
Code of Ethics
Preamble
12
Code of Ethics
Certificate holders will:
13
CISSP Examination
..
• Format
– 250 multiple choice questions
– Up to 6 hours to complete
• Fees
– $450
• Scheduling
– Major Information Security Conferences
– CBK Review Seminar Locations
– Hosted Events
14
Exam Overview & CBK Review Seminar
..
16
CBK Review Seminar
Module A
17
CBK Review Seminar
Module B
– Cryptography
– Telecommunications & Network Security - I & II
– Applications & Systems Development
– Operations Security
18
CBK Review Seminar
Cost & Hosting
• Fees:
– 1 Module (4 days): $1550
– 2 Modules (8 days): $2800
– Early registration discounts available
• Hosting:
– Reduction in fees for host employees
19
Additional Information
..
20
Common Body of Knowledge
History
21
Common Body of Knowledge
Committee
22
Common Body of Knowledge
..
• Is a document
• Is a description
• Is not the knowledge
• Is not the identity
• Is not exhaustive or complete
• Authoritative rather than dogmatic or didactic
• Is not exclusive; complements other descriptions
23
Common Body of Knowledge
.
• It is what it is
• It is what we collectively know but is not shared by our IT
peers or our management peers
• Described by
– the literature
– the CBK Document (Public)
– the study guide (Copyrighted)
– the Examination (Secret)
24
Common Body of Knowledge
Description
• Professional knowledge
• Expected of our professional peers
• Not expected of our management peers
• Not expected of our technology peers
• Seventeen areas identified
25
Common Body of Knowledge
Professional Knowledge
26
Common Body of Knowledge
Area
• Identification
• Description
• Expectation
• Examples
27
Common Body of Knowledge
Expectations
• identify
• recognize
• define
• describe
• distinguish
• compare and contrast
• comprehend, understand
• use, implement, and apply
• teach
• other
28
CISSP Examination
Useful Publications for Preparation
29
CISSP Examination
Philosophy & Structure
• multiple choice
• no tricks
• no time pressure
• measures habitual knowledge, not skill
• measures professional, not special knowledge
• ten domains
• 250 questions
30
CISSP Examination
Nature of Items
31
CISSP Examination
References
• Publicly available
– open source
– moderate cost
• Best authority
– law, regulation, or standard
– refereed sources
– other authoritative sources
32
CISSP Examination
Domains
33
CISSP Examination
Domains
34
CISSP Examination
Domains
• Physical Security
– Facility Planning
– Physical Security
– General Facility Construction
– Electrical Power
– Fire Suppression
– External Boundary Protection
– Personnel Access Controls
– Biometric Identification
– Distributed Processing Impact On Physical Security
35
CISSP Examination
Domains
• Operations Security
– Operational Security Issue
– Definitions
– Network Administrator Privileges
– Violation Analysis
– Operator Privileges
– Potential Abuses
– Types of Controls
– Hardware/Software Asset Management
36
CISSP Examination
Domains
• Operations Security
– Problem Management
– Change Control Management
– Secure System Operation
– Rotation of Duties
– Trusted Facility Management
– Trusted Recovery
– Trusted Recovery Procedures
37
CISSP Examination
Domains
38
CISSP Examination
Domains
39
SSCP Examination
Domains
• Access Controls
– The access controls area includes the mechanisms that allow a
system manager to specify what users and processes can do, which
resources they can access, and what operations they can perform.
40
SSCP Examination
Domains
• Administration
– The administration area encompasses the security principles,
policies, standards, procedures and guidelines used to identify,
classify and ensure the confidentiality, integrity and availability of
an organization's information assets. It also includes roles and
responsibilities, configuration management, change control,
security awareness, and the application of accepted industry
practices.
41
SSCP Examination
Domains
42
SSCP Examination
Domains
43
SSCP Examination
Domains
• Cryptography
– The cryptography area addresses the principles, means and
methods used to disguise information to ensure its integrity,
confidentiality, authenticity and non-repudiation.
44
SSCP Examination
Domains
• Data Communications
– The data communications area encompasses the structures,
transmission methods, transport formats and security measures
used to provide integrity, availability, authentication and
confidentiality for data transmitted over private and public
communications paths.
45
SSCP Examination
Domains
• Malicious Code
– The malicious code area encompasses the principles, means and
methods used by programs, applications and code segments to
infect, abuse or otherwise impact the proper operation of an
information processing system or network.
46
Why get certified?
.
47
Why get certified?
.
48
Why get certified?
.
49
Summary
.
50
Next Step
.
51