7-Step Guide to Pass the CISSP Exam Phoenix IEEE Computer Society February 11, 2003 Debbie Christofferson, CISSP, CISM Sapphire-Security Services...

7-Step Guide to Pass the CISSP Exam

Phoenix IEEE Computer SocietyFebruary 11, 2003

Debbie Christofferson, CISSP, CISMSapphire-Security Services

[email protected] 480-988-4194

mailto:[email protected]

©2004 www.career-therapy.com [email protected] Page 2

“31 percent of the certificants in a 2002 study received a job promotion within the first year

after receiving their primary technical certification.”

- CertMag.com


Key Points Defining the value of a CISSP certification Meeting the criteria to become a CISSP Learning exactly what the CISSP exam

includes Saving time and stress when preparing to

pass the exam Finding out what works and what doesn’t Applying methods that work best for you Finding out what to expect after passing

the exam


Certified Information Systems Security Professional

Recognized industry credential for security professionals

International Information Systems Security Certification Consortium, or ISC(2) administers it


Certification Value

Professions often require itSets national standards in

proficiencyProvides career recognition Creates a perception of worth and

quality for the professionConfirms a working knowledge of

information security


Certification Value For the individual

– Highlights value to a potential employer, recognizes career achievements and provides credentials based on requirements and evaluations.

– Enhances career– Opens doors

To the employer– Provides effective,

meaningful and objective measure to determine qualifications of job candidates.

– Guarantees specific skills & knowledge of the field

– Raises employee morale for companies paying for certification


Beachfront Quizzer CISSP Benefits

Wide-spread acceptance of certification credentials.

Simplified recruiting and hiring - assures a minimum knowledge level in applicants, higher quality candidates, & minimizes applicant screening.

Validated technical knowledge without being tied to a particular vendor's products. Gives substantial advantage in the fast-changing technology marketplace.

Competitive advantage in highly competitive technology markets, for certificate holder and hiring organization.


Security DemandSpecialized certifications could

cinch IT applicant job dealPay raises and bonuses based on

certifications dropped with economyDemand for some coveted

certifications has been rising, and the value of those certifications is predicted to increase.

“Specialty Certifications Carry Clout in 2003”, By Ellen O'Brien, News Editor, 20 Dec 2002, SearchDatabase.com


Security Demand "People are scanning resumes for certifications

and tossing aside ones that don't have any.” "Employers have to start somewhere."

• David Foote, president of Foote Partners, a New Canaan, Conn., research firm that specializes in tracking certification.

Security topped the list of certifications that increased in value in 2002, according to several surveys.

By most accounts, the prestigious Certified Information Security Systems Professional (CISSP) should retain its celebrity status in the coming year.

“Specialty certifications carry clout in 2003”Ellen O'Brien, News Editor, 20 Dec 2002, SearchDatabase.com


The average certificant earns $55,577

annually. …37 percent of respondents

received a promotion within a year of

attaining their primary certification, and

53 percent received an average 19.3

percent salary increase in that same first year.

Reported in December 2001 CertMag


Top Certification Salaries HP/Compaq Master

ASE $81,131 (ISC)2 CISSP $80,195 Novell Master CNE

$77,568 Oracle DBA $75,941 HP/Compaq

Accredited Professional $72,285

HP/Compaq API $71,961

Lotus CLP $69,835 Citrix

CCEA $68,578 Novell CNE $68,095 HP/Compaq APS

$67,721 http://www.certmag.com/issues- /dec02/feature_gabelhous.cfm

Average certification provides 3.2-to-1 ROI.

For every dollar invested in a certification, the certificant realizes a $3.20 return in the form of a pay raise.

Up from 2001 study (2.3-to-1 in 2001).

Vendors offering low-cost certifications provide best ROIs.

Top quartile with regard to vendors’ certification ROI also includes (ISC)2, Lotus, Citrix and Cisco.


CISSP Price/Value High Price/value of a certification is one of

the most important factors candidates consider when choosing a program

IBM’s certifications rated as providing best price/value

Overall and against all attributes of vendors’ certification programs, (ISC)2 was rated the highest

*The more years a certificant has been in IT, the more money he or she makes

Source: Certification Magazine, December 2002, “Certification, Salaries & the IT Market”

By Gary Gabelhouse


CISSP Application Criteria 3-4 years direct IS experience in

these or other related fields– Practitioner– Auditor– Consultant– Vendor– Investigator– Instructor

ISC)2) Code of Ethics College degree or equivalent life

experience Pass the CISSP exam Renewed in 3-year increments

– Annual maintenance fee– Continuous education


CISSP Exam Structure

250 Multiple choice questions 6 hours to complete Ten domains—you must pass

them all Exam questions based on

ISC(2) Common Body of Knowledge (CBK) – The foundation for an experienced

security professional


10 Test Domains1. Access Control

2. Applications & Systems Development

3. Business Continuity Planning

4. Cryptography

5. Law, Investigation & Ethics

6. Operations Security

7. Physical Security

8. Security Architecture

9. Security Management Practices

10. Telecommunications, Network & Internet Security


Exam Preparation Strategies That Work

Practice testsSelf-studyStudy groupsReview seminar or course


Study MethodsCertification Magazine, Tim Sosbe

“Certification Training: Real Results, Real Value”


CISSP Review Seminar

(ISC)² CISSP CBK Register online at

– https://www.isc2.org Investment discounted for early

registration and professional security group members ($2245-$2695)

Offered at some industry conferences in condensed format and reduced cost

Government rates available


What Doesn’t Work

Reading a big stack of booksStudying in groupsTaking the test cold turkey


After the ExamReceive written test resultsComplete and submit CISSP

application– CISSP application endorsement by

qualified third party before credential is awarded

– Candidate’s employer– Any licensed, certified or commissioned

professional may endorse a CISSP candidate

Annual maintenance fee $85


After Passing the Exam

Receive certificate and ID with CISSP designation & #

Optional – CISSP directory listing

– Speakers’ Bureau participation

– Serve on committees

– Participate in annual ISC(2) elections


Re-Certification Every 3 Years

Earn 120 hours continuing professional education (CPE) credit over 3 year period

– 80-120 A-Credit hours. 80 must be earned in activities directly related to profession

– 40 B-Credit hours. Up to 40 CPEs may be earned in other educational activities that enhance the CISSP’s overall professional skills, knowledge, and competency.

– Some carry-over permitted if you earn more than 120 hours in a 3-year period

OR retake and pass the exam every three years

Random audits


Earning Certification Credit

–Educate others on security

–Write on security

–Author CISSP exam questions

–Participate in security forums

–Serve on professional security group boards and committees

–Attend security training


SSCP System Security Certified Practitioner

International standard for practitioners of information security and understanding of a Common Body of Knowledge (CBK).

Sponsored and administered by ISC(2) Covers seven domains Focuses on practices, roles and

responsibilities as defined by experts from major IS industries.

Includes 125 multiple-choice questions, on exam with up to 3 hours given for completion


SSCPSeven domains:

1.Access Controls 2.Administration 3.Audit and Monitoring 4.Risk, Response and Recovery 5.Cryptography 6.Data Communications 7.Malicious Code/Malware


Other Security Certifications

ISACA CISM - Certified Information Security Manager

ITAA ISA – Information Security Awareness CWSP – Certified Wireless Security

Professional (secure your wireless LAN)– http://www.certz.com/certztop50/index.html


ISACA CISA - Certified Information System Auditor

ISACA lists 29,000 worldwide Geared to information assurance

and business processes. Beginning of competence in

auditing and IT auditing Auditing is biggest component Common in IT auditing with audit

firms, banking, and finance


SANS Security Institute Global Information Assurance

Certification (GIAC)– GIAC Certified Intrusion Analyst (GCIA) – GIAC Certified Firewall Analyst (GCFW) – GIAC Security Essentials Certification

(GSEC) Additional certifications will follow shortly, with the GIAC Certified UNIX Security Administrator (GCUX) next on the list for release


CISCO Security Certifications CCSP - Cisco® Certified Security

Professional– For network professionals who design and

implement secure CISCO networks. MCNS - Managing Cisco Network Security CSPFA - Cisco Secure PIX Firewall

Advanced CSIDS - Secure Intrusion Detection

System CSVPN - Cisco Secure VPN CSI - Cisco SAFE Implementation


NSA ISSEP Certification ISC2 selected by the NSA to develop

new ISSEP (Information Systems Security Engineering Professional) certification

Likely to become a best practice for people who want to do highly sophisticated information security work within the national security sector, and throughout government and private sector.

(ISC)2 plans to offer the new certification to all federal agencies and private-sector companies that do business with the federal government


"The U.S. government has a unique set of standards for information

security," said Patricia Moreno, chief of staff for NSA's Information

Assurance Directorate.

"We believe (ISC)2's longtime international

expertise in professional certification best suits our training needs within

NSA."


ISSEP Certification Domains

Certification and accreditationGovernment policy and

regulationSystems security engineering

process Protection needs

determination


Security Certifications CISA (ISACA) CISSP® (ISC)² GIAC (SANS) CISM (ISACA) ISEB (ISMC) ISSAP (ISC)² ISSEP (ISC)² ISSMP (ISC)² ITPC (UK Gov't) SSCP® (ISC)² Security + (CompTIA) TICSA (TruSecure) Vendor Specific Certification: i.e. MCSE

– Listed by Reed Surveys Feb/04


ITAA Survey on Certifications & Hiring

“Seventy-three percent said Certified Information Security Systems Professional (CISSP) certifications carry the most

weight.”

September 15, 2003 Press Release at www.itaa.org/news


Summary Beef up your resume and career Complete practice tests by domain Study only the domains below 85% Complete a review course for best

rate of passing Allocate study time based on

experience and practice test results


Appendix


Terms & DefinitionsCBK – Common Body of KnowledgeCISA - Certified Information Systems

AuditorCISM – Certified Information Security

ManagerCISSP - Certified Information Security

System ProfessionalSANS Institute - SysAdmin, Audit,

Network, Security SSCP – System Security Certified

Practitioner


Resources - CISSP www.isc2.org

– Certifying body for CISSP, SSCP, and NSA’s ISSEP

– Test & review seminar schedule, resources, jobs

CISSP Review Course schedule– https://www.isc2.org/cgi/course_schedule.cgi

www.cissp.com– Books, seminar & exam schedules, resources, jobs


Computer Security Institute 30th Annual Security Conference

Sponsored by (ISC)2 Review Seminar

– November 5-6, 8:30 AM - 5:00 PM CISSP Exam:

– Friday, November 7, 8:00 AM to 3:00 PM CISSP Networking Reception

– Tuesday, November 4, 6:30 - 7:30 PM

http://www.gocsi.com/events/cissp-exam.jhtml


Official (ISC)2 Guide to the CISSP Exam

Created by the exam's certifying organization (ISC)2.

Based on the CISSP course Reviewed by past ISSA President and

ISSA/(ISC)2 and Hal Tipton Retail Price: $69.95

– Discounted at www.cissp.com to $60 USD

Rating at www.cissp.com


CISSP Exam Guide Books The CISSP Prep Guide: Mastering the Ten

Domains of Computer Security– by Ronald L. Krutz, Russell Dean Vines and

Edward M. Stroz CISSP Exam Cram

– by Mandy Andress CISSP All-in-One Exam Guide

– by Shon Harris, for practice exams Security Engineering: A Guide to Building

Dependable Distributed Systems– by Ross J. Anderson. Covers most exam topics


CISSP Exam Guide BooksCISSP All-in-One Exam Guide

– by Shon Harris. DVD training class also available.

The Total CISSP Exam Prep Book: Practice Questions, Answers, and Test Taking Tips and Techniques– by Thomas Peltier, Patrick D. Howard

CISSP for Dummies– by Lawrence C. Miller

Mike Meyers’ CISSP Certification Passport– by Shon Harris


CISSP Practice Testswww.cissp.com

– Exam Preparation Software– FlashCard for the CISSP exam

www.boson.com www.cccure.org www.srvbooks.comwww.bfq.com


Certification ResourcesBooks

– www.amazon.com– Information Security Management Handbook,

4th Edition, Vol I and II – by Harold F. Tipton & Micki Krause

SANS Institute www.sans.orgISACA www.isaca.org

– CISA & CISMCertification exam practice

– http://www.freepractice.com/default.htm– http://www.skilldrill.com/– http://www.certificationzone.com


Bio Debbie Christofferson, CISSP, CISM

Practiced leading edge Fortune 500 security management and consulting for 14 years, with 20 overall years in the technology field.

Consultant, speaker, and published author

www.Sapphire-Security.com www.Career-Therapy.com [email protected]

7-Step Guide to Pass the CISSP Exam Phoenix IEEE Computer Society February 11, 2003 Debbie Christofferson, CISSP, CISM Sapphire-Security Services...

Documents

certification slide

cissp certification

exam slide

average certification

primary certification

tracking certification

certmag slide

isc2 cissp