7-Step Guide to Pass the CISSP Exam Phoenix IEEE Computer Society February 11, 2003 Debbie Christofferson, CISSP, CISM Sapphire-Security Services [email protected] 480- 988-4194
Mar 27, 2015
7-Step Guide to Pass the CISSP Exam
Phoenix IEEE Computer SocietyFebruary 11, 2003
Debbie Christofferson, CISSP, CISMSapphire-Security Services
[email protected] 480-988-4194
©2004 www.career-therapy.com [email protected] Page 2
“31 percent of the certificants in a 2002 study received a job promotion within the first year
after receiving their primary technical certification.”
- CertMag.com
©2004 www.career-therapy.com [email protected] Page 3
Key Points Defining the value of a CISSP certification Meeting the criteria to become a CISSP Learning exactly what the CISSP exam
includes Saving time and stress when preparing to
pass the exam Finding out what works and what doesn’t Applying methods that work best for you Finding out what to expect after passing
the exam
©2004 www.career-therapy.com [email protected] Page 4
Certified Information Systems Security Professional
Recognized industry credential for security professionals
International Information Systems Security Certification Consortium, or ISC(2) administers it
©2004 www.career-therapy.com [email protected] Page 5
Certification Value
Professions often require itSets national standards in
proficiencyProvides career recognition Creates a perception of worth and
quality for the professionConfirms a working knowledge of
information security
©2004 www.career-therapy.com [email protected] Page 6
Certification Value For the individual
– Highlights value to a potential employer, recognizes career achievements and provides credentials based on requirements and evaluations.
– Enhances career– Opens doors
To the employer– Provides effective,
meaningful and objective measure to determine qualifications of job candidates.
– Guarantees specific skills & knowledge of the field
– Raises employee morale for companies paying for certification
©2004 www.career-therapy.com [email protected] Page 7
Beachfront Quizzer CISSP Benefits
Wide-spread acceptance of certification credentials.
Simplified recruiting and hiring - assures a minimum knowledge level in applicants, higher quality candidates, & minimizes applicant screening.
Validated technical knowledge without being tied to a particular vendor's products. Gives substantial advantage in the fast-changing technology marketplace.
Competitive advantage in highly competitive technology markets, for certificate holder and hiring organization.
©2004 www.career-therapy.com [email protected] Page 8
Security DemandSpecialized certifications could
cinch IT applicant job dealPay raises and bonuses based on
certifications dropped with economyDemand for some coveted
certifications has been rising, and the value of those certifications is predicted to increase.
“Specialty Certifications Carry Clout in 2003”, By Ellen O'Brien, News Editor, 20 Dec 2002, SearchDatabase.com
©2004 www.career-therapy.com [email protected] Page 9
Security Demand "People are scanning resumes for certifications
and tossing aside ones that don't have any.” "Employers have to start somewhere."
• David Foote, president of Foote Partners, a New Canaan, Conn., research firm that specializes in tracking certification.
Security topped the list of certifications that increased in value in 2002, according to several surveys.
By most accounts, the prestigious Certified Information Security Systems Professional (CISSP) should retain its celebrity status in the coming year.
“Specialty certifications carry clout in 2003”Ellen O'Brien, News Editor, 20 Dec 2002, SearchDatabase.com
©2004 www.career-therapy.com [email protected] Page 10
The average certificant earns $55,577
annually. …37 percent of respondents
received a promotion within a year of
attaining their primary certification, and
53 percent received an average 19.3
percent salary increase in that same first year.
Reported in December 2001 CertMag
©2004 www.career-therapy.com [email protected] Page 11
Top Certification Salaries HP/Compaq Master
ASE $81,131 (ISC)2 CISSP $80,195 Novell Master CNE
$77,568 Oracle DBA $75,941 HP/Compaq
Accredited Professional $72,285
HP/Compaq API $71,961
Lotus CLP $69,835 Citrix
CCEA $68,578 Novell CNE $68,095 HP/Compaq APS
$67,721 http://www.certmag.com/issues- /dec02/feature_gabelhous.cfm
Average certification provides 3.2-to-1 ROI.
For every dollar invested in a certification, the certificant realizes a $3.20 return in the form of a pay raise.
Up from 2001 study (2.3-to-1 in 2001).
Vendors offering low-cost certifications provide best ROIs.
Top quartile with regard to vendors’ certification ROI also includes (ISC)2, Lotus, Citrix and Cisco.
©2004 www.career-therapy.com [email protected] Page 12
CISSP Price/Value High Price/value of a certification is one of
the most important factors candidates consider when choosing a program
IBM’s certifications rated as providing best price/value
Overall and against all attributes of vendors’ certification programs, (ISC)2 was rated the highest
*The more years a certificant has been in IT, the more money he or she makes
Source: Certification Magazine, December 2002, “Certification, Salaries & the IT Market”
By Gary Gabelhouse
©2004 www.career-therapy.com [email protected] Page 13
CISSP Application Criteria 3-4 years direct IS experience in
these or other related fields– Practitioner– Auditor– Consultant– Vendor– Investigator– Instructor
ISC)2) Code of Ethics College degree or equivalent life
experience Pass the CISSP exam Renewed in 3-year increments
– Annual maintenance fee– Continuous education
©2004 www.career-therapy.com [email protected] Page 14
CISSP Exam Structure
250 Multiple choice questions 6 hours to complete Ten domains—you must pass
them all Exam questions based on
ISC(2) Common Body of Knowledge (CBK) – The foundation for an experienced
security professional
©2004 www.career-therapy.com [email protected] Page 15
10 Test Domains1. Access Control
2. Applications & Systems Development
3. Business Continuity Planning
4. Cryptography
5. Law, Investigation & Ethics
6. Operations Security
7. Physical Security
8. Security Architecture
9. Security Management Practices
10. Telecommunications, Network & Internet Security
©2004 www.career-therapy.com [email protected] Page 16
Exam Preparation Strategies That Work
Practice testsSelf-studyStudy groupsReview seminar or course
©2004 www.career-therapy.com [email protected] Page 17
Study MethodsCertification Magazine, Tim Sosbe
“Certification Training: Real Results, Real Value”
©2004 www.career-therapy.com [email protected] Page 18
CISSP Review Seminar
(ISC)² CISSP CBK Register online at
– https://www.isc2.org Investment discounted for early
registration and professional security group members ($2245-$2695)
Offered at some industry conferences in condensed format and reduced cost
Government rates available
©2004 www.career-therapy.com [email protected] Page 19
What Doesn’t Work
Reading a big stack of booksStudying in groupsTaking the test cold turkey
©2004 www.career-therapy.com [email protected] Page 20
After the ExamReceive written test resultsComplete and submit CISSP
application– CISSP application endorsement by
qualified third party before credential is awarded
– Candidate’s employer– Any licensed, certified or commissioned
professional may endorse a CISSP candidate
Annual maintenance fee $85
©2004 www.career-therapy.com [email protected] Page 21
After Passing the Exam
Receive certificate and ID with CISSP designation & #
Optional – CISSP directory listing
– Speakers’ Bureau participation
– Serve on committees
– Participate in annual ISC(2) elections
©2004 www.career-therapy.com [email protected] Page 22
Re-Certification Every 3 Years
Earn 120 hours continuing professional education (CPE) credit over 3 year period
– 80-120 A-Credit hours. 80 must be earned in activities directly related to profession
– 40 B-Credit hours. Up to 40 CPEs may be earned in other educational activities that enhance the CISSP’s overall professional skills, knowledge, and competency.
– Some carry-over permitted if you earn more than 120 hours in a 3-year period
OR retake and pass the exam every three years
Random audits
©2004 www.career-therapy.com [email protected] Page 23
Earning Certification Credit
–Educate others on security
–Write on security
–Author CISSP exam questions
–Participate in security forums
–Serve on professional security group boards and committees
–Attend security training
©2004 www.career-therapy.com [email protected] Page 24
SSCP System Security Certified Practitioner
International standard for practitioners of information security and understanding of a Common Body of Knowledge (CBK).
Sponsored and administered by ISC(2) Covers seven domains Focuses on practices, roles and
responsibilities as defined by experts from major IS industries.
Includes 125 multiple-choice questions, on exam with up to 3 hours given for completion
©2004 www.career-therapy.com [email protected] Page 25
SSCPSeven domains:
1.Access Controls 2.Administration 3.Audit and Monitoring 4.Risk, Response and Recovery 5.Cryptography 6.Data Communications 7.Malicious Code/Malware
©2004 www.career-therapy.com [email protected] Page 26
Other Security Certifications
ISACA CISM - Certified Information Security Manager
ITAA ISA – Information Security Awareness CWSP – Certified Wireless Security
Professional (secure your wireless LAN)– http://www.certz.com/certztop50/index.html
©2004 www.career-therapy.com [email protected] Page 27
ISACA CISA - Certified Information System Auditor
ISACA lists 29,000 worldwide Geared to information assurance
and business processes. Beginning of competence in
auditing and IT auditing Auditing is biggest component Common in IT auditing with audit
firms, banking, and finance
©2004 www.career-therapy.com [email protected] Page 28
SANS Security Institute Global Information Assurance
Certification (GIAC)– GIAC Certified Intrusion Analyst (GCIA) – GIAC Certified Firewall Analyst (GCFW) – GIAC Security Essentials Certification
(GSEC) Additional certifications will follow shortly, with the GIAC Certified UNIX Security Administrator (GCUX) next on the list for release
©2004 www.career-therapy.com [email protected] Page 29
CISCO Security Certifications CCSP - Cisco® Certified Security
Professional– For network professionals who design and
implement secure CISCO networks. MCNS - Managing Cisco Network Security CSPFA - Cisco Secure PIX Firewall
Advanced CSIDS - Secure Intrusion Detection
System CSVPN - Cisco Secure VPN CSI - Cisco SAFE Implementation
©2004 www.career-therapy.com [email protected] Page 30
NSA ISSEP Certification ISC2 selected by the NSA to develop
new ISSEP (Information Systems Security Engineering Professional) certification
Likely to become a best practice for people who want to do highly sophisticated information security work within the national security sector, and throughout government and private sector.
(ISC)2 plans to offer the new certification to all federal agencies and private-sector companies that do business with the federal government
©2004 www.career-therapy.com [email protected] Page 31
"The U.S. government has a unique set of standards for information
security," said Patricia Moreno, chief of staff for NSA's Information
Assurance Directorate.
"We believe (ISC)2's longtime international
expertise in professional certification best suits our training needs within
NSA."
©2004 www.career-therapy.com [email protected] Page 32
ISSEP Certification Domains
Certification and accreditationGovernment policy and
regulationSystems security engineering
process Protection needs
determination
©2004 www.career-therapy.com [email protected] Page 33
Security Certifications CISA (ISACA) CISSP® (ISC)² GIAC (SANS) CISM (ISACA) ISEB (ISMC) ISSAP (ISC)² ISSEP (ISC)² ISSMP (ISC)² ITPC (UK Gov't) SSCP® (ISC)² Security + (CompTIA) TICSA (TruSecure) Vendor Specific Certification: i.e. MCSE
– Listed by Reed Surveys Feb/04
©2004 www.career-therapy.com [email protected] Page 34
ITAA Survey on Certifications & Hiring
“Seventy-three percent said Certified Information Security Systems Professional (CISSP) certifications carry the most
weight.”
September 15, 2003 Press Release at www.itaa.org/news
©2004 www.career-therapy.com [email protected] Page 35
Summary Beef up your resume and career Complete practice tests by domain Study only the domains below 85% Complete a review course for best
rate of passing Allocate study time based on
experience and practice test results
©2004 www.career-therapy.com [email protected] Page 36
Appendix
©2004 www.career-therapy.com [email protected] Page 37
Terms & DefinitionsCBK – Common Body of KnowledgeCISA - Certified Information Systems
AuditorCISM – Certified Information Security
ManagerCISSP - Certified Information Security
System ProfessionalSANS Institute - SysAdmin, Audit,
Network, Security SSCP – System Security Certified
Practitioner
©2004 www.career-therapy.com [email protected] Page 38
Resources - CISSP www.isc2.org
– Certifying body for CISSP, SSCP, and NSA’s ISSEP
– Test & review seminar schedule, resources, jobs
CISSP Review Course schedule– https://www.isc2.org/cgi/course_schedule.cgi
www.cissp.com– Books, seminar & exam schedules, resources, jobs
©2004 www.career-therapy.com [email protected] Page 39
Computer Security Institute 30th Annual Security Conference
Sponsored by (ISC)2 Review Seminar
– November 5-6, 8:30 AM - 5:00 PM CISSP Exam:
– Friday, November 7, 8:00 AM to 3:00 PM CISSP Networking Reception
– Tuesday, November 4, 6:30 - 7:30 PM
http://www.gocsi.com/events/cissp-exam.jhtml
©2004 www.career-therapy.com [email protected] Page 40
Official (ISC)2 Guide to the CISSP Exam
Created by the exam's certifying organization (ISC)2.
Based on the CISSP course Reviewed by past ISSA President and
ISSA/(ISC)2 and Hal Tipton Retail Price: $69.95
– Discounted at www.cissp.com to $60 USD
Rating at www.cissp.com
©2004 www.career-therapy.com [email protected] Page 41
CISSP Exam Guide Books The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security– by Ronald L. Krutz, Russell Dean Vines and
Edward M. Stroz CISSP Exam Cram
– by Mandy Andress CISSP All-in-One Exam Guide
– by Shon Harris, for practice exams Security Engineering: A Guide to Building
Dependable Distributed Systems– by Ross J. Anderson. Covers most exam topics
©2004 www.career-therapy.com [email protected] Page 42
CISSP Exam Guide BooksCISSP All-in-One Exam Guide
– by Shon Harris. DVD training class also available.
The Total CISSP Exam Prep Book: Practice Questions, Answers, and Test Taking Tips and Techniques– by Thomas Peltier, Patrick D. Howard
CISSP for Dummies– by Lawrence C. Miller
Mike Meyers’ CISSP Certification Passport– by Shon Harris
©2004 www.career-therapy.com [email protected] Page 43
CISSP Practice Testswww.cissp.com
– Exam Preparation Software– FlashCard for the CISSP exam
www.boson.com www.cccure.org www.srvbooks.comwww.bfq.com
©2004 www.career-therapy.com [email protected] Page 44
Certification ResourcesBooks
– www.amazon.com– Information Security Management Handbook,
4th Edition, Vol I and II – by Harold F. Tipton & Micki Krause
SANS Institute www.sans.orgISACA www.isaca.org
– CISA & CISMCertification exam practice
– http://www.freepractice.com/default.htm– http://www.skilldrill.com/– http://www.certificationzone.com
©2004 www.career-therapy.com [email protected] Page 45
Bio Debbie Christofferson, CISSP, CISM
Practiced leading edge Fortune 500 security management and consulting for 14 years, with 20 overall years in the technology field.
Consultant, speaker, and published author
www.Sapphire-Security.com www.Career-Therapy.com [email protected]