Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Ex-Bay Networks CEO: Nortel's enterprise group could do well on its own
Net neutrality advocates score big win with broadband stimulus rules
Security guard charged with hacking hospital systems
Cisco looks to accelerate virtualization deployments
Apple patching serious SMS vulnerability on iPhone
Could Cisco take on Microsoft with office app service?
Nortel enterprise data chief wants to bring back Bay Networks
Government releases $4 billion in broadband stimulus funds
Why the iPhone can't be 'killed'
IBM bundles x86 servers with VMware, offers special financing
Users note virtualization foot-dragging among app vendors
Five slick search engines you should know about
FTC opens all out assault on economic cyber-scammers
Happy birthday! The Walkman turns 30
Cisco won't take on Amazon in cloud
Security /

Preparing for the CISSP exam, Part 1

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

By M. E. Kabay
Network World Security Newsletter, 03/21/01

A reader and colleague recently asked me a few questions about the Certified Information Systems Security Professional exam, and I thought readers might benefit from the interchange.

N. Todd Pritsky (see http://www.pritsky.net) is one of the authors collaborating in the preparation of " The Computer Security Handbook, Fourth Edition, " edited by Sy Bosworth and me. It will be published this year by Wiley.

Advertisement:

In this first segment of a three-part series, I look at the exam.

Pritsky asked:

" How does the CISSP compare to the [Systems Security Certified Practitioner] in terms of the exam itself and the relative weight/importance of the certification? "

Both are useful stages in professional development. Visit the International Information Systems Security Certification Consortium (ISC)² Web site - www.isc2.org/ - where you will find a wealth of material about the CISSP and the SSCP.

The SSCP is more hands-on and limited to technical issues. According to the description at https://www.isc2.org/sscp_examover.html: "The International Information Systems Security Certification Consortium, or (ISC)², working with a professional testing service, has developed a certification examination based on the SSCP Common Body of Knowledge (CBK). Candidates have up to 3 hours to complete the examination ... which consists of multiple-choice questions that address the seven topical test domains of the CBK. The information systems security test domains are:

* Access Control.

* Administration.

* Audit and Monitoring.

* Risk, Response, and Recovery.

* Cryptography.

* Data Communications.

* Malicious Code."

In contrast, the CISSP is deliberately designed to cover a wide range of topics that distinguish information security experts from other kinds of IT experts. As described at https://www.isc2.org/cissp_examover.html: "Candidates have up to 6 hours to complete the examination ... which consists of 250 multiple-choice questions that address the [10] topical test domains of the CBK. The information systems security test domains are:

* Access Control Systems & Methodology.

* {Computer} Operations Security.

* Cryptography.

* Application & Systems Development.

* Business Continuity & Disaster Recovery Planning.

* Telecommunications & Network Security.

* Security Architecture & Models.

* Physical Security.

* Security Management Practices.

* Law, Investigations & Ethics."

Pritsky also asked:

" What can you tell me about the exam itself? A lot of questions? Evenly distributed amongst the 10 domains? Multiple choice? Hands-on? I don't really know what to expect. "

CISSPs and all who take the exam are under nondisclosure agreement not to divulge the detailed content. See sample questions on the (ISC)² Web site.

In the next segment of this three-part series, I will look at useful reading for future CISSPs.

RELATED LINKS

Check out the new "Computer Security Handbook, 4th Edition" edited by Seymour Bosworth and Michel E. Kabay; Wiley (New York), ISBN 0-4714-1258-9. Available now at your technical bookstore or visit Amazon.

M. E. Kabay, Ph.D., CISSP is Associate Professor of Information Assurance in the Department of Computer Information Systems at Norwich University in Northfield, Vt. Mich can be reached by e-mail by clicking here. He invites inquiries about his information security and operations management courses and consulting services. Visit his Web site for papers and course materials on information technology, security and management.

Archive of Network World Fusion Focus on Security newsletters

Network World Security and Bug Patch Alert
News of the latest security holes and patches.

Pentagon interest may give biometrics needed boost
Network World, 03/19/01

RedSiren couples management with security
Network World, 03/19/01

Hosting firm to put intrusion detection to the test
Network World, 03/19/01

Advertisement:

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.