As information systems become progressively more central to business operations, it becomes more critical that the staff in charge of them be well versed in the skills required to maintain them securely. To this end, the Certified Information Systems Security Professional (CISSP) certification was created to measure knowledge and skill around issues of security. It was developed by the International Information Systems Security Certification Consortium (ISC2). It has since been formally recognized by the United States Department of Defense and used by the National Security Agency as a basis for their own security certification.
CISSP certification is open to security professionals in a variety of specialties. The domains it focuses on, as listed by the ISC2, include: access control; application development security; business continuity and disaster recovery planning; cryptography; information security governance and risk management; legal, regulations, investigations, and compliance; operations security; physical (environmental) security; security architecture and design; and telecommunications and network security. Candidates for the certification must have at least five years of full-time experience doing work that involves at least two of these domains. However, if the candidate also possesses another certification on the approved list, they only need four years of experience.
There are additional requirements to becoming CISSP certified that are focused on ensuring that candidates have the right mindset and background for security work. They must accept the CISSP Code of Ethics. In addition, they need to answer several questions regarding their criminal background and other related information. Further, they must have a written endorsement from someone else who has already received the CISSP certification. In combination, these requirements and the knowledge and experience requirements assure employers that everyone who possesses this certification has both the skills and the temperament of a person who can be entrusted with sensitive information.
CISSP training classes are the best way to prepare for the exam. The test itself is taken over the course of 6 hours and includes 250 questions. The amount of material is extensive, and the length of the test itself makes it a grueling process. It’s much more likely that a candidate will pass if they’ve gone through a structured program that guarantees that each of the fields covered by the exam is given adequate attention. CISSP classes provide this structure, and also ensure that the material is covered and reviewed over an extended period of time, which is more likely to result in real understanding and learning.
Maintaining certification requires an ongoing commitment to professional development. After three years it must be renewed. If desired, this can be done by taking the CISSP exam again, but it’s usually done by accumulating at least 120 Continuing Professional Education (CPE) credits during each renewal period. This can include taking classes (though they aren’t required to be specifically CISSP classes), teaching, writing, volunteering, and attending conferences. Generally, credits are earned at a rate of one per hour of activity, though certain tasks have been assigned a set number of credits.
The CISSP certification is the industry’s best way of identifying those professionals who can be trusted to meet the security needs of businesses. It covers every critical area of concern. It verifies that they have the knowledge, the experience, the attitude, and the commitment to ongoing development of their skills that together make a great security professional.
________________________________
.jpg){kind=small}
