Sooty Solutions - Burnaby BC Consulting Company - Advising Business Managers on Security, Information Technology, Business Process Performance, & Best Practices
Sooty HomeContractors are BetterThe Sooty ApproachLong Range PlanningThe Sooty PartnersContact Us
   

Security Links
Checklists, Tips & Links
 
  BCP Links
  Security Links
  Performance Reviews
  Economics Links
  Web Design Links
  Sooty's Sayings
  Gateway to Webber
 
 

What is a CISSP ?
The CISSP (Certified Information Systems Security Professional) is the most senior security certification available in the industry today. It is designed to certify managers who supervise security experts that have detailed knowledge on a specific industry platform like network administrators with Cisco or Nortel certification or system administrators with Microsoft or Linux certification. There are other security certifying organizations that offer similar certifications like SANS and there will always be arguments about which certification is better.

The CISSP requires study and an examination on topics covering ten security domains including: Access Control, Applications Development, Disaster Recovery Planning, Cryptography, Law & Investigation, Operations Security, Physical Security, Security Architecture, Security Management, and Telecommunications & Network Security.

CISSP Exam Process and Dates
(ISC)2 is the organization responsible for defining the content of the CISSP and SSCP exams, setting the exam dates, and registering the certificates. This is where you should start.


Internet Resources for CISSP Study
The best site is the CISSP OSG; it has advice, sample exams, study guides, books reviews and links to other CISSP resources. CISSP OSG is a non-commercial volunteer site that has been around for 5 years. The Security Docs site is huge so take a look around for security resources, legal issues, whitepapers and tools downloads. This Security Docs page offers many links specializing in CISSP certification. cissp.com is a commercial site with a community and security links but it also trying to sell you books and training.

Yahoo Study Groups are a great way to find others who are studying for the CISSP. The problem with these groups is that they go through active/inactive phases. The group I used CISSP Study_1 has over 3600 members, it was was very busy in 2001 so it has a good archive, but it appears inactive now. The best approach is the go to the Yahoo Groups home and type "CISSP" into the search engine, look through the 100+ groups listed, and join a few of the more active groups.


CISSP Books
A great book is "The CISSP Prep Guide: Mastering the Ten Domains of Computer Security" by Ronald L. Krutz (Author), Russell Dean Vines (Author) which is now showing up used and in half priced computer book stores. You also need to buy a book with lots practice exams. For example buy Volume 2 (Volume 1 is the study guide and there are better books available). If you do the exams from Volume 2 over and over until you can find the errors and typos you are ready for the exam.


General Security Resources
For a big security site go to Security Focus. You can start with a specific CISSP question and wander though the site or just wander and find out what is current in security.

Since the CISSP is primarily USA-centric there are some key US Government documents you need to read. NIST is a huge site with security and standards documents on almost every topic. While studying for the CISSP you will become very familiar with the Rainbow Series of standards. The "Rainbow" refers to the fact each of the different standards is held in a volume with a different colour.

Good security resources also show up on many company and university web sites but they are harder to find. Consulting firms (like Boran) often have free security resources. Many universities (like Purdue) are a great source of free security resources that are current and maintained by leaders in the field who teach the material.