What is CISSP Anyway?

A Presentation by:

George L. McMullin II, CISSPCOO, CorpNet Security, Inc.

Executive Director, NEbraskaCERT

Where we’re headed today

• A little history

• A little certification

• And a little more

The Certification Movement

• Security organizations already exist pre-’88

• Special Interest Group for Computer Security (SIG-CS) of the Data Processing Management Association (DPMA) - Nov ‘88

• Volunteers from several organizations began a joint effort to forge a certification program

– SIG-CS of the DPMA

– Information Systems Security Association (ISSA)

– Computer Security Institute (CSI)

– Canadian Information Processing Society (CIPS)

– Several agencies of the U.S. and Canadian governments

– Idaho State University

Certification Realized

• International Information Systems Security Certification Consortium (ISC)² established mid-’89– nonprofit corporation

– develop a certification program for information systems security practitioners

– certification body, not a membership organization

(ISC)²

• Code of Ethics established

– Canons

• Protect society, the commonwealth, and the infrastructure

• Act honorably, honestly, justly, responsibly, and legally

• Provide diligent and competent service to principals

• Advance and protect the profession

(ISC)²

• Certification for Information Systems Security Professionals (CISSP)– Ten “Common Body of Knowledge” (CBK) areas defined

• Access Control Systems and Methodology

• Telecommunications and Network Security

• Security Management Practices

• Applications and System Development Security

• Cryptography

• Security Architecture and Models

• Operations Security

• Business Continuity Planning and Disaster Recovery Planning

• Law, Investigations and Ethics

CISSP

• Certification for Information Systems Security Professionals (CISSP)– Examination

• Prerequisites:– Subscribe to code of ethics

– Have 3 years direct work experience in one of 10 areas of CBK

• $450 fee

• 6 hours

• 250 multiple-choice questions

– Recertification• Annual fee of $85

• Abide by code of ethics

• Earn 120 Continuing Professional Education (CPE) credits every 3 years

CISSP

• Preparation

– (ISC)² CBK review seminars• Four days - $1550 (w/ exam add $275)

• Eight days - $2800 (w/ exam add $275)

– NEbraskaCERT CISSP Exam Preparation Course• Ten weeks - $1495 (discounts available)

– Self study

Coming Certification . . .

• Systems Security Certified Practitioner (SSCP)– Aimed at network and systems security administrators

– Multiple examinations• Core examination - multiple choice

• Optional specialty exams specific to technologies - scenario based

• Seven areas of CBK– Access controls

– Administration

– Audit and monitoring

– Risk, response and recovery

– Cryptography

– Data communications

– Malicious code

Contacting George• NEbraskaCERT

– george.mcmullin@nebraskacert.org

• CorpNet Security

– george@corpnetsecurity.com

• Cell phone

– (402) 968-6830