Becoming a CISSP
This chapter presents the following:
• The reasons to become a CISSP
• What the CISSP exam entails
• What the Common Body of Knowledge contains
• The history of (ISC)2 and the CISSP exam
• Recertification requirements
• An assessment test to gauge your current security knowledge
This book is intended to welcome you to the exciting world of security and start you on a new path toward obtaining your CISSP certification!
The Certified Information Systems Security Professional (CISSP) exam covers ten domains, each of which may be considered a full field of study in itself, with many individual books and papers written on just that subject. Thus, you may have the impression that to prepare properly for the CISSP exam you must read a stack of books. Without this third edition of CISSP All-In-One Exam Guide in hand, that impression may be true. However, the goal of this book is to provide in one resource all the information that you need to pass the CISSP exam. It also serves as a reference that you can use long after you achieve the CISSP certification.
Why Become a CISSP?
Security is a hot issue, not only in the security and technology fields, but also in every organization, government agency, and military unit. Computer and information security used to be an obscure term known only by a few. Security expertise was considered of minimal importance because risks were low. Hacking required great skill and knowledge and thus was not a common practice. Today, however, most corporations and organizations are desperately searching for talented and experienced security professionals to help them protect the resources that keep their companies alive and competitive. The CISSP certification identifies you as a security professional who has successfully met a predefined standard of knowledge and experience that is well understood and respected throughout the industry at large. Keeping this certification current shows
8/9/2005 2:10:36 PM
All-in-1 / CISSP All-in-One / Harris / 5712-1
CISSP All-in-One Exam Guide
that you have a serious interest in keeping abreast of security technologies and events relevant to practicing information security.
There are many reasons to achieve a CISSP certification:
• To meet a growing demand and thrive in an ever expanding field • To broaden your current knowledge of security concepts and practices • To bring security expertise to your current occupation
• To become more marketable in a competitive workforce
• To show a dedication to the security discipline
• To increase your salary and be eligible for more employment opportunities The CISSP certification helps companies identify individuals who have the ability, knowledge, and experience to implement solid security practices, perform risk analysis, identify necessary countermeasures, and help the organization as a whole protect its facility, network, systems, and information. The CISSP certification also provides security professionals with the credential that represents the skill set they want to offer to employers. Today, a greater demand is put on security as an integral part of corporate success. This, in turn, increases the demand for highly skilled security professionals. The CISSP certification shows that a respected third-party organization has recognized an individual’s technical and theoretical knowledge and expertise, and distinguishes that individual from those who lack the certification.
Understanding and implementing security practices is an essential part of being a good network administrator, programmer, or engineer. Job descriptions that do not specifically target security professionals often still require a potential candidate to have good understanding of security concepts and the ability to implement them. Many organizations cannot afford distinct network and security staffs. However, they...