Upload
jimbo
View
38
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Information System Security Association ISSA Buffalo Niagara. Introduction to CISSP Study Sessions. ISSA Overview. Information Systems Security Association (ISSA) is the largest international, not-for-profit association specifically for security professionals. - PowerPoint PPT Presentation
Citation preview
www.issa.org 1
www.issa.org 2
Information System Security Association
ISSA Buffalo NiagaraInformation System Security Association
ISSA Buffalo Niagara
Introduction to CISSP Study Sessions
www.issa.org 3
ISSA OverviewISSA Overview
Information Systems Security Association (ISSA) is the largest international, not-for-profit association specifically for security professionals.
The association and chapter provide educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of their members.
www.issa.org 4
ISSA Buffalo Niagara History and Background
• First meeting April 11, 2003• 25 dues paying members and
growing• Not yet officially recognized as
chapter, but acting like one anyway• Six months of regular meetings• Already held first full day event, 2
more scheduled
www.issa.org 5
Introductions
• Name• Organization• Why achieving the CISSP
certification is important to you
www.issa.org 6
CISSP Study Group
• Study the Common Body of Knowledge (CBK) domains
• Review for Exam
• Achieve certification through testing
www.issa.org 7
Questions?Questions?
www.issa.org 8
Overview of ISC2, CISSP
• Certification was discussed for many years among computer security practitioner
• Certification was viewed as the way to upgrade the profession.
• Certification would enhance the credibility of the computer security profession.
• Creation of the International Information Systems Security Certification Consortium, or (ISC)2, was established in mid-1989
www.issa.org 9
Overview (continued)
• ISC2 as an independent, nonprofit corporation whose sole charter is to develop and administer a certification program for information security practitioners.
• Now firmly established in North America, the program is quickly gaining international acceptance.
• The Certified Information Systems Security Professional (CISSP) designation is a highly respected certification.
www.issa.org 10
Overview (continued)
• CISSP Certification was designed to recognize mastery of an international standard for information security and understanding of a Common Body of Knowledge (CBK).
• It demonstrates the ability to understand a broad range of security issues in many areas.
• CISSP examination consists of 250 multiple-choice questions, each having four possible answers (only one of the answers is most correct).
www.issa.org 11
Overview (continued)
• Candidates have up to six-hours to complete the examination.
• The level of knowledge required in order to pass the exam is high.
• Pass rates are higher for those that attend a CBK review seminar compared to those that study on their own
www.issa.org 12
Questions?Questions?
www.issa.org 13
Exam Content
• The CBK domains / outline• Not arranged into CBK sequence• Not specific to vendor or platform
www.issa.org 14
Exam Content (cont)
• CBK Domains:1. Access Control Systems and Methodology2. Telecommunications and Networking Security3. Security Management Practices4. Application and Systems Development Security5. Cryptography6. Security Architecture and Models7. Operations Security8. Business Continuity and Disaster Recovery Planning9. Law, Investigation and Ethics10.Physical Security
www.issa.org 15
FAQ 1
• How is the CISSP examination structured?The CISSP exam is a 250 question English language examination. Candidates are given 6 hours to complete the exam although most complete it in about 4 hours.
www.issa.org 16
FAQ 2
• What are the questions like?All test questions are multiple choice with four possible answers. They are designed to test a candidate's knowledge of information security facts and concepts and their application.
www.issa.org 17
FAQ 3
• How hard is the examination?The examination tests the expected knowledge a 3-5 year practitioner should have. It is designed to test for the minimum level of competency acceptable for someone to be certified as an information systems security professional. A knowledgeable candidate should not find the examination difficult.
www.issa.org 18
FAQ 4
• If the examination isn't particularly difficult, why don't more people pass it?What makes the examination difficult is the expansive knowledge base it covers. It's difficult to develop expertise in all ten domains.
www.issa.org 19
FAQ 5
• Are the questions in the Study Guide really representative of examination questions?The study guide questions are good examples of the format and type of questions you would see on the exam but are not necessarily representative of the difficulty.
www.issa.org 20
FAQ 6
• Which domains are the hardest? The domains that you have the least experience with. For many people these are often cryptography, system architecture, and physical security – these usually score the lowest.
www.issa.org 21
FAQ 7
• Are there questions on NT or UNIX?The CISSP examination is not vendor or commercial product specific. There are questions on the security models and methodologies used by these systems but only security products that are commonly used and freely available (i.e., SATAN) are acceptable for examination questions.
www.issa.org 22
FAQ 8
• What's the passing score?There is no fixed passing score for the examination. The cut score for each examination is calculated by equating the scoring values associated with each question. Passing rates estimated to be in the 70% to 80% range. Less than 8% of those tested achieve scores higher than 85%.
www.issa.org 23
FAQ 9
• How detailed are the questions, what depth of knowledge is being tested? The CISSP examination is designed to evaluate the ability of a security manager, engineer or architect to properly evaluate, select, deploy and assess security measures. A candidate should have a detailed enough knowledge of security designs, measures, vulnerabilities, etc. to successfully accomplish these tasks.
www.issa.org 24
Web Sites
• International Information Systems Security Certification Consortium (ISC)2 http://www.isc2.org/
• The CISSP Open Study Guide http://www.cccure.org/
• Web portal for the CISSP http://www.cissp.com
• The SANS (System Administration, Networking, and Security) Institute http://www.sans.org/newlook/home.php
www.issa.org 25
Books
• CISSP All-in-One Certification Exam Guide– Shon Harris / McGraw Hill
• SRV-Publications: CISSP Exam Study and Practice Books– https://www.srvbooks.com/
www.issa.org 26
Books (cont)
• Information Security Management Handbook (multiple editions, volumes)– Editors: Micki Krause, Harold F. Tipton
• Advanced CISSP Prep Guide: Exam Q&A- Ronald L. Krutz, Russell Dean Vines
www.issa.org 27
Questions?Questions?
www.issa.org 28
Logistics – Times
• Time?– 6:00– 6:30– 7:00
• Duration?– 1 hour– 1.5 hours– As long as needed
www.issa.org 29
Logistics - Dates
• Consider– December 22– December 29
www.issa.org 30
ISSA Buffalo Niagara Chapter Activities
ISSA Buffalo Niagara Chapter Activities• Monthly meetings
- Presentations based on chapter members needs • Workshops
- HIPAA was in early August
- Network Attacks and Countermeasures – Th. Oct 30 - Digital Forensics – Th. Nov 20- All based on members needs via member survey– Rotate management and technical subjects
• Certification Test Prep- Starting today!
www.issa.org 31
ISSA Buffalo Niagara
www.issabuffaloniagara.org