www.issa.org 1

www.issa.org 2

Information System Security Association

ISSA Buffalo NiagaraInformation System Security Association

ISSA Buffalo Niagara

Introduction to CISSP Study Sessions

www.issa.org 3

ISSA OverviewISSA Overview

Information Systems Security Association (ISSA) is the largest international, not-for-profit association specifically for security professionals.

The association and chapter provide educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of their members.

www.issa.org 4

ISSA Buffalo Niagara History and Background

• First meeting April 11, 2003• 25 dues paying members and

growing• Not yet officially recognized as

chapter, but acting like one anyway• Six months of regular meetings• Already held first full day event, 2

more scheduled

www.issa.org 5

Introductions

• Name• Organization• Why achieving the CISSP

certification is important to you

www.issa.org 6

CISSP Study Group

• Study the Common Body of Knowledge (CBK) domains

• Review for Exam

• Achieve certification through testing

www.issa.org 7

Questions?Questions?

www.issa.org 8

Overview of ISC2, CISSP

• Certification was discussed for many years among computer security practitioner

• Certification was viewed as the way to upgrade the profession.

• Certification would enhance the credibility of the computer security profession.

• Creation of the International Information Systems Security Certification Consortium, or (ISC)2, was established in mid-1989

www.issa.org 9

Overview (continued)

• ISC2 as an independent, nonprofit corporation whose sole charter is to develop and administer a certification program for information security practitioners.

• Now firmly established in North America, the program is quickly gaining international acceptance.

• The Certified Information Systems Security Professional (CISSP) designation is a highly respected certification.

www.issa.org 10

Overview (continued)

• CISSP Certification was designed to recognize mastery of an international standard for information security and understanding of a Common Body of Knowledge (CBK).

• It demonstrates the ability to understand a broad range of security issues in many areas.

• CISSP examination consists of 250 multiple-choice questions, each having four possible answers (only one of the answers is most correct).

www.issa.org 11

Overview (continued)

• Candidates have up to six-hours to complete the examination.

• The level of knowledge required in order to pass the exam is high.

• Pass rates are higher for those that attend a CBK review seminar compared to those that study on their own

www.issa.org 12

Questions?Questions?

www.issa.org 13

Exam Content

• The CBK domains / outline• Not arranged into CBK sequence• Not specific to vendor or platform

www.issa.org 14

Exam Content (cont)

• CBK Domains:1. Access Control Systems and Methodology2. Telecommunications and Networking Security3. Security Management Practices4. Application and Systems Development Security5. Cryptography6. Security Architecture and Models7. Operations Security8. Business Continuity and Disaster Recovery Planning9. Law, Investigation and Ethics10.Physical Security

www.issa.org 15

FAQ 1

• How is the CISSP examination structured?The CISSP exam is a 250 question English language examination. Candidates are given 6 hours to complete the exam although most complete it in about 4 hours.

www.issa.org 16

FAQ 2

• What are the questions like?All test questions are multiple choice with four possible answers. They are designed to test a candidate's knowledge of information security facts and concepts and their application.

www.issa.org 17

FAQ 3

• How hard is the examination?The examination tests the expected knowledge a 3-5 year practitioner should have. It is designed to test for the minimum level of competency acceptable for someone to be certified as an information systems security professional. A knowledgeable candidate should not find the examination difficult.

www.issa.org 18

FAQ 4

• If the examination isn't particularly difficult, why don't more people pass it?What makes the examination difficult is the expansive knowledge base it covers. It's difficult to develop expertise in all ten domains.

www.issa.org 19

FAQ 5

• Are the questions in the Study Guide really representative of examination questions?The study guide questions are good examples of the format and type of questions you would see on the exam but are not necessarily representative of the difficulty.

www.issa.org 20

FAQ 6

• Which domains are the hardest? The domains that you have the least experience with. For many people these are often cryptography, system architecture, and physical security – these usually score the lowest.

www.issa.org 21

FAQ 7

• Are there questions on NT or UNIX?The CISSP examination is not vendor or commercial product specific. There are questions on the security models and methodologies used by these systems but only security products that are commonly used and freely available (i.e., SATAN) are acceptable for examination questions.

www.issa.org 22

FAQ 8

• What's the passing score?There is no fixed passing score for the examination. The cut score for each examination is calculated by equating the scoring values associated with each question. Passing rates estimated to be in the 70% to 80% range. Less than 8% of those tested achieve scores higher than 85%.

www.issa.org 23

FAQ 9

• How detailed are the questions, what depth of knowledge is being tested? The CISSP examination is designed to evaluate the ability of a security manager, engineer or architect to properly evaluate, select, deploy and assess security measures. A candidate should have a detailed enough knowledge of security designs, measures, vulnerabilities, etc. to successfully accomplish these tasks.

www.issa.org 24

Web Sites

• International Information Systems Security Certification Consortium (ISC)2 http://www.isc2.org/

• The CISSP Open Study Guide http://www.cccure.org/

• Web portal for the CISSP http://www.cissp.com

• The SANS (System Administration, Networking, and Security) Institute http://www.sans.org/newlook/home.php

www.issa.org 25

Books

• CISSP All-in-One Certification Exam Guide– Shon Harris / McGraw Hill

• SRV-Publications: CISSP Exam Study and Practice Books– https://www.srvbooks.com/

www.issa.org 26

Books (cont)

• Information Security Management Handbook (multiple editions, volumes)– Editors: Micki Krause, Harold F. Tipton

• Advanced CISSP Prep Guide: Exam Q&A- Ronald L. Krutz, Russell Dean Vines

www.issa.org 27

Questions?Questions?

www.issa.org 28

Logistics – Times

• Time?– 6:00– 6:30– 7:00

• Duration?– 1 hour– 1.5 hours– As long as needed

www.issa.org 29

Logistics - Dates

• Consider– December 22– December 29

www.issa.org 30

ISSA Buffalo Niagara Chapter Activities

ISSA Buffalo Niagara Chapter Activities• Monthly meetings

- Presentations based on chapter members needs • Workshops

- HIPAA was in early August

- Network Attacks and Countermeasures – Th. Oct 30 - Digital Forensics – Th. Nov 20- All based on members needs via member survey– Rotate management and technical subjects

• Certification Test Prep- Starting today!

www.issa.org 31

ISSA Buffalo Niagara

www.issabuffaloniagara.org