ebook img

Certified Information Systems Security Professional. Student Guide PDF

847 Pages·2005·61.924 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Certified Information Systems Security Professional. Student Guide

CISSP Certified Information Systems Security Professional Student Guide Version 1.0 © 2005 Thomson NETg, a division of Thomson Learning, Inc. All rights reserved. Thomson NETg, Thomson and the Thomson logo are trademarks used under license. All other brand names mentioned herein are used for identification purposes only and are trademarks of their respective owners. Introduction Overview Networking has grown exponentially from its first inception to today’s Internet which is nothing more than a vast network spanning all nations in every part of the globe. The Internet connects individuals, groups, corporations, universities, and governments in a way that is both very simplistic and very open. The Internet is an information exchange using a common infrastructure, protocols, and applications. The same is true of the individual entities that comprise the Internet. Yet, where the Internet is an open network, the individual enterprises that comprise it choose not to be open. Objectives Upon completing this module, you will be able to: (cid:160) Explain the purpose of information security (cid:160) Define the CISSP CBK (cid:160) Explain security concerns (cid:160) Explain the CIA Triad Outline The module contains these lessons: (cid:160) Information Security (cid:160) The CISSP CBK (cid:160) Security Concerns (cid:160) The CIA Triad Introduction 1- 2 Information Security Overview Information security was created to provide networked entities with a solution to the problem of security. Yet, security is far more complicated than allowing or not allowing access to a system or network. Security is a blanket that covers all aspects of protection to an entity. Encompassed security includes items such as fences, walls, and security guards to access control, PBX fraud, and virtual private networks. This course was created based on a common body of knowledge (CBK) that many security related individuals have amassed over years of in-the-field best practices. Importance The Certified Information Systems Security Professional (CISSP) certification is considered the gold standard in the information security realm. Individuals who posses this certification give prospective employers an invaluable tool in validating a candidate’s expertise in the all-encompassing realm of securing an enterprise. Objectives Upon completing this lesson, you will be able to: (cid:160) Understand the CISSP credential (cid:160) Understand what the CISSP is (cid:160) Understand why you need the CISSP (cid:160) Understand how to obtain the CISSP Outline The lesson contains these topics: (cid:160) The CISSP (cid:160) What Is It? (cid:160) Why Do I Need It? (cid:160) How Do I Get It? The CISSP This section discusses the reason the CISSP certification was created and which entities created it. Computer information security is now more important to companies who have an Internet presence. These companies have seen many successful attacks against large corporations and web sites such as Microsoft, Apple, Google, and Yahoo. They have also seen the devastating monetary damages that such attacks inevitably leave in their wake. No company, no matter how big or how small, is immune to information system attacks. For this reason, most companies do not take security lightly and have asked for help from the general Internet community. The International Information Systems Security Certification Consortium (ISC)² was created to establish a credential that perspective employers can use to determine the eligibility of security-related candidates. Introduction 1-4 What Is It? This section will discuss what the CISSP certification is and what benefit it provides the computer community. The Certified Information Systems Security Professional (CISSP) certification is a like a security badge that prospective employers look for in candidates who wish to obtain a security related position. The certification gives the employer assurance that the candidate is highly qualified in the security profession, has at least three years of experience in the security field, and has enough knowledge to pass a comprehensive security exam covering 10 different domains in the security field. Introduction 1-5 Why Do I Need It? This section will discuss why an individual would need or what they would hope to gain from obtaining the CISSP credential. . In today’s world where security incidents happen daily and devastating incidents happen much too regularly, a majority of corporations desperately search for talented and experienced security professionals to help them protect their networks and resources. A CISSP certification identifies you as a highly sought out security professional who has successfully met a predefined standard of experience and knowledge. In keeping this certification current, you show your interest in keeping up-to-date in the latest security knowledge and related events that help you achieve high standards for securing the enterprise and its information. In obtaining this certification, you show current or perspective employers that you can… (cid:160) Implement solid security practices (cid:160) Perform in depth risk analysis (cid:160) Configure proper access rights and permissions (cid:160) Implement access control (cid:160) Secure data as it crosses the network (cid:160) Implement proper change control (cid:160) Recognize methods used to attack resources (cid:160) Recognize the system’s development life cycle (cid:160) Perform security audits Introduction 1-6 (cid:160) Develop a business continuity plan (cid:160) Comprehend the laws on and about computer crime Introduction 1-7 How Do I Get It? This section will discuss how one would obtain the CISSP credential. To pass the CISSP exam, you must have general knowledge on the ten domains that cover the Common Body of Knowledge (CBK). You do not have to be an expert in all ten domains in every subject, but in order to pass the test, you must have general knowledge of many different subjects within the CBK. The exam is made up of 250 multiple-choice questions. You are given six hours to complete it. Remember that each question will have four choices with only one correct answer. Of the 250 questions, only 225 are scored, the remaining 25 questions will be used for research purposes. You will not be able to discern which of the 250 questions are the 25 used for research. In order to pass the exam, you must correctly answer at least 70 percent of the 225 questions. At this time, the cost to take the exam is $499 for early registration (payment received 16 calendar days in advance of the exam date), or $599 if you make full payment less than 16 calendar days prior to the test. To quality to take the CISSP exam, you must supply information that proves that you have a minimum of four years, three if you have a degree in computer science, of direct work related experience in one or more of the ten domains that make up the CBK. This prerequisite ensures that anyone who receives the CISSP certification has real-world experience to offer perspective employers. Introduction 1-8 Summary The key points discussed in this lesson are: (cid:160) The CISSP credential (cid:160) Describing CISSP (cid:160) The need for CISSP (cid:160) Obtaining the CISSP Introduction 1-9

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.