Home > Uncategorized > CISSP Certification: More than Meets the Eye

CISSP Certification: More than Meets the Eye

Over the last few weeks I have spent most of my time frantically trying to upgrade a CISSP examination preparation course. I’ve had materials on this subject for years, but then again, I have not taught this course for a while. So when I examined the topics and issues that are covered by current CISSP exams, I had an eye opening experience. Frankly, I now realize that when it came to my estimation of the extent and difficulty of the information CISSP candidates must master, I had been like an ostrich with its head in the sand. Not a single expanded module was easy to put together. To cover some of the content, telecommunications and network security in particular, required an inordinate amount of painstaking effort. And the detail required in some of the modules, particularly the one about architecture, was considerable.

Things weren’t always this way. Nearly a decade and a half ago, CISSP certification covered many relevant areas, but it also covered areas that were rapidly becoming out-of-date. The technology domain, for example, had a large number of questions concerning mainframes and mainframe protocols when TCP/IP and Internet services had become dominantin real-world settings. Fortunately, things did not stay that way for long. To its credit, the ((ISC)2) made the necessary adjustments.

Given all the certifications that are available in the information security arena, it is easy to lose sight of just what it takes to gain CISSP certification. The number of knowledge domains has expanded from a puny six when I was much younger to ten. Candidates for CISSP certification must know everything from basic information security concepts to information security management, access models, security architectures, cryptography, telecommunications and network security, application security, operations security, business continuity and disaster recovery, physical security, and legal and regulatory statutes and compliance. If it takes all the work required to create an expanded course on these knowledge domains, I am sure that mastering all the concepts in these areas must be an at least (if not more) formidable task.

I suppose that what I have learned over the last two months should not have surprised me. Information security itself has grown into a much more complicated area than it was just a decade ago. The knowledge that information security professionals possessed then may have been appropriate for the challenges that surfaced at that time, but things have changed considerably since then. Technology has become more complex, the quantity and quality of threats have increased considerably, and resources have become scarcer. It is now clear to me that the CISSP exam has more than kept up with the changes that the information security field has experienced. Once again, I’d like to laud the virtues of CISSP certification and also especially give credit to the elected ((ISC)2) representatives and staff for their fine job in ensuring that obtaining this certification is an extremely high caliber achievement for information security professionals.

Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.