E.1.1. Certified Information Systems Security Professional
The certified information systems security professional (CISSP) is probably the most famous security industry accreditation and arguably the most controversial. CISSP is run by the International Information Systems Security Certification Consortium – commonly known as (ISC)2 – and has a curriculum that could politely be described as thorough. (The running joke in the industry being is that CISSPs know virtually nothing about everything.)
This curriculum is spread over 10 'areas of interest' or 'domains':
Access control;
Application security;
Business continuity and disaster recovery planning;
Cryptography;
Information security and risk management;
Legal, regulations, compliance and investigations;
Operations security;
Physical (environmental) security;
Security architecture and design;
Telecommunications and network security.
CISSP was the first accreditation to earn ANSI ISO/IEC Standard 17024:2003 certification and it is popular with the US Department of Defense and National Security Agency. It's definitely more popular in the United States than it is in Europe. A lot of its questions are US centric but this is changing and, as of 10 October 2008, (ISC)2 has reported certifying 61,763 information security professionals in 133 countries.
Although there is no doubt that having CISSP after your name does raise your employability (and if this is your intention, then go for it) but bear in mind that the questions in CISSP are very ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
