According to reports from (ISC)² GISWS (Global Information Security Workforce Study), it is anticipated that there will be a global shortage of workforce to the tune of 1.5 million by the year 2020. The implication of this is that there is currently a shortage of qualified professionals in the information security job market, which has led to difficulties in hiring and staffing in many organizations. Therefore, there is now a severe need to equip the specialists in the field and to develop the certificates that will validate the individuals’ experience, knowledge, and skills.
Prepaway.com is one of the most demanded credentials for information security professionals. The Certified Information Systems Security Professionals (CISSP) certification is designed to validate the test taker’s skills and knowledge in the different domains to equip the candidates for optimal performance in the workplace. The individuals with this certificate have the abilities to define the design, architecture, control, and management, ensuring that security of business environments is watertight. Prepaway is the first certificate in the information security field to meet ISO/IEC Standard 17024 and the accreditation that was given in 2006. The certification exam is regularly updated to reflect the ever-changing industry and guarantee that the students aiming at this credential are evaluated based on the latest content and can display the required skills in the current information assurance environment. Many organizations depend on this certification to ascertain the preparedness of their Information Technology security teams.
Like many other credentials in the field of IT, (ISC)2 CISSP requires that the holders obtain CPE (Continuing Professional Education credits) to maintain their accreditation. Generally, the CPE concept is designed to ensure that the professionals are regularly exposed to the latest materials related to information security. There are several reasons to give this certification a great deal of thought, especially if you are looking to build a career in information security. First, the credential shows your dedication and commitment to learning as a specialist in information security. Secondly, it meets the organization and government requirements. Thirdly, CISSP is recognized globally and opens a lot of career prospects.
CISSP Common Body of Knowledge
The candidates pursuing the CISSP certificate are usually evaluated on the practical skills that are related to the theoretical knowledge of the Common Body of Knowledge domains. These domains are concentrated on the theory for maintaining and designing the security infrastructure in an organization. This includes the understanding of technologies, standards, regulations, practices, and new threats. The CISSP CBK is the instituted standard framework of information and a compendium of topics on cybersecurity.
As mentioned earlier, the CISSP contents have undergone various updates, and the domains have also been refreshed to ensure that they relate to the necessary skills required in the ever-changing IT terrain. The CISSP CBK was updated to streamline it from ten domains to eight domains. They are highlighted below:
1. Security & Risk Management
It is focused on the primary and general concepts of information security with particular concentration on CIA (Confidentiality, Integrity and Availability). The students are tested on skills and knowledge associated with the implementation of security procedures and policies, recovery points, and perfecting business continuity planning and implementing keen awareness of programs for users. A great deal of focus is placed on risk management, majorly in terms of safe procurement of new hardware, services, and software.
2. Asset Security
This domain is related to issues associated with the management of data and the theory of information ownership. It includes the knowledge of various roles as they cover data processing, limitations of use, and privacy concerns.
3. Security Engineering
It is one of the most comprehensive scopes covering various crucial concepts in the field of information security. The test takers are evaluated on multiple ideas, including security engineering processes, design principles, and models. Additionally, contents, such as vulnerabilities, cryptosystems, Clouds, and database security, are all covered under this domain.
4. Communications & Network Security
This domain is concentrated on network security and the capability to develop secure channels of communication. The examinees will be tested on various areas of network architecture, routing and wireless transmissions, segmentation and communication protocols.
5. Identity & Access Management
It is dedicated to attacks that take advantage of the human element to have undue access to data and possible ways to recognize those who have the rights of access to information and servers. The domain covers the concept of sessions, credentials, multi-factor authentication, role-based or rule-based access control, proofing, DAC, and MAC.
6. Security Assessment & Testing
This domain is concentrated on the design, performance, and analysis of security testing. It includes all the different techniques and tools utilized to assess the security of systems and discover vulnerabilities, weaknesses, and likely area of concerns not righted by procedures and policies and errors in design or coding. Penetration testing and vulnerability assessments are also involved. Besides, business continuity strategy, disaster recovery, and user training are parts of the exam topics covered under this domain.
7. Security Operations
This domain covers a part of the exam questions. It is about foundational concepts, incident management, investigation, and disaster recovery. The domain is broad, and it covers a full scope of digital forensics and investigations, detection tools, intrusion prevention, sandboxing, and firewalls.
8. Software Development Security
This is focused on understanding, enforcing, and applying software security. The candidates will be tested on the implementation of security controls over software in an environment. Risk analysis, auditing, and identification of vulnerabilities in the source codes are also covered under this domain.
To pass the certification exam and earn your (ISC)² CISSP credential, you need to learn these domains. The full topics can be found on the certification page. Recommended resource materials for exam preparation can also be found on the official website.