CISSP and IT Security Link

What is a CISSP ?
The CISSP (Certified Information Systems Security Professional) is the most senior security certification available in the industry today. It is designed to certify managers who supervise security experts that have detailed knowledge on a specific industry platform like network administrators with Cisco or Nortel certification or system administrators with Microsoft or commercial Linux vedors RedHat or SUSE. Many popular Linux distributions are from not for profit groups so they don't sell certification classes. There are other security certifying organizations that offer similar certifications like SANS and there will always be arguments about which certification is better.

The CISSP requires study and an examination on topics covering ten security domains including: Access Control, Applications Development, Disaster Recovery Planning, Cryptography, Law & Investigation, Operations Security, Physical Security, Security Architecture, Security Management, and Telecommunications & Network Security.


CISSP Exam Process and Dates
(ISC)² is the organization responsible for defining the content of the CISSP and SSCP exams, setting the exam dates, and registering the certificates. This is where you should start.


Internet Resources for CISSP Study
The best site is the CISSP OSG; it has advice, sample exams, study guides, books reviews and links to other CISSP resources. CISSP OSG is a non-commercial volunteer site that has been around for 5 years. The Security Docs site is huge so take a look around for security resources, legal issues, whitepapers and tools downloads. This Security Docs page offers many links specializing in CISSP certification. cissp.com is a commercial site with a community and security links but it also trying to sell you books and training.

Yahoo Study Groups are a great way to find others who are studying for the CISSP. The problem with these groups is that they go through active/inactive phases. The group I used CISSP Study has over 6000 members, it was was very busy in 2001 so it has a good archive. The best approach is the go to the Yahoo Groups home and type "CISSP Study" into the search engine, look through the groups listed, and join a few of the more active groups.


CISSP Books
A great book is "The CISSP Prep Guide: Mastering the Ten Domains of Computer Security" by Ronald L. Krutz (Author), Russell Dean Vines (Author) which is now showing up used computer book stores. You also need to buy a book with lots practice exams. For example buy SRV's Volume 2 (Volume 1 is the study guide and there are better books available). If you do the exams from Volume 2 over and over until you can find the errors and typos you are ready for the exam.


General Security Resources
For a big security site go to Security Focus. You can start with a specific CISSP question and wander though the site or just wander and find out what is current in security.

Since the CISSP is primarily USA-centric there are some key US Government documents you need to read. NIST is a huge site with security and standards documents on almost every topic. While studying for the CISSP you will become very familiar with the Rainbow Series of standards. The "Rainbow" refers to the fact each of the different standards is held in a volume with a different colour.

Good security resources also show up on many company and university web sites but they are harder to find. Consulting firms (like Boran) often have free security resources. Many universities (like Purdue) are a great source of free security resources that are current and maintained by leaders in the field who teach the material.