CISSP Introduction

Certified Information System Security Professional

https://www.udemy.com/introduction-to-the-cissp-security-certification/

CISSP Introduction 2

CISSP Training Course Introduction

Introductions

(ISC)2 CISSP and other Certifications

Course Objectives & Exam

New Exam Questions

Study Tips & Resources

Adrian Mikeliunas, Instructor

Certified Information System Security Professional (CISSP)

Certified Information Systems Auditor (CISA)

30+ Years IT Experience, 15+ in Information Security

Certified Linux Professional (LPI)

Open Source Evangelist!

CISSP Introduction 3

CISSP Introduction 4

(ISC)2 and the CISSP

The International Information Systems Security Certification Consortium or (ISC)2 at https://www.isc2.org/

Founded in 1989, (ISC)² issues Security Certifications & vendor-neutral education products in more than 160 countries

CISSP and SSCP meet the stringent requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel

International, not-for-profit leader in educating and certifying cyber, information, software and infrastructure security professionals

CISSP Introduction 5

(ISC)2 Certification Programs

• Systems Security Certified Practitioner (SSCP)

• Certified Information Systems Security Professional (CISSP)− Information Systems Security Architecture Professional (ISSAP)

− Information Systems Security Engineering Professional (ISSEP)

− Information Systems Security Management Professional (ISSMP)

• Certified Authorization Professional (CAP)

• Certified Secure Software Lifecycle Professional (CSSLP)

• Certified Cyber Forensics Professional (CCFP)

• HealthCare Information Security & Privacy Practitioner HCISPP

• Certified Cloud Security Professional (CCSP)

…

CISSP Introduction 6

Why Become a CISSP?

Demonstrates a working knowledge of information security

Confirms commitment to profession

Offers a career differentiator, with enhanced credibility and marketability

• Extra Compensation $$$

Provides access to valuable resources, such as peer networking and idea exchange

CISSP Introduction 7

Why Become a CISSP

“The CISSP has emerged as one of the most prominent vendor-neutral certifications.”

“The CISSP provides a holistic approach to security, viewing it as a process, not a product.”

“At a basic minimum, an organization should have a CISSP on staff.”

ISO/IEC Standard 17024 accredited

• DoD Directive 8570 Requirement

• http://iase.disa.mil/iawip/Pages/iabaseline.aspx

CISSP Introduction 8

Course Objectives

At the end of this course students will:

• Be Familiar with the (ISC)2 Common Body of Knowledge (CBK) including common terms, principles, lists, categories, mechanisms, etc.

• Be familiar with the CISSP exam process

• Be able to develop a study plan for taking and passing the exam.

CISSP Introduction 9

Course Objectives

THIS COURSE IS NOT:

• Security Engineering 101− Not a basic course

− Knowledge is assumed

• Advanced Security Course− Coverage of material is broad and not-in-depth

• Everything you need to pass the CISSP− This course is a part of the strategy to pass the exam

− Home Study, Understanding Key Concepts, and Memorization is required.

8 Domains, 8 Separate Courses!

Security and Risk Management

Asset Security

Security Engineering

Communication and Network Security

Identity and Access Management

Security Assessment and Testing

Security Operations

Software Development Security

CISSP Introduction 10

~1 domain per week…

Exam Preparation Plan

Take the Pre-Course Assessment Exam in 60 minutes

Plan on a minimum of 8 weeks to prepare for the Exam, more depending on your level of proficiency

Each week:

• 2 chapters (or about 1 domain)

Practice Exam Questions

• www.cccure.org questions

CISSP Introduction 11

CISSP Introduction 12

CISSP Requirements

https://www.isc2.org/cissp-how-to-certify.aspx

Required Experience

• 5 Year of full time paid work experience in 2 or more of the 8 CBK domains− Or 4 years experience plus a college degree

Pass the Exam

• Pass the CISSP exam with a scaled score of 700 points or greater

• Create an Account and Schedule your Exam− http://www.vue.com/isc2/

CISSP Introduction 13

Associate of (ISC)2

Can pass the CISSP examination, but lack the years of practical work experience

• Must also subscribe to the (ISC)² Code of Ethics and maintain their status in good standing with (ISC)²

• After successfully passing the exam and achieving the professional experience requirements, Associate of (ISC)² status can be converted to CISSP

CISSP Introduction 14

CISSP Exam

Computer Based, Taken at Pearson’s CentersBRING 2 Forms of ID!!!

• Pay $599

• 250 Total Questions, 225 are scored

• 25 are research questions

• Drawn from a pool of 10,000 questions

• Questions from all 10 domains of the CBK

• Multiple Choice, 4 choices

• Pass/Fail, 700 Points or greater

• 6 Hours

• Closed Book

• Results are sent via email within 2-6 weeks

After Passing the Exam

• Subscribe to the ISC2 Code of Ethics

• Submit a properly completed and executed Endorsement Form− Signed by an active CISSP who has review your qualifications

− Must be submitted within 9 months of passing the exam

• Successfully pass an audit of their assertions regarding professional experience, if the candidate is selected for audit

• Maintain your CISSP Certification

CISSP Introduction 15

CISSP Introduction 16

Continuing Professional Education (CPE)

120 CPE credits every 3 years or retesting is required to maintain the CISSP

• Attending educational courses or seminars

• Attending security conferences

• Member of an association / attending meetings

• Listening to vendor presentations

• Completing university/college courses

• Providing security training

• Publishing security articles or books

• Serving on industry boards

• Self-study

• volunteer work, (ISC)² volunteer committees

20 CPEs must be posted during each calendar year!

Yearly Fee of $85

2015 CBK: What’s New: Topics

3rd Party Risk Management

BYOD Risks (Bring Your Own Devices)

IoT (Internet of Things)

Software Defined Networks

Cloud Identity Services (OAuth 2.0)

About 4% change…

CISSP Introduction 17

New Test Question Formats

Majority: Multiple Choice, 4 candidate answers, you select one correct one, occasionally more than one correct answer!

New Questions:

• Scenario

• Drag and Drop

• Hot Box

CISSP Introduction 18

Scenario Questions

Description:

• Situational: 1-2 paragraphs describing an environment, results of an audit, etc.

• 3-5 questions on the scenario

Tactics:

• Read the question first [to understand!]

• Consider “operational” issues (tradeoffs)

CISSP Introduction 19

Drag and Drop

CISSP Introduction 20

Which algorithms below are examples of symmetric cryptography?

Advanced Encryption Standard

Rivest Shamir Adlemann

Diffie Hellman

El Gamal

Data Encryption Standard

Hot Spot

CISSP Introduction 21

The diagram below is a design of a Public Key Infrastructure to secure internet transactions. Within the design is a Certificate Authority, a Registration Authority, and a Validation Authority.

Click on the location of the registration authority.

CISSP Introduction 22

Resources

ISC2: www.isc2.org

Online Resources & Practice Exams www.cccure.org

NIST Computer Security Resource Center http://csrc.nist.gov

http://learncissp.com/resources/

Shon Harris audio libraries & practice tests for EACH [old 10] Domains: http://www.mhprofessional.com/sites/CISSPExams/

Books

Sybex CISSP 2015http://www.amazon.com/Certified-Information-Security-Professional-Official/

ISC2 Official CISSPhttp://www.amazon.com/Official-Guide-CISSP-Fourth-Press

CISSP Introduction 23

Questions?

CISSP Introduction 24

FREE Intro to CISSP course at https://www.udemy.com/introduction-to-the-cissp-security-certification/