Certified Information Systems Security Professional (CISSP)

I created this page to help explain what the (ISC)² CISSP credential represents and to provide limited resources and my personal recommendations for those that wish to pursue this revered Gold Standard in information security certifications.

The International Information Systems Security Certifications Consortium, Inc., (ISC)² is the premier organization dedicated to providing information security professionals around the world with the standard for professional certification based on (ISC)²'s Common Body of Knowledge (CBK), a compendium of industry "best practices" for information security professionals. Since its inception in 1989, the non-profit organization has trained, qualified and certified more than 25,000 information security professionals in 104 countries.

The following excerpt from a June 23, 2004 Press Release further underscores the importance and integrity the CISSP credential represents.

“The International Organization for Standardization's (ISO) United States representative, ANSI (American National Standards Institute), granted certification accreditation in the area of information security under ISO/IEC 17024 for the consortium's CISSP® (Certified Information Systems Security Professional) credential.”

“ISO/IEC 17024 establishes a global benchmark for certification of personnel, ensuring competency in different professions. ANSI accredits standards developers, certification bodies and technical advisory groups to both the ISO and the International Electrotechnical Commission (IEC).”

"This is a significant milestone for (ISC)² and the international information security sector," said James E. Duffy, CISSP, executive director for (ISC)². "Educated, qualified and certified information security professionals are the key to protecting the critical infrastructure on which businesses and governments around the world operate, and the CISSP is recognized as the global Gold Standard in information security. ANSI accreditation for the ISO confirms (ISC)² as the international leader in setting the worldwide standard for certifying information security professionals."

ISO 17024 CISSP Accreditation FAQ (PDF)

On June 8, 2004, the (ISC)2 Certified Information Systems Security Professional (CISSP®) certification was awarded accreditation under the International Standards Organization's ISO/IEC 17024 standard, "General Requirements for Bodies Operating Certification Systems of Persons." The CISSP is the first Information Technology credential, not just the first Information Security credential, to received accreditation from the American National Standards Institute (ANSI), the United States’ representative to the ISO, for the ISO/IEC 17024 standard – certification of personnel. To the best of our knowledge, this is the first time an information systems security professional certification, which is in wide use around the world, has been granted accreditation under this international standard.

The following reference guide summarizes the 10 domains that comprise the (ISC)² CBK a CISSP is required to understand.
Common Body of Knowledge Definitions by informIT.com hosts Cyrus Peikari and Seth Fogie.
The 10 domains encompass:

• Access Control Systems and Methodology

• Telecommunications and Network Security

• Security Management Practices

• Applications and Systems Development Security

• Cryptography

• Security Architecture and Models

• Operations Security

• Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)

• Law, Investigations, and Ethics

• Physical Security

What is the Certified Information Systems Security Professional designation all about, and how does it help your company?
Business Security Advisor Magazine by Ken Shaurette, December 2000 Doc# 06235

If your interest is in obtaining the CISSP credential, I highly recommend joining a local ISSA Chapter where you will find many CISSP mentors and chapter assistance to help fulfill your quest. In addition to the many resources, books, study guides, etc., found at (ISC)², CCCURE.org and CISSPS.com are also great online resources for study material.

In addition to the voluminous online resources available, I highly recommend the following books as not only study guides, but as a staple for any technical reference library.

All In One CISSP Certification Exam Guide Second Edition by Shon Harris
The CISSP Prep Guide Gold Edition by Ronald L. Krutz and Russell Dean Vines - The RDV Group

Website best viewed using MS IE6 with a minimum screen resolution of 1024x768.

Contact | Legal | Links  | Privacy  | Search  | Site Map

Copyright © 2001-2006 McCracken Associates

Website Modified: January 27, 2006