Information & Communications Technology (ICA05) >> Vendor Mapping Portal

ICA05 Mapping

Related Sites

Printing & Graphic Arts Vendor Mapping

Certified Information Systems Security Professional Course (CISSP®) start 1 Jul 2007

Vendor Name: Int. IS Security Certification Consortium (www.ISC2.org)
Version Number:
Date Published: 1-Jul-2007
Date Retired:
Program Description: The CISSP certification has become a pre-requisite for anyone looking to make a career in information security. The CISSP certification provides information security professionals with an objective measure of competence and a globally recognised standard of achievement. The CISSP credential suits mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers.

The CISSP is developed and maintained by (ISC)² - the International Information Systems Security Certification Consortium - which is a not-for-profit organisation that developed the information security common body of knowledge (“CBK”), which is divided into 10 domains (described below) and a certification programme for information systems security professionals. There are pre-qualification requirements (described on this page) in terms of professional experience.

Program Outcomes

1. CISSP Domain 1) Security Management Practices * Types of Security Controls * Security Policies, Standards, Procedures, and Guidelines * Risk Management and Analysis

2. CISSP Domain 2) Access Control Systems * Identification, Authentication, and Authorization Technologies * Discretionary versus Mandatory Access Control Models * Rule-based and Role-based Access Control

3. CISSP Domain 3) Telecommunications and Network Security * TCP\IP Suite * LAN, MAN, and WAN Topologies and Technologies * Firewall Types and Architectures

4. CISSP Domain 4) Cryptography * Block and Stream Ciphers * Explanation and Uses of Symmetric Key Algorithms * Explanation and Uses of Asymmetric Key Algorithms

5. CISSP Domain 5) Security Architecture and Models * Critical Components of Every Computer * Access Control Models * Certification and Accreditation

6. CISSP Domain 6) Operations Security * Operations Department Responsibilities * Personnel and Roles * Media Library and Resource Protection

7. CISSP Domain 7) Application and System Development * Software Development Models * Database Models * Relational Database Components

8. CISSP Domain 8) Business Continuity and Disaster Recovery * Planning * Roles and Responsibilities * Liability and Due Care Issues * Business Impact Analysis

9. CISSP Domain 9) Law, Investigation and Ethics * Privacy Laws and Concerns * Complications of Computer Crime Investigation * Types of Evidence and How to Collect It

10. CISSP Domain 10) Physical Security * Facility Location and Construction Issues * Physical Vulnerabilities and Threats * Fencing, Lighting, and Perimeter Protection

No program document uploaded

Explanatory Notes:
CISSP Professional Experience Requirements

With effect from 1 October 2007, Applicants must have a minimum of five years of direct full-time security professional work experience in two or more of the ten domains of the (ISC)² CISSP CBK, and will have to have their qualifications endorsed by another (ISC)² credential holder.

CISSP professional experience includes:

* Work requiring special education or intellectual attainment, usually including a liberal education or college degree.
* Work requiring habitual memory of a body of knowledge shared with others doing similar work.
* Management of projects and/or other employees.
* Supervision of the work of others while working with a minimum of supervision of one's self.
* Work requiring the exercise of judgment, management decision-making, and discretion.
* Work requiring the exercise of ethical judgment (as opposed to ethical behavior).
* Creative writing and oral communication.
* Teaching, instructing, training and the mentoring of others.
* Research and development.
* The specification and selection of controls and mechanisms (i.e. identification and authentication technology) (does not include the mere operation of these controls).
* Applicable titles such as officer, director, manager, leader, supervisor, analyst, designer, cryptologist, cryptographer, cryptanalyst, architect, engineer, instructor, professor, investigator, consultant, salesman, representative, etc. Title may include programmer. It may include administrator, except where it applies to one who simply operates controls under the authority and supervision of others. Titles with the words "coder" or "operator" are likely excluded.

The applicant must meet the following requirements to qualify to sit for the examination:

* A. Subscribe to the (ISC)² Code of Ethics; and
* B. Have a minimum five years of direct full-time security professional work experience in two or more of the ten domains of the information systems security CBK® as described above.

Waiver of Experience: If certain circumstances apply and with appropriate documentation, candidates are eligible to waive a maximum of two years of professional experience* as follows:

* One year waiver of the professional experience requirement for education.
Candidates can substitute a maximum of one year of direct full-time security professional work experience described above if they have a four-year college degree OR Master’s Degree in information security from a U.S. National Center of Academic Excellence in information Security (CAEIAE) or regional equivalent. If you hold both a four-year degree and a Master’s degree, you may only apply for a one year waiver of experience.

* One-year waiver of the professional experience requirement for holding an additional credential on the (ISC)² approved list.

Valid experience includes information systems (IS) security-related work performed as a practitioner, auditor, consultant, investigator or instructor, that requires IS security knowledge and involves the direct application of that knowledge. The five years of experience must be the equivalent of actual full-time IS security work (not just IS security responsibilities for a five year period); this requirement is cumulative, however, and may have been accrued over a much longer period of time.

Matched Units (with elements listed)