Part A: Introduction

What is the CISSP?

The CISSP or Certified Information Systems Security Professional certification is a cyber security certification that covers all aspects of technology including software, hardware, programming, and physical security.

The certification is offered by the International Information System Security Certification Consortium, or (ISC)².

CCP overlaps with

  • Networking certifications (Cisco CCNA for example)
  • Virtualization certifications (VMWare)
  • Storage certifications
  • Other security certifications (CompTIA Security+)

What can you do with a CISSP?

  • Security Analyst
  • Security Advisor
  • Forensic Consultant
  • System Engineer
  • Systems Administrator
  • Network Administrator
  • Network Analyst

What can you learn with CISSP?

The exam covers the following areas

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering
  • Communication and Network Security
  • Identity and Access Management (IAM)
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

How do I obtain the CISSP Certification?

You must pass the exam.  You can take the exam online or at a testing center.  The exam is multiple choice and 3 hours long.  The actual number of questions will depend on the difficulty but will be between 100 and 150 questions.  If you receive an exam with more difficult questions, there may be fewer questions.

There are several “advanced innovative questions” as well.  These might involve drag and drop activities.

You must answer the questions in order.  Once you have answered a question, you can’t go back and change your answer.  If you answer too many questions in a row incorrectly, the computer will assume that you don’t know what you’re doing and automatically fail you before the test is over.

You will receive a score between 100 and 1000.  The minimum pass mark is 700.

If you fail, you can take the exam again.  You must wait 30 days between the first exam attempt and the second exam attempt.  You must wait 90 days between the second exam attempt and the third exam attempt.  You must wait at least 180 days between any additional exam attempts.  You may only take the exam three times in each twelve-month period.

The exam costs $100.

The exam is only available in English.

You must also have at least 5 years of cumulative, paid, full-time work experience in at least two of the eight areas:

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering
  • Communication and Network Security
  • Identity and Access Management (IAM)
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

If you have a four-year college or university degree, it counts for one year of experience.  If you don’t have the experience, but pass the exam, you will be granted the Associate of (ISC)2.  You will have six years to obtain the work experience and become a CISSP.

About this Book

  • The Exam has 8 Main Topics
  • We’re going to cover each topic in order
  • This is the best way because some readers have advanced knowledge and just need to brush up on specific topics, while other people are starting from the very beginning
  • Sometimes that won’t make sense because we are explaining an advanced concept before explaining a basic concept, but I will explain concepts as necessary
  • Keep everything in the back of your mind; you might choose to go back and re-read a section

Some Key Words

The guidelines use some key verbs that you should know

  • Address – think about and deal with an issue
  • Adhere to – follow the practices of
  • Analyze – examine in detail
  • Apply – put to use
  • Assess – evaluate the nature of something
  • Classify – arrange according to different qualities or characteristics
  • Collect – bring together or gather
  • Conduct – organize or carry out
  • Contribute to – give in order to achieve something
  • Control – determine the behavior of something
  • Determine – ascertain or establish a reason for something
  • Design – decide upon the look and/or function of something
  • Develop – construct something
  • Document – record in written or other permanent form
  • Enforce – compel observance of a rule or regulation
  • Ensure – make certain of something
  • Establish – set up on a firm basis
  • Evaluate – determine the value of something
  • Facilitate – make an action easier
  • Identify – establish what something is
  • Implement – put into effect
  • Integrate – combine multiple objects into one
  • Maintain – cause a condition to continue
  • Manage – be in charge of something
  • Mitigate – make less severe
  • Operate – control the function of something
  • Participate – take part in something
  • Prioritize – rank in order of importance
  • Promote – encourage something
  • Protect – keep safe from harm or injury
  • Select – choose from a number or group
  • Test – determine the quality or performance of something
  • Understand – interpret something
  • Validate – check the accuracy of something