Showing posts with label (ISC)2 certification. Show all posts
Showing posts with label (ISC)2 certification. Show all posts

Thursday, 6 July 2017

Nominate for (ISC)2’s Information Security Leadership Awards

(ISC)2’s EMEA Information Security Leadership Awards (ISLA) is the perfect opportunity to recognise the excellence and hard work of information security professionals - and nominations are now open!

The (ISC)2 EMEA ISLA awards are unique in that they provide the cyber security community with an opportunity to acknowledge professionals that have distinguished themselves under specific projects, programmes and initiatives.


Your nominee could be a well-known figure, a standout leader or even an unsung peer of yours working tirelessly in the background.
  
Nominations are open until the 12th of July 2017, midnight BST and are open to all professionals in information, cyber, software or infrastructure security in the EMEA region.

You can submit your nominations here.

Award Categories:
You can nominate individuals (both (ISC)2 members and non-members) in the following four categories:



Senior Information Security Professional: This goes to someone that has significantly contributed to the enhancement of the information security workforce by demonstrating a leadership role in any security workforce improvement initiative, program or project. Ideally, this nomination should have at least five years of experience in an information security role.  

Information Security Practitioner: This award acknowledges an individual that has distinguished themselves by implementing and/or managing the implementation of a component of a security programme. Nominations typically should have at least three years of experience in an information security role.

Up-and-Coming Information Security Professional: This award recognises a person who is a new, rising star in the information security field. The project, improvement or initiative may not relate to leadership and instead may relate to their current position or education.

Woman Information Security Professional: This will be awarded to a female who has contributed to women’s representation in the profession and raised awareness to encourage vocations among women. The ideal nomination should have at least three years of relevant industry experience.

Who’s the judge?
Submissions will be judged by members of the Europe, Middle East and Africa Advisory Council (EAC) and will consist of the following industry leaders:
  • Yves Le Roux, CISSP, CISM: Co-chair of the (ISC)2 EMEA Advisory Council 
  • Dr. Yiannis Pavlosoglou, PhD, CISSP: Strategic Change Manager for Operational Resilience at UBS.
  • Tom Gamali, CISSP, CISA: Head of Group Technology Risk and Business Continunity Management for Kuwait Finance House
  • Rainer Rehm, CISSP, CISM: Security Architect at MAN and one of the founding members of The (ISC)2 Chapter Germany 
  • Sofiane Chafai, CISSP: Information Security expert with over 15 years' experience in managing ICT and security projects 
  • Paco Hope, CISSP, CSSLP: Recognised expert in the field of software security. He is the author of two security books, a frequent conference speaker and a regular online author 

Award Ceremony:
Awards will be hosted at the (ISC)2 Secure Summit in London in December. This will also act as the perfect opportunity to bring together our community and celebrate the achievements and commitment to excellence that we all continue to strive for.

Shortlisted nominees from different countries will be sponsored to attend the event. 

For more details on how to submit your nominations and what the judges are looking for, check out this guide

Wednesday, 9 September 2015

Your Ultimate CISSP FAQ

 By Sarah Morgan

The CISSP is a hugely popular certification that carries a great deal of prestige and may be something you’re striving for in the future.

How much do you really know about the CISSP? This ultimate CISSP FAQ will start from the basics to ensure you know all there is to know about this gold standard security certification.

Q: What is a CISSP?

A: CISSP stands for Certified Information Systems Security Professional. Achieving the certification proves you are accomplished at the management level of information security. Developed by globally recognised (ISC)2, it has become established and well-respected within the industry and is now a key component in the selection process of Chief Information Officers.



Q: What does the course cover?

A: The CISSP course begins by ensuring you understand the concepts and principles behind information security and why they are important. You’ll then build up to learn how to protect your business from various angles and how to apply management skills to information security through (ISC)2’s eight domains.

Everything you’ll cover will be from (ISC)2’s CISSP CBK (common body of knowledge). This ensures what you learn is approved and thorough, covering all components of information security management. The full list of the domain titles are as follows:


  • Domain 1 – Security and Risk Management 
  • Domain 2 – Asset Security
  • Domain 3 – Security Engineering
  • Domain 4 – Communication and Network Security
  • Domain 5 – Identity and Access Management
  • Domain 6 – Security Assessment and Testing
  • Domain 7 – Security Operations
  • Domain 8 – Software Development Security


Q: How will it help me on a day-to-day basis?

A: The skills you’ll learn on your CISSP course will improve the depth of your knowledge, filling in gaps, and making you more skilled at what you already know and do. You will also become more proficient and prepared for dealing with a vast range of security threats.

For example, the breadth of topics covered ranges from cryptography to implementing disaster recovery processes. Whatever your current or future job role in information security, you’re sure to gain knowledge and skills that will help you on a daily basis.

Q: Who is the CISSP aimed at?

A: The CISSP is an advanced certification. This means it is directly aimed at senior and experienced security professionals who will realistically be able to pass the exam and find it useful.

However on a more grand scale, anyone looking into senior information security roles can target the CISSP as a long term goal. Even if you’re not quite the perfect candidate to take the CISSP yet, there’s nothing stopping you in the long term.

Q: What jobs can I do with a CISSP?

A: The CISSP has the potential to lift you into security roles that are the pinnacle of the field. Below are just a small sample of the sorts of job roles that you could access after becoming CISSP certified:


  • Chief Information Security Officer
  • IT Security consultant
  • Senior Security Engineer
  • Head of Cyber strategy
  • Security Specialist
  • Chief Security Architect
  • Security Assurance Analyst
  • Technology Consultant Manager
  • Cyber Security Senior Manager
  • Information Risk Manager
  • Head of Risk & Compliance




Q: How much can I expect to earn with a CISSP?

A: Of course the salary you can earn depends on what else is in your skillset and the job roles listed above do have varying salaries. According to itjobswatch.com, the lower tier of the jobs you could be doing average salaries between £40,00-£50,000. These are roles like IT Security Consultant, Security Specialist and Security Assurance Analyst.

However, the more senior roles, like Chief Information Security Officer, Head of Cyber Strategy, Chief Security Architect and Cyber Security Senior Manager, average salaries between £70,000-£100,000. The CISSP is one of the best certifications as a gateway to such high level jobs with that kind of salary and responsibility – especially in a field with such intense competition.

Q: Can anyone take the CISSP course?

A: Because the CISSP is such an advanced certification, there are prerequisites that you must meet before you are able to sit the course.

Initially, you must have at least five years of professional information security experience, as well as a university degree. The nature of the security industry also requires you to agree and commit to the Code of Ethics and criminal history check. On top of this, after passing the certification, your application must be endorsed by another qualified information security professional.

However, do not be put off. These prerequisites are only in place to ensure that you and have the experience and ability to pass the course and put what you’ve learnt into practice in the real world afterwards.

Q: What happens if I don’t meet the prerequisites?

A: If you don’t currently meet the requirements for the CISSP – (ISC)2 offer a range of courses for varying experience and skill level. The full list here.

The SSCP is designed for those who don’t meet the CISSP prerequisites. Also developed by (ISC)2 from its CBK, it covers seven very similar domains, at a lower level. The bonus is, it only requires one year of experience in the information security field – a fantastic stepping stone to get you onto the CISSP.

There are also many other security certifications that can help boost your skills. From EC-Council’s Certified Ethical Hacker, to CompTIA’s Security+, there is a certification out there than can help you get the skills you want in the security industry, whatever your current situation.

Q: What are the exams like?

A: The CISSP exam consists of 250 multiple–choice, four option questions. It’s a lot of questions, but you have six hours in which to do them. All exams are meant to test you and prove that you are a certain standard, otherwise the certification wouldn’t be worth anything. The CISSP is no different and is a tough exam to pass, hence the qualities stated in the prerequisites. But don’t feel daunted, obviously people do pass it, it just takes commitment and hard work. It’s also worth noting that the exam questions change every two weeks, so you’re not facing the same questions each time.

Q: What happens if I fail?

A: Obviously nobody likes to fail, but it doesn’t mean the end of your aspirations and possibility of you getting CISSP certified. (ISC)2 policy states you can retake an exam 3 times in a year. If it’s the first time you’ve failed it, you’ll be able to sit another exam just 30 days afterwards.

Q: When can I get on a CISSP course and get certified?

A: The CISSP is a hugely popular course, which is why there is usually always a course running soon that you can get yourself on. At Firebrand there is between 1 and 3 courses a month. The Firebrand course is also just seven days and also includes the official (ISC)2 exam at the end of it. That means depending on availability, you could be CISSP certified by the end of next week.

 About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Thursday, 21 May 2015

Brand new (ISC)2 CCSP and Microsoft MCSD: Azure Solutions Architect courses from Firebrand


By Sarah Morgan


With IDC predicting 7 million cloud jobs created by 2015, mastering cloud technology can lead to a fulfilling and profitable career.

And to help you build – and prove – your knowledge of cloud computing, Firebrand has launched two brand new career changing accelerated cloud certification courses:



(ISC)2 Certified Cloud Security Professional (CCSP) - only six days

On this six day accelerated course, you’ll get the knowledge you need to secure your organisation’s cloud infrastructure.

Your business may be using an outdated approach to cloud technology which could open the way for costly and embarrassing cyber-attacks. To prevent these malicious attacks, businesses around the world need CCSP certified professionals with advanced cloud security skills.

Achieve the CCSP and you’ll learn how to secure cloud environments & purchased cloud services. You’ll also study:

  • Cloud data, platform, infrastructure and application security
  • Architectural concepts & design requirements
  • Compliance and legality
  • Operations

This advanced certification, developed by leading information security organisations, the Cloud Security Alliance (CSA) and (ISC)2, proves your cloud security expertise at a global level – get it in only six days.



Microsoft MCSD: Azure Solutions Architect - only seven days

Get four Microsoft certifications in only seven days on this accelerated Microsoft MCSD: Azure Solutions Architect course.

You’ll learn how to migrate your existing on-premise infrastructure to Azure – Microsoft’s globally integrated cloud platform.

Plus, get the skills you need to design websites, application storage and infrastructure in Microsoft Azure.

On this course you’ll achieve a Microsoft MCSD and three Microsoft Specialist certifications, by studying and passing these Specialist courses:
  • Developing Microsoft Azure Solutions
  • Implementing Microsoft Azure Infrastructure Solutions
  • Architecting Microsoft Azure Solutions


190+ courses and counting

Firebrand’s portfolio now exceeds 180 accelerated courses from vendors like Microsoft, Cisco, and CompTIA.
(ISC)2

We’re committed to developing new accelerated courses. To stay up to date with our newest and most cutting edge training follow us on Twitter, Facebook and Google+ and LinkedIn.

Find out how you can get certified at twice the speed and take a look at our full range of accelerated training.


Related articles

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 13 April 2015

Crack the new CISSP CBK with these CISSP training resources


By Sarah Morgan


Your CISSP exam and curriculum is changing. With the release of a brand new exam blueprint and updated CISSP domains imminent, the material you're revising now will soon be out of date.

The switch will be made on April 16th 2015, when the ten CISSP CBK domains will be reduced to eight.


As a result of this refresh, the CISSP exam will be altered to reflect the new CBK changes (but will remain the same format). Any training or revision material you use must also be updated, or you’ll risk revising irrelevant content!

Don’t get caught out by the 2015 domain refresh. Take a look at these up-to-date revision resources, aligned to the 8 brand new CISSP domains.


1. Official (ISC)2 Guide to the CISSP CBK, Fourth Edition (ISC2 Press) Hardcover – 10 Apr 2015 
ISBN-13: 978-1482262759

Released last week, you don’t get any more up-to-date than (ISC)2’s Official Guide to the CISSP CBK.

This official guide, endorsed by (ISC)2 and edited by Adam Gordon, covers the refreshed technical content added to the CISSP CBK. The book provides a comprehensive guide to the eight CISSP domains and includes illustrated examples, practical exercises and real-life scenarios.

How to buy it:


And remember, if you’re an (ISC)2 member, you’ll get 50% off Official (ISC)2 textbooks!


2. The NEW 2015 CISSP Exam. Brace Yourself (and prepare yourself)! Webcast with Dave miller

Dave Miller has been an IT security specialist since 1980, is a published author and lecturer. So it’s no surprise he’s been following the new CISSP CBK with interest.

His comprehensive webcast, originally hosted March 17th 2015, is now available for free online at Oreily.com. The 93 minute webcast covers an abundance of CISSP topics including:

  • A review of the 2012 CISSP certification exam
  • The new CISSP 2015 examination
  • CISSP certification requirements
  • New test-worthy topics
  • How to prepare for the new CBK and CISSP exam
  • Conclusion: Q&A

To watch the webcast, sign up here.


3. (ISC)2 Overview & Key areas of knowledge in the 8 new CISSP domains

(ISC)2 has released a candidate information bulletin in line with the new CISSP exam blueprint. This massive document includes overviews of each of the 8 brand new CISSP domains alongside the key areas of knowledge you’ll need to understand to pass your exam.

This resource is excellent for any professional who needs a quick refresher on what’s contained in the new CISSP domains.

However, don’t treat the information found here as replacements for experience or knowledge - (ISC)2 state that, “[The candidate information bulletins] were developed to provide candidates with basic information…the outlines are not intended to be in-depth reviews of the examination.”

Access the document here.


4. (ISC)2 sample exam questions

Also included in the (ISC)2 CISSP candidate bulletin are sample questions, aligned to the new exam blueprint. We’ve included them below:


1. Which one of the following is the MOST important security consideration when selecting a new computer facility?

a. Local law enforcement response times
b. Adjacent to competitors’ facilities
c. Aircraft flight paths
d. Utility infrastructure

2. Which one of the following describes a SYN flood attack?

a. Rapid transmission of Internet Relay Chat (IRC) messages
b. Creating a high number of half-open connections
c. Disabling the Domain Name Service (DNS) server
d. Excessive list linking of users and files

3. Which one of the following is a limitation of fuzzing, as it relates to secure software development best practice?

a. Access to the source code is required
b. Not all discovered issues are exploitable
c. Issues must be accessible through an open interface
d. Is not suitable where code development is outsourced

Find the answers on Page 33 of the CISSP candidate bulletin.


Got a burning CISSP question?

If you’ve got more questions, take a look at our CISSP FAQ covering the new exam blueprint.

And if you need to get certified with accelerated CISSP training, good news – Firebrand are the only authorised (ISC)2 partner in the UK and will be teaching the latest 2015 CISSP material from the 20th April 2015.


Related articles:



About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 13 February 2015

CISSP domain changes incoming


By Sarah Morgan


As the modern information security landscape changes, the CISSP exam has to change with it. Effective April 15 2015, the CISSP will be based on a new exam blueprint and feature updated domains.

Refreshed content has been added to the Official CISSP CBK to reflect the most current topics in the information security industry. As a result, the updated CISSP exam will continue to accurately reflect the technical and managerial competence required by information security professionals.




Those familiar with (ISC)2 will not be surprised by their latest domain refresh. As (ISC)2 themselves state – “We conduct this process on a regular basis to ensure that the examinations and subsequent training and continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.”

What’s changing?

Effective 15 April, 2015 the CISSP domains will look like this (find the current domains here):

  1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity) 
  2. Asset Security (Protecting Security of Assets)
  3. Security Engineering (Engineering and Management of Security) 
  4. Communications and Network Security (Designing and Protecting Network Security) 
  5. Identity and Access Management (Controlling Access and Managing Identity) 
  6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) 
  7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery) 
  8. Software Development Security (Understanding, Applying, and Enforcing Software Security) 

The keen eyed will notice that the domain refresh reduces the number of domains from ten to eight. However, (ISC)2 stress that the CBK remains as comprehensive as ever. Content has been ‘refreshed and reorganised to include the most current information and best practices relevant to the global security industry.’


FAQ


Q. How does the refresh affect the CISSP prerequisites?

A. The prerequisites will not change. You will still be required to possess a minimum of five years of cumulative paid full-time work experience in two out of the eight domains.

Q. I already hold the CISSP – how will these changes affect my CPE submissions?

A. Starting April 15, 2015 all CISSPs will be required to submit their continuing professional education credits in accordance with the refreshed CISSP domains.

Q. Will the new domains affect the number of exam questions, or duration of the exam?

A. No – your CISSP exam will still have the same number of questions and the time you are allotted will not be affected.

Q. Will there be new training materials for the CISSP?

The content within (ISC)2 training materials will be updated to align with the new CISSP domains. See the below table to find the launch dates for these new training products.

Q. Where can I find more information?

A. Refer to (ISC)2’s official FAQ or blog post for more information regarding the CISSP domain refresh.


Related articles:


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 31 October 2014

(ISC)2 CISSP – Official vs. Unofficial


By 


Unofficial training can often seem like a more viable alternative to its official counterpart. It may often be cheaper, but it’s a false economy – you might not be aware of all the benefits of official training.

How much better really is it to get your CISSP with an official (ISC)2 provider?

Instructors


With an authorised (ISC)2 training provider, you’ll be learning from official CISSP instructors, vetted and trained by (ISC)2 themselves.

Conversely, unauthorised instructors are not taught or trained to deliver official (ISC)2 material.  There’s no vetting process for unauthorised instructors, so you’ll be relying on your training providers opinion and this might not align with (ISC)2’s strict guidelines.


Course material


When going official you’ll get the latest (ISC)2 training materials.  When considering that the CISSP exam questions are entirely rewritten roughly every two months, possessing this up-to-date material is crucial.

(ISC)2 make sure their exams continually evolve and stay current with information security trends and practices.  Every CISSP exam even features a set of secret ‘dummy questions’ (questions which won’t count towards your final score but are used by (ISC)2 to gauge the suitability of new exam questions).

(ISC)2 are clearly committed to staying up-to-date. To beat the CISSP exam, you’ll have to as well. This means getting access to official (ISC)2 course material.

Use unofficial course material and you run the risk of studying a dated curriculum and obsolete materials. This is because unofficial courses simply don’t have access to the official material.


Practice exam papers


We’ve all taken advantage of practice exam papers as a brilliant method of revision. Nothing can beat the realism that a practice paper provides; knowing exactly what you’re up against can often mean the difference between a pass and a fail.

Going into an exam without having seen a past paper can be a gruelling experience. Luckily, authorised (ISC)2 training providers have access to official past papers.

Unfortunately, unauthorised training providers just don’t have access to these infinitely useful revision tools. Worst case scenario you’ll be working on questions which just aren’t aligned to the exam your about to take.


Taking the exam


Official (ISC)2 training providers are able to provide your exams onsite. That means you won’t have to spend £498 on the exam voucher and get yourself down to an exam centre.

Instead, you’ll just be sitting your exam in the same facility that you’re already studying in. As you might imagine, unofficial providers can’t offer the exam – you’ll have to make your own arrangements.


Bonus: Get CISSP certified with the only official (ISC)2 provider in the UK

Firebrand are immensely proud to be the only official (ISC)2 training provider in the UK. This CISSP course just doesn't compare. Here’s just how different it is:


You’ll get certified in only 7 days and still get more hours of learning than anywhere else

Firebrand’s official (ISC)CISSP Boot Camp is just 7 days. This includes taking and passing your CISSP exam as well as receiving your instant exam results at the training facility on the last day of the course.

You’re learning day will last from 9:00am to 9:00pm – that’s 12 hours of actual training each day. With the best similar training providers you’ll only be learning from 9:00am – 5:00pm.

On day 6 of our 7 day course, you’ll get an entire 12 hour exam preparation day. During this day your (ISC)authorised instructor will explain the methods and techniques you need to know to pass your exam.

No distractions

You’ll be better prepared to achieve first-time success when you can focus entirely on achieving your CISSP for seven entire days. And once your exam is completed on your last day, your objective is complete, in no time at all.

You’ll essentially be putting a ‘Do Not Disturb’ sign up on the door to your life. So far Firebrand has trained over 55,000 students in this total-immersion and distraction free environment.

And…

That’s not to mention that other training courses don’t provide accommodation, an exam voucher or even exam delivery.

Find out more about Firebrand’s unique CISSP course on the Firebrand website.

Related articles:

-          How to become a CISSP
About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 24 October 2014

How to become a CISSP


By 


CISSP is a global standard, widely recognized as the information and cybersecurity benchmark certification.

It’s an advanced cert that demonstrates a wealth of IT security knowledge and experience. If you want to ascend the ranks of information security, a CISSP can be an incredibly valuable asset.

The CISSP is a demonstration of your information security acumen and fundamental step for the senior role of Chief Information Security Officer (CISO). With the CISSP, you’ll have a common baseline and standardisation of knowledge, a proven record of ethics and a solid reputation of professional conduct (crucial for a business leader and any striving for senior level positions).

How to become a CISSP

The journey to becoming a CISSP takes hard work and dedication. If it didn’t, this certification wouldn’t be so valuable.

There are five steps to becoming (and maintaining a) CISSP:
  1. Meet the experience requirements
  2. Pass the exam 
  3. Obtain an Endorsement
  4. Prepare for an Audit
  5. Recertification

Don't let the bad guys in.
morguefile / larryfarr

1. Meet the experience requirements 

In order to even register for your CISSP exam, you’ll need to prove you possess five (or more) years of professional experience in information security. 

Plus, you’re history of professional experience must have involved at least two of the following 10 domains present in the CISSP Common Body of Knowledge (CBK):

  1. Access Control
  2. Telecommunications and Network Security
  3. Information Security Governance and Risk Management
  4. Software Development Security
  5. Cryptography
  6. Security Architecture and Design
  7. Operations Security
  8. Business continuity and Disaster Recovery Planning
  9. Legal, Regulations, Investigations and Compliance
  10. Physical (Environmental) Security 

(ISC)2 provide one-year reductions in professional experience if you possess on of the following:

  • A four-year college degree
  • You hold a credential from (ISC)2’s approved list. Examples include: MCSE, MCSA, MCITP CompTIA Security+, the CISA / CISM and the CCNP (to name just a few)
  • An advanced degree in information security from the U.S. National Centre of Academic Excellence in Information Assurance Education (CAE/IAE)

It’s worth noting that you cannot combine these qualifications, regardless of how many you possess, you can only receive a maximum reduction of one year.


2. Pass the exam

So you’ve accumulated 5 years of information security experience (or 4 years with the 1 year waiver) and your work embraces two of the 10 CISSP CBK domains.

But before you can even sit the exam you’ll also have to complete the Candidate agreement, confirming your aforementioned experience, and legally committing to the Code of Ethics. You’ll then be required to successfully answer four questions regarding your criminal history and related background.

Now you just need to pass the exam, right? Well, as you can imagine, passing the CISSP exam is going to take some serious preparation.

In fact, in the words of (ISC)2 – ‘The vast breadth of knowledge and experience required to pass the CISSP is what sets it apart.’

The CISSP exam will test your knowledge of the 10 CISSP domains. Achieving the standard of knowledge you need to pass the exam takes time and dedication.

Many CISSP holders recommend taking up to 15 days off work, just to round off your 4 month revision journey. If you can’t afford to take this much time off work, there are always more efficient ways to achieve your CISSP, like training courses or varying speeds.

Now, book the exam – do it early and you’ll save money. But, please note: some training providers do include the exam cost in their training package.

Either way, it’s time for your exam. Be ready for a test of endurance – you’ll have 6 hours to answer as many of the 250 multiple choice questions as you can. 
 

3. Obtain an Endorsement 

Congratulations, you passed your exam! But you’re not done yet. You’ll now have to proposition an active (ISC)2 credential holder to attest to your industry experience.
They’ll have to fill out an endorsement form for you. Once (ISC)2 receives and approves the endorsement, you can finally take up the mantle of a fully-qualified CISSP.


4. Prepare for an audit

(ISC)2 randomly submits some of its CISSP professionals to audits. It’s never a good idea to skew the facts on your application, especially so if you’re singled out for an audit.

If you are found to have incorrect or falsified data on your application, you’re going to lose your CISSP. Honesty really is the best policy.


5. Maintaining your certification 

To remain a member of the (ISC)2, and to keep your CISSP certification, you must:

  • Abide by the (ISC)2 Code of Ethics
  • Obtain and submit the required Continuing Professional Education credits (CPEs)
  • Submit Annual Maintenance Fees (AMFs) upon receipt of annual invoices

The information security landscape is constantly in flux, perhaps no more so than information security. As a result, your CISSP must be maintained with CPEs – a minimum of 20 CPEs every year for the first two years of the three-year cycle.

Even if you satisfy the CPE requirements of your first or second year, your tally must still equal 120 by the end of the third year.

CPE’s can be gained through live educational events and online seminars (available to (ISC)2 members only).

If your certification is terminated, you’ll need to retake the examination before you can return to being CISSP certified. You’ll also be charged a $35 reinstatement fee upon recertification (though this pales in comparison to working through the 6 hour exam once more).



Got what it takes?

If you’ve got the experience, determination and drive to crush the CISSP but don’t want to take several weeks off work – try an accelerated course. You could be certified in only 5 working days.

Related articles:


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Tuesday, 13 May 2014

Three killer resources to prepare you for CISSP exam success

By

As we move into 2014, demand for skilled cyber security professionals holding the CISSP credential is at an all time high. Continued media coverage of high profile hacks and a growing skills gap within the cyber security industry will only continue to fuel that demand. 

As it stands there are currently 4607 certified CISSP's in the UK, according (ISC)2 member count, yet ITJobsWatch reports more than 1000 vacancies highlighting the CISSP certification as a requirement. With an average salary of £56,125 (up 12.25% on 2013) and the plethora of available jobs, now has never been a better time to consider becoming a CISSP. 

So to help you on your way to becoming a certified CISSP, we've put together three killer resources to help prepare you for exam success.


Buy the Official CISSP CBK


In my opinion, it's always best to go official, so make sure you get your hands on, the Official (ISC)² Guide to the CISSP CBK (common body of knowledge). It might be more expensive than other guides and it's often tempting to go for a cheaper alternative, but that is often a false economy with the Official guide being more comprehensive and up to date. If an exam vendor isn't providing you with one of the best guides to success, then something is certainly amiss.

The current CISSP CBK guide is in its Third Edition and is reflective of all the latest developments in what is an ever-changing field. Examples of new topics reflective of these developments include mobile security and cloud computing. You can attain the guide in three formats:
  • Hardcover
  • iTunes - can be bought in single modules or all ten domains
  • Kindle - can be bought in single modules or all ten domains


Work through the CISSP Essentials Security School


Another fantastic and FREE resource from Search Security is the CISSP Essentials Security School. You'll have to trade your name and email to set-up an account, but in return you'll get 10 lessons covering each domain, 450 minutes of video presentations, an insiders guide to each domain and a quiz simulating prep questions reflective of the real exam.

The resource is put together by Shon Harris a CISSP, MCSE and President of Logical Security.


Free CISSP webcasts straight from (ISC)2


(ISC)2 released a series of ten free CISSP webcasts which will run you through exactly what you need to know before attempting the exam. They consist of a detailed overview of each domain covered in the exam as well as all the knowledge expected of a CISSP. This is a must view before you even consider taking an exam.



So there you have it, three killer resources to help you prepare for exam success. If you're still in doubt about the value of CISSP, check out this short video. 


About the Author

As part of Firebrand's global marketing team, Edward actively works to serve the IT community with news, reviews and technical how to guides. Working in the Industry for almost 3 years years, Edward has a wide variety of experience with Microsoft Technologies including SharePoint and Windows Server and Exchange Server. Edward is an active member of the IT community contributing to a variety of tech publications including Microsoft TechNet, Channel Pro and PC Advisor among others.

Monday, 25 November 2013

Yves Le Roux: How infosec pros can help EU data protection


By 


(ISC)2’s information security professionals publish articles regularly on Computerworld UK’s Infosecurity Voice blog. This time the author is Yves Le Roux, policy group lead at the (ISC)2 EMEA advisory board, who blogged about how “infosec professionals can help shape EU data protection”.  

Governments have finally realised the importance of recognising and controlling information security risk. With the new draft data protection legislation the EU’s cyber security strategy has made its first steps towards addressing the risks that people and businesses face on a daily basis in today’s technology-dependent world.

Although the initiative is taking on a serious matter, it does not mean that legislators have the relevant experience and knowledge to understand the impact and response that may be needed.
The new legal framework will affect us all; therefore it is vital that everybody involved considers the influence of such legislation.


It’s a task of great significance, so the advising security professionals must get to know the legislation first. Once all aspects, including the overall intent as well as the actual measures, have been assessed, infosec pros may point out all infeasible elements and make suggestions.

All in all, “the job ahead for legislators, privacy and compliance professionals as well as technology and information security professionals  is to understand the intent of what needs to be achieved , and then come together to understand the structures required to govern and properly manage the intent.”

To read the full article by Yves Le Roux visit Infosecurity Voice

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, 13 November 2013

John Colley: What you need for effective security


By 


John Colley, Managing Director of (ISC)2 EMEA publishes regularly on Infosecurity Voice. His latest article argued that “governance, risk management and compliance are not enough on their own”.
In recent years staffing and talent development have become increasingly important to all industries and IT security is no exception. Given the significance of the matter, senior security executives should take the time and put new talent under scrutiny.
Without new talent and further development of existing personnel in the security field, you may have to deal with serious consequences. Since cyber security challenges are rapidly-evolving alongside the non-stopping emergence of new technologies, companies and IT security professionals must make every effort to stay ahead of the curve.

According to a new report released by (ISC)2, based on responses from more than 1,600 c-level executives globally, the senior C-suite is aware of the security threats, but because they are occupied by reacting to organisational and compliance requirements, they are unable to spend the time to put adequate measures in place to effectively tackle security issues. 
Governance, risk management and compliance (GRC) policies take up nearly three-quarters of senior security executives’ time; especially in the fields of financial services, insurance, banking and government.
To learn more about the C-suite’s security challenges, read the full article on the ComputerworldUK Blog.  
About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, 31 July 2013

Data breaches linked to cyber skills shortage - the importance of certification


By 


The shortage of skilled professionals in cyber security is responsible for the high levels of data breaches according to the (ISC)² Global information Security Workforce Study (GISWS). This is having a weighty effect on the global economy, according to the study of more than 12,000 information security professionals worldwide conducted by Frost & Sullivan.

Lack of qualified professionals is the top concern of over half (56%) of chief information security officers (CISOs) alongside hacking. Hacktivism (43%) and cyber-terrorism (44%) are also major worries.

The report concludes that the major shortage of skilled cyber security professionals is negatively impacting organisations and their customers.

The executive director of (ISC)², Hord Tipton, stated that data breaches have an economic effect: “Now, more than ever before, we’re seeing an economic ripple effect occurring across the globe as a result of the dire shortage of qualified information security professionals we’ve been experiencing in recent years”. He added: “Underscored by the study findings, this shortage is causing a huge drag on organisations. More and more enterprises are being breached, businesses are not able to get things done, and customer data is being compromised.”

Given the high levels of cyber espionage, hactivism, and nation-state threats, Tipton stated that the time is now for the public and private sectors to join forces and close this critical gap.  “We must focus on building a skilled and qualified security workforce that is equipped to handle today’s and tomorrow’s most sophisticated cyber threats”.

In the 2011 GISWS, it was found that there is a problem upstream, a major shortage of software development professionals trained in security. With cloud security, bring-your-own-device (BYOD) and social network, there is more threats from malware and mobiles devices.

According to the report, a multi-disciplinary approach is required to address the risks in BYOD and cloud computing. 74% of respondents thought new security skills are required to meet the BYOD challenge and 68% that social media is a security concern, with content filtering being the top security measure used.

“The business model of cyber criminals is changing and therefore information security professionals need to change to address that and adapt their approach to new and emerging technologies,” said Richard Nealon, co-chairman (ISC)2 Advisory Board for Europe, Middle-East and Asia.

“This survey shows that we need to rethink our approach to the skills challenge. We need to look at the problem from the top down, not the bottom up,” added the managing director, John Colley.

Other key findings from the study include:


Information security is a stable and growing profession. Over 80% of respondents reported no change in employer or employment in the past year, and 58% reported receiving a raise in the past year.  

The number of professionals is projected to grow steadily by more than 11% a year over the next five years. The average annual salary for (ISC)² certified professionals is £66,330 globally, which is 33% higher than professionals without an (ISC)² certification.

Knowledge and certification is considered highly important in job placement and advancement. Almost 70% view certification as an important indicator of competency when hiring. Almost half of companies (46%) require certification. 60% of those surveyed plan to acquire certifications in the next 12 months, and the CISSP is still the top certification in demand. 

This figure is the same for the UK. If you want to find out more about certifications, we recently wrote an article on our top four IT security certs, you can find it here.

How to boost cyber security skills:


To end the shortage of cyber security skills, three actions are required according to Richard Nealon, co-chairman (ISC)2 Advisory Board for Europe, Middle-East and Asia.

1.   More engagement from businesses is needed with the IT security profession. Opportunities need to be made available to existing and prospective infosec professionals and provide incentives to stay. “By providing internships, for example, businesses can open the door and enable people to see if they are suited to a career in infosec,” said Nealon. He added that “The average age of skilled information security professionals in the UK is 43, we are not getting enough young people into organisations where they can learn as they work”.

2.   The Government needs to take on its responsibility of further promoting IT security as a key skill that is essential to the protection of critical national infrastructure. Nelson stated that “Government should encourage scholarships and help create training and employment opportunities”. 

3.   The educational industry should work harder to ensure their IT courses have a stronger focus on security. They should also offer more courses on cyber security and make them attractive to prospective students. “For example, a course in ‘forensic cyber security’ is much more attractive than a ‘bachelor is information security’,” said Nealon. “There is also a gender imbalance that needs to be addressed. Worldwide, 89% of infosec professionals are male, but in the UK the figure is 93%,” he added. These institutions should further promote IT security as a career, particularly to women as the gender imbalance is not good for the industry.

About the Author:
Julian writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Julian is the companies Digital Marketer.

Thursday, 23 May 2013

Government launching new cyber security squad



By 


The Coalition has announced plans to create two new cyber security teams, which will look to strengthen the nation’s virtual defences.

Two new teams will be created to bolster the nation’s virtual defence, said the Coalition.

In a statement written recently to Parliament, the new squad will be created for the ministry of Defence (MoD). The minister for the cabinet office, Francis Maude stated that "attacks on government departments continue to increase”.  The UK’s Cyber Security Strategy got a powerful boost thanks to the £650 million investment in the nation’s digital infrastructure last year.

By DGH source: Technology Moral Dilemma blog
July 1, 211

A cyber security squad

Maude, promises to “Improve national co-ordination of cyber incidents and act as a focus point for international sharing of technical information on cyber security” . In addition to this, a Cyber incident Response scheme was launched by GCHQ’s information assurance arm CESG and Centre for the Protection of National Infrastructure (CPNI) earlier this year, which will be equipped to help the new force.

Maude stated that the cyber reserve will “draw on the wider talent and skills of the nation in the cyber field”, and will not use the armed forces unless needed. “The exact composition is currently in development and a detailed announcement will follow in 2013”.

In a document from the Cabinet Office, it states that “The Services will engage additional experts to support their work in defending against the growth in cyber threats. These will be supporting roles to the Joint Cyber Units across the full spectrum of cyber and information assurance capability.  A series of events are being held with industry on how the scheme will work”.

Industry watchers have welcomed the two initiatives. Raj Samani, UK CTO for security firm McAfee, said the squad would help fill the public sector skills gap when it came to cyber issues. “From the cyber perspective, of course ideally we would all want a full time ready and able cyber team capable of addressing the issues facing the UK,” Samani told TechWeekEurope.

He added, “However with the cyber security skills shortage facing all sectors, such an approach is absolutely necessary until we are able to have this full time capability.  This of course places greater dependency on the need for cyber security training and getting the skills of reservists at the right consistent level. What this, and the new national CERT really emphasizes, however, is the need for a strong public-private partnership.  Not only in terms of providing resources, but also the intelligence in terms of a real-time and global perspective necessary in understanding the threats facing the UK.”

A permanent information sharing environment is going to be set up called CISP (no not CISSP for you security professionals out there). CISP stands for the Cyber-security Information Sharing Partnership . Maude said that his one is now in place since January. He stated that “attacks on government departments continue to increase”, so the

Industry experts and the government worked together on CISP, which will be open to critical national infrastructure sectors. Others will be able to have it later on in the year. Furthermore, the joint ‘Cyber Growth Partnership’, a representative body for the UK technology industry, was announced. This will consist of a “high level group which will identify how to support the growth of the UK cyber security industry, with an emphasis on increasing exports. In line with Government targets, at least 25% of GCHQ’s procurement budget is to be spent through SMEs to gain access to the vibrant innovation of these firms.” Said the government to confirm they will be increasing the proportion of cyber security contracts going to SMEs. 

Taking the opportunity


As the number of IT security threats continue to grow, the demand for the those to defend against it has become ever more important. IT security has become the fastest growing sector in the IT industry.

Opportunities in IT security are popping up everywhere so why not take it? Get the right security certification and earn on average £50,000. You can view our top four IT Security certs here.

Get your CISSP


CISSP is offered by the highly respected (ISC)2 vendor. CISSP professionals are always in demand and many businesses now require it. It’s one of the key certs employers and the government looks for to fill management-level information security positions. Having a CISSP demonstrates that you have a strong understanding of security concepts as well as the specific methodologies involved. It is very well known in the IT security community and has also become a requirement in many companies in order to join their IT security team. According to itjobswatch.co.uk, the average salary for a CISSP professional is £50,000.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.