Showing posts with label CISSP exam. Show all posts
Showing posts with label CISSP exam. Show all posts

Wednesday, 9 September 2015

Your Ultimate CISSP FAQ

 By Sarah Morgan

The CISSP is a hugely popular certification that carries a great deal of prestige and may be something you’re striving for in the future.

How much do you really know about the CISSP? This ultimate CISSP FAQ will start from the basics to ensure you know all there is to know about this gold standard security certification.

Q: What is a CISSP?

A: CISSP stands for Certified Information Systems Security Professional. Achieving the certification proves you are accomplished at the management level of information security. Developed by globally recognised (ISC)2, it has become established and well-respected within the industry and is now a key component in the selection process of Chief Information Officers.



Q: What does the course cover?

A: The CISSP course begins by ensuring you understand the concepts and principles behind information security and why they are important. You’ll then build up to learn how to protect your business from various angles and how to apply management skills to information security through (ISC)2’s eight domains.

Everything you’ll cover will be from (ISC)2’s CISSP CBK (common body of knowledge). This ensures what you learn is approved and thorough, covering all components of information security management. The full list of the domain titles are as follows:


  • Domain 1 – Security and Risk Management 
  • Domain 2 – Asset Security
  • Domain 3 – Security Engineering
  • Domain 4 – Communication and Network Security
  • Domain 5 – Identity and Access Management
  • Domain 6 – Security Assessment and Testing
  • Domain 7 – Security Operations
  • Domain 8 – Software Development Security


Q: How will it help me on a day-to-day basis?

A: The skills you’ll learn on your CISSP course will improve the depth of your knowledge, filling in gaps, and making you more skilled at what you already know and do. You will also become more proficient and prepared for dealing with a vast range of security threats.

For example, the breadth of topics covered ranges from cryptography to implementing disaster recovery processes. Whatever your current or future job role in information security, you’re sure to gain knowledge and skills that will help you on a daily basis.

Q: Who is the CISSP aimed at?

A: The CISSP is an advanced certification. This means it is directly aimed at senior and experienced security professionals who will realistically be able to pass the exam and find it useful.

However on a more grand scale, anyone looking into senior information security roles can target the CISSP as a long term goal. Even if you’re not quite the perfect candidate to take the CISSP yet, there’s nothing stopping you in the long term.

Q: What jobs can I do with a CISSP?

A: The CISSP has the potential to lift you into security roles that are the pinnacle of the field. Below are just a small sample of the sorts of job roles that you could access after becoming CISSP certified:


  • Chief Information Security Officer
  • IT Security consultant
  • Senior Security Engineer
  • Head of Cyber strategy
  • Security Specialist
  • Chief Security Architect
  • Security Assurance Analyst
  • Technology Consultant Manager
  • Cyber Security Senior Manager
  • Information Risk Manager
  • Head of Risk & Compliance




Q: How much can I expect to earn with a CISSP?

A: Of course the salary you can earn depends on what else is in your skillset and the job roles listed above do have varying salaries. According to itjobswatch.com, the lower tier of the jobs you could be doing average salaries between £40,00-£50,000. These are roles like IT Security Consultant, Security Specialist and Security Assurance Analyst.

However, the more senior roles, like Chief Information Security Officer, Head of Cyber Strategy, Chief Security Architect and Cyber Security Senior Manager, average salaries between £70,000-£100,000. The CISSP is one of the best certifications as a gateway to such high level jobs with that kind of salary and responsibility – especially in a field with such intense competition.

Q: Can anyone take the CISSP course?

A: Because the CISSP is such an advanced certification, there are prerequisites that you must meet before you are able to sit the course.

Initially, you must have at least five years of professional information security experience, as well as a university degree. The nature of the security industry also requires you to agree and commit to the Code of Ethics and criminal history check. On top of this, after passing the certification, your application must be endorsed by another qualified information security professional.

However, do not be put off. These prerequisites are only in place to ensure that you and have the experience and ability to pass the course and put what you’ve learnt into practice in the real world afterwards.

Q: What happens if I don’t meet the prerequisites?

A: If you don’t currently meet the requirements for the CISSP – (ISC)2 offer a range of courses for varying experience and skill level. The full list here.

The SSCP is designed for those who don’t meet the CISSP prerequisites. Also developed by (ISC)2 from its CBK, it covers seven very similar domains, at a lower level. The bonus is, it only requires one year of experience in the information security field – a fantastic stepping stone to get you onto the CISSP.

There are also many other security certifications that can help boost your skills. From EC-Council’s Certified Ethical Hacker, to CompTIA’s Security+, there is a certification out there than can help you get the skills you want in the security industry, whatever your current situation.

Q: What are the exams like?

A: The CISSP exam consists of 250 multiple–choice, four option questions. It’s a lot of questions, but you have six hours in which to do them. All exams are meant to test you and prove that you are a certain standard, otherwise the certification wouldn’t be worth anything. The CISSP is no different and is a tough exam to pass, hence the qualities stated in the prerequisites. But don’t feel daunted, obviously people do pass it, it just takes commitment and hard work. It’s also worth noting that the exam questions change every two weeks, so you’re not facing the same questions each time.

Q: What happens if I fail?

A: Obviously nobody likes to fail, but it doesn’t mean the end of your aspirations and possibility of you getting CISSP certified. (ISC)2 policy states you can retake an exam 3 times in a year. If it’s the first time you’ve failed it, you’ll be able to sit another exam just 30 days afterwards.

Q: When can I get on a CISSP course and get certified?

A: The CISSP is a hugely popular course, which is why there is usually always a course running soon that you can get yourself on. At Firebrand there is between 1 and 3 courses a month. The Firebrand course is also just seven days and also includes the official (ISC)2 exam at the end of it. That means depending on availability, you could be CISSP certified by the end of next week.

 About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Monday, 13 April 2015

Crack the new CISSP CBK with these CISSP training resources


By Sarah Morgan


Your CISSP exam and curriculum is changing. With the release of a brand new exam blueprint and updated CISSP domains imminent, the material you're revising now will soon be out of date.

The switch will be made on April 16th 2015, when the ten CISSP CBK domains will be reduced to eight.


As a result of this refresh, the CISSP exam will be altered to reflect the new CBK changes (but will remain the same format). Any training or revision material you use must also be updated, or you’ll risk revising irrelevant content!

Don’t get caught out by the 2015 domain refresh. Take a look at these up-to-date revision resources, aligned to the 8 brand new CISSP domains.


1. Official (ISC)2 Guide to the CISSP CBK, Fourth Edition (ISC2 Press) Hardcover – 10 Apr 2015 
ISBN-13: 978-1482262759

Released last week, you don’t get any more up-to-date than (ISC)2’s Official Guide to the CISSP CBK.

This official guide, endorsed by (ISC)2 and edited by Adam Gordon, covers the refreshed technical content added to the CISSP CBK. The book provides a comprehensive guide to the eight CISSP domains and includes illustrated examples, practical exercises and real-life scenarios.

How to buy it:


And remember, if you’re an (ISC)2 member, you’ll get 50% off Official (ISC)2 textbooks!


2. The NEW 2015 CISSP Exam. Brace Yourself (and prepare yourself)! Webcast with Dave miller

Dave Miller has been an IT security specialist since 1980, is a published author and lecturer. So it’s no surprise he’s been following the new CISSP CBK with interest.

His comprehensive webcast, originally hosted March 17th 2015, is now available for free online at Oreily.com. The 93 minute webcast covers an abundance of CISSP topics including:

  • A review of the 2012 CISSP certification exam
  • The new CISSP 2015 examination
  • CISSP certification requirements
  • New test-worthy topics
  • How to prepare for the new CBK and CISSP exam
  • Conclusion: Q&A

To watch the webcast, sign up here.


3. (ISC)2 Overview & Key areas of knowledge in the 8 new CISSP domains

(ISC)2 has released a candidate information bulletin in line with the new CISSP exam blueprint. This massive document includes overviews of each of the 8 brand new CISSP domains alongside the key areas of knowledge you’ll need to understand to pass your exam.

This resource is excellent for any professional who needs a quick refresher on what’s contained in the new CISSP domains.

However, don’t treat the information found here as replacements for experience or knowledge - (ISC)2 state that, “[The candidate information bulletins] were developed to provide candidates with basic information…the outlines are not intended to be in-depth reviews of the examination.”

Access the document here.


4. (ISC)2 sample exam questions

Also included in the (ISC)2 CISSP candidate bulletin are sample questions, aligned to the new exam blueprint. We’ve included them below:


1. Which one of the following is the MOST important security consideration when selecting a new computer facility?

a. Local law enforcement response times
b. Adjacent to competitors’ facilities
c. Aircraft flight paths
d. Utility infrastructure

2. Which one of the following describes a SYN flood attack?

a. Rapid transmission of Internet Relay Chat (IRC) messages
b. Creating a high number of half-open connections
c. Disabling the Domain Name Service (DNS) server
d. Excessive list linking of users and files

3. Which one of the following is a limitation of fuzzing, as it relates to secure software development best practice?

a. Access to the source code is required
b. Not all discovered issues are exploitable
c. Issues must be accessible through an open interface
d. Is not suitable where code development is outsourced

Find the answers on Page 33 of the CISSP candidate bulletin.


Got a burning CISSP question?

If you’ve got more questions, take a look at our CISSP FAQ covering the new exam blueprint.

And if you need to get certified with accelerated CISSP training, good news – Firebrand are the only authorised (ISC)2 partner in the UK and will be teaching the latest 2015 CISSP material from the 20th April 2015.


Related articles:



About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 31 October 2014

(ISC)2 CISSP – Official vs. Unofficial


By 


Unofficial training can often seem like a more viable alternative to its official counterpart. It may often be cheaper, but it’s a false economy – you might not be aware of all the benefits of official training.

How much better really is it to get your CISSP with an official (ISC)2 provider?

Instructors


With an authorised (ISC)2 training provider, you’ll be learning from official CISSP instructors, vetted and trained by (ISC)2 themselves.

Conversely, unauthorised instructors are not taught or trained to deliver official (ISC)2 material.  There’s no vetting process for unauthorised instructors, so you’ll be relying on your training providers opinion and this might not align with (ISC)2’s strict guidelines.


Course material


When going official you’ll get the latest (ISC)2 training materials.  When considering that the CISSP exam questions are entirely rewritten roughly every two months, possessing this up-to-date material is crucial.

(ISC)2 make sure their exams continually evolve and stay current with information security trends and practices.  Every CISSP exam even features a set of secret ‘dummy questions’ (questions which won’t count towards your final score but are used by (ISC)2 to gauge the suitability of new exam questions).

(ISC)2 are clearly committed to staying up-to-date. To beat the CISSP exam, you’ll have to as well. This means getting access to official (ISC)2 course material.

Use unofficial course material and you run the risk of studying a dated curriculum and obsolete materials. This is because unofficial courses simply don’t have access to the official material.


Practice exam papers


We’ve all taken advantage of practice exam papers as a brilliant method of revision. Nothing can beat the realism that a practice paper provides; knowing exactly what you’re up against can often mean the difference between a pass and a fail.

Going into an exam without having seen a past paper can be a gruelling experience. Luckily, authorised (ISC)2 training providers have access to official past papers.

Unfortunately, unauthorised training providers just don’t have access to these infinitely useful revision tools. Worst case scenario you’ll be working on questions which just aren’t aligned to the exam your about to take.


Taking the exam


Official (ISC)2 training providers are able to provide your exams onsite. That means you won’t have to spend £498 on the exam voucher and get yourself down to an exam centre.

Instead, you’ll just be sitting your exam in the same facility that you’re already studying in. As you might imagine, unofficial providers can’t offer the exam – you’ll have to make your own arrangements.


Bonus: Get CISSP certified with the only official (ISC)2 provider in the UK

Firebrand are immensely proud to be the only official (ISC)2 training provider in the UK. This CISSP course just doesn't compare. Here’s just how different it is:


You’ll get certified in only 7 days and still get more hours of learning than anywhere else

Firebrand’s official (ISC)CISSP Boot Camp is just 7 days. This includes taking and passing your CISSP exam as well as receiving your instant exam results at the training facility on the last day of the course.

You’re learning day will last from 9:00am to 9:00pm – that’s 12 hours of actual training each day. With the best similar training providers you’ll only be learning from 9:00am – 5:00pm.

On day 6 of our 7 day course, you’ll get an entire 12 hour exam preparation day. During this day your (ISC)authorised instructor will explain the methods and techniques you need to know to pass your exam.

No distractions

You’ll be better prepared to achieve first-time success when you can focus entirely on achieving your CISSP for seven entire days. And once your exam is completed on your last day, your objective is complete, in no time at all.

You’ll essentially be putting a ‘Do Not Disturb’ sign up on the door to your life. So far Firebrand has trained over 55,000 students in this total-immersion and distraction free environment.

And…

That’s not to mention that other training courses don’t provide accommodation, an exam voucher or even exam delivery.

Find out more about Firebrand’s unique CISSP course on the Firebrand website.

Related articles:

-          How to become a CISSP
About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Thursday, 3 July 2014

Succeed in the CISSP exam with these 4 tips

CISSP is a global standard, widely recognized as the information and cybersecurity benchmark certification. It’s an advanced cert that demonstrates a wealth of IT security knowledge and experience.  As a result, typical salaries have risen to upwards of £55,000 in the UK.

Cybersecurity professionals have never been in greater demand. What’s more, Sebastien Cobut, vice president of IT recruitment specialist Volt states that, ‘internal statistics suggest a continuing increase in both demand and pay rates for IT security professionals, across both UK and continental operations.’



'A day in the life of a CISSP certified professional'

Whilst the CISSP-certified are in demand, as you might imagine, it’s not an easy qualification to achieve.  You’ll need 5 years of paid information security experience (or 4 years with a degree) to take the mammoth 6 hour exam.  For an information security professional, preparation for the CISSP exam has been likened to that of a runner preparing for his first marathon.

Like any advanced qualification, it can be achieved if you’re committed - here are 4 tips to help those preparing or thinking about going for a CISSP cert.

1. Prepare to pass

Before you embark on your training course, it will be worth your time to evaluate your existing knowledge in line with the CISSP CBK (common body of knowledge). You might find that your idea of the domains differs to their actual definitions and this could seriously misinform what you study.

Sort and rank domains according to your knowledge level and from there, assign a hierarchy based upon how familiar you are with them. This will allow you to allocate your time smartly and ensure you don’t neglect any of the domains. 

Commitment is the key to passing your CISSP
Image courtesy of imelechon / morgueFile
2. Don’t waste time; start studying now

Yes, it’s an obvious one, but it can’t be stressed enough. The CISSP cert demonstrates you have a wealth of knowledge across a lot of different information security topics. Even if you’re already an expert in the majority of the domains, there will likely be some you will have to learn from scratch.

3. Choose good study materials

CISSP’s All-in-one Exam Guide 6th Edition comes highly recommended. It’s a great preparation tool that covers all 10 CISSP exam domains.  Familiarise yourself with these domains before the commencement of your training course and you’ll be well positioned to pass the exam.

The official study guide comes courtesy of (ISC)2 and is recognised as one of the best tools for studying the CISSP exam. Try to select a variety of study materials and make sure they are up-to-date. Don’t just settle on one guide either, try to experience a few different guide and handbooks.  

Study forums can be a great asset to anyone studying the CISSP, especially if you don’t personally know anyone else studying for the CISSP exam. If you ever need to ask a very specific question, or simply want to speak to people revising for the same exam as you, these forums can prove invaluable. Try and regularly browse these IT forums, the more involved you can get, the more you’ll learn. It’ll help you stay motivated to be metaphorically around people in the same position as you.

4. Minimise stress

Completing an important exam is stressful, especially if its 6 hours long. It’s important not to get flustered. Don’t let your hard work be hindered by any stress you feel. If you studied well and have some good experience, it should all come naturally.

Concluding thoughts

If you’re not the kind of learner that can shut themselves away for hours on end, there is a better alternative. Study CISSP at Firebrand and you’ll get certified in just 7 days on an all-inclusive course. You could begin looking for a senior role in IT security within a week with our unique accelerated training.