CISSP Introduction

CISSP Training
Certified Information System Security Professional
2016

CISSP Training Course Introduction


Introductions



(ISC)2 and the CISSP



Course Objectives



Course Schedule



(ISC)2 Certifications



Study Tips



References and Resources
CISSP Introduction

©2015 Conquest Security, Inc.

2

1


CISSP Introduction

Adrian Mikeliunas, Instructor






Certified Information System Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
30+ Years IT Experience
Certified Linux Professional (LPI)
Open Source Evangelist!


www.conquestsecurity.com


CISSP Introduction

3

(ISC)2 and the CISSP
 The International Information Systems Security
Certification Consortium
•

•

•

Founded in 1989, (ISC)² issues Security Certifications &
vendor-neutral education products in more than 160
countries
CISSP and SSCP meet the stringent requirements of
ANSI/ISO/IEC Standard 17024, a global benchmark for
assessing and certifying personnel
International, not-for-profit leader in educating and
certifying cyber, information, software and infrastructure
security professionals

CISSP Introduction

©2015 Conquest Security, Inc.

4

2



CISSP Introduction

(ISC)2 and the CISSP
•
•

Systems Security Certified Practitioner (SSCP)
Certified Information Systems Security Professional
(CISSP)
− Information Systems Security Architecture Professional (ISSAP)
− Information Systems Security Management Professional (ISMP)
− Information Systems Security Engineering Professional (ISSEP)

•
•

Certification and Accreditation Professional (CAP)
Certified Secure Software Lifecycle Professional (CSSLP)

•
•
•

Certified Cyber Forensics Professional (CCFP)
HealthCare Information Security & Privacy Practitioner HCISPP
Certified Cloud Security Professional (CCSP)

CISSP Introduction


5

Why Become a CISSP
 Demonstrates a working knowledge of
information security
 Confirms commitment to profession
 Offers a career differentiator, with enhanced
credibility and marketability
• Extra Compensation $$$

 Provides access to valuable resources, such as
peer networking and idea exchange
CISSP Introduction

©2015 Conquest Security, Inc.

6

3


CISSP Introduction

Why Become a CISSP
 “The CISSP has emerged as one of the most
prominent vendor-neutral certifications.”
 “The CISSP provides a holistic approach to security,
viewing it as a process, not a product.”
 “At a basic minimum, an organization should have a

CISSP on staff.”
 ISO/IEC Standard 17024 accredited
•
•

DoD Directive 8570 Requirement
/>CISSP Introduction

7

Course Objectives
 At the end of this course students will:
• Be Familiar with the (ISC)2 Common Body of
Knowledge (CBK) including common terms,
principles, lists, categories, mechanisms, etc.
• Be familiar with the CISSP exam process
• Be able to develop a study plan for taking and
passing the exam.
CISSP Introduction

©2015 Conquest Security, Inc.

8

4


CISSP Introduction

Course Objectives

 THIS COURSE IS NOT:
•

Security Engineering 101
− Not a basic course
− Knowledge is assumed

•

Advanced Security Course
− Coverage of material is broad and not-in-depth

•

Everything you need to pass the CISSP
− This course is a part of the strategy to pass the exam
− Home Study, Understanding Key Concepts,
and Memorization is required.
CISSP Introduction

9

8 Domains
 Security and Risk Management
 Asset Security

~1 domain per day…

 Security Engineering
 Communication and Network Security

 Identity and Access Management
 Security Assessment and Testing
 Security Operations
 Software Development Security
CISSP Introduction

©2015 Conquest Security, Inc.

10

5


CISSP Introduction

Exam Preparation Plan
 Take the Pre-Course Assessment Exam in 60
minutes
 Plan on a minimum of 8 weeks to prepare for the
Exam, more depending on your level of
proficiency

 Each week:
•
•
•

2 chapters or 1 domain per day
Practice Exam Questions
www.cccure.org questions

CISSP Introduction

11

CISSP Requirements
 /> Required Experience
•

5 Year of full time paid work experience in 2 or
more of the 8 CBK domains
−

Or 4 years experience plus a college degree

 Pass the Exam
•
•

Pass the CISSP exam with a scaled score of 700 points
or greater
Create an Account and Schedule your Exam
−

/>
CISSP Introduction

©2015 Conquest Security, Inc.

12


6


CISSP Introduction

Associate of (ISC)2
 Can pass the CISSP examination, but lack
the years of practical work experience
• Must also subscribe to the (ISC)² Code of
Ethics and maintain their status in good
standing with (ISC)²
• After successfully passing the exam and
achieving the professional experience
requirements, Associate of (ISC)² status
can be converted to CISSP

CISSP Introduction

13

CISSP Exam


Computer Based, Taken at Pearson’s Centers

•
•
•
•
•

•
•
•
•
•

Pay $599 USD
250 Total Questions, 225 are scored
25 are research questions
Drawn from a pool of 10,000 questions
Questions from all 10 domains of the CBK
Multiple Choice, 4 choices
Pass/Fail, 700 Points or greater
6 Hours
Closed Book
Results are sent via email within 2-6 weeks
CISSP Introduction

©2015 Conquest Security, Inc.

14

7


CISSP Introduction

After Passing the Exam
•


Subscribe to the ISC2 Code of Ethics

•

Submit a properly completed and executed Endorsement
Form
−
−

Signed by an active CISSP who has review your qualifications
Must be submitted within 9 months of passing the exam

•

Successfully pass an audit of their assertions regarding
professional experience, if the candidate is selected for
audit

•

Maintain your CISSP Certification

CISSP Introduction

15

Continuing Professional Education (CPE)
 120 CPE credits every 3 years or retesting is required
to maintain the CISSP




•
•
•
•
•
•
•
•
•
•
20

Attending educational courses or seminars
Attending security conferences
Member of an association / attending meetings
Listening to vendor presentations
Completing university/college courses
Providing security training
Publishing security articles or books
Serving on industry boards
Self-study
volunteer work, (ISC)² volunteer committees
CPEs must be posted during each calendar year!

 Yearly Fee of $85
CISSP Introduction

©2015 Conquest Security, Inc.


16

8


CISSP Introduction

2015 CBK: What’s New: Topics






3rd Party Risk Management
BYOD Risks (Bring Your Own Devices)
IoT(Internet of Things)
Software Defined Networks
Cloud Identity Services (OAuth 2.0)

About+ 4%

CISSP Introduction

17

New Test Question Formats
 Majority: Multiple Choice, 4 candidate
answers, you select one correct one,

occasionally more than one correct answer!
 New Questions:
• Scenario
• Drag and Drop
• Hot Box

CISSP Introduction

©2015 Conquest Security, Inc.

18

9


CISSP Introduction

Scenario Questions
 Description:
• Situational: 1-2 paragraphs describing an
environment, results of an audit, etc.
• 3-5 questions on the scenario

 Tactics:
• Read the question first [to understand!]
• Consider “operational” issues (tradeoffs)

CISSP Introduction

19


Drag and Drop
Which algorithms below are examples of
symmetric cryptography?
Advanced Encryption
Standard
Rivest Shamir
Adlemann
Diffie Hellman
El Gamal
Data Encryption
Standard

©2015 Conquest Security, Inc.

CISSP Introduction

20

10


CISSP Introduction

Hot Spot
The diagram below is a design of a Public Key
Infrastructure to secure internet transactions. Within
the design is a Certificate Authority, a Registration
Authority, and a Validation Authority.
Click on the location of the registration authority.


CISSP Introduction

21

Resources
 ISC2: www.isc2.org
 Online Resources & Practice Exams www.cccure.org
 NIST Computer Security Resource Center

 Shon Harris audio libraries & practice tests for EACH
[old 10] Domains:
/>
CISSP Introduction

©2015 Conquest Security, Inc.

22

11


CISSP Introduction

Books
 Sybex CISSP 2015
/>
 ISC2 Official CISSP
/>
CISSP Introduction


23

CISSP Introduction

24

Questions?

©2015 Conquest Security, Inc.

12