(ISC)2

(ISC)2

(ISC)2 is the International Information Systems Security Certification Consortium, Inc. This organization was originally formed to collect and define a common body of knowledge (CBK) for the information security (IS) community internationally. The (ISC)2 works to keep that information relevant to the requirements of the international IS community by regularly updating and verifying the CBK contents. The CBK consists of the general information that defines or explains the areas of concentration in a very broad sense, rather than being a repository of specific information that might be studied in preparation for an examination. Instead of specific technical information that would be found in a vendor-specific or task-specific exam, this information forms the guidelines for study. The CBK has been defined and grouped in a total of 10 domains, or areas of knowledge, that contain the information that is relevant to the IS professional.

(ISC)2 is the governing organization that has developed the SSCP and CISSP certifications and examinations. This effort was undertaken in response to industry demand and concerns that a measurable benchmark was needed to assure the competency of the individuals participating in the defense of information systems.

This book and its contents have been written by a talented, experienced team of professionals who have had experience in each of the domains that are covered in the SSCP exam. Although no individual resource can provide 100 percent coverage of each domain, we believe that this study guide and your study and knowledge of the information it contains will lead to your success in taking the test.

Systems Security Certified Practitioner

The first of two certification tracks that are offered by (ISC)2 is the Systems Security Certified Practitioner (SSCP) certification. The SSCP examination contains content that originates in seven domains that have been identified by (ISC)2 as areas of concentration. We'll be looking at each of these domains and how they are derived, as well as the distinct requirements and knowledge areas within those domains, as we progress through the chapters that follow:

  • Access Controls

  • Administration

  • Audit and Monitoring

  • Risk, Response, and Recovery

  • Cryptography

  • Data Communications

  • Malicious Code/Malware

The certification is aimed at security professionals who have direct work experience in two or more of the domains that total at least one year of actual work performed. This time may include systems administration, teaching, consulting, or other disciplines, but it must be security-related work time. It is reflective of actual time worked, and the time is cumulative, so it may be compiled over a longer period of time than a calendar year. Candidates for the certification must have accumulated one year of direct experience in one of the domains.

Note 

The certification itself requires one year of experience in two domains. This requirement means that you may study for and attempt the examination with a lower level of experience, but you will have to attain the certification experience level and attest to your compliance with that requirement before you receive the certification.

(ISC)2 also requires that candidates and certified individuals accept the (ISC)2 code of ethics. The code of ethics contains four sections, which (ISC)2 defines as canons. The code of ethics canons are:

  • Protect society, the commonwealth, and the infrastructure.

  • Act honorably, honestly, justly, responsibly, and legally.

  • Provide diligent and competent service to principals.

  • Advance and protect the profession.

These definitions, by nature, are very broad in scope. The code of ethics defines a level of correct and proper action that you should be (and very probably are) following as you pursue a career in IS. The four canons remind us that we are required in our profession to be above reproach as much as is possible in a human environment. We must promote protection of information, truthfulness, and public trust in information and information systems, and we must treat clients and the public fairly and within the laws of the commonwealth in which we serve. Additionally, we must educate and promote these ideas throughout the environment in which we operate. You can view this information in its entirety at www.isc2.org/cgi-bin/content.cgi?category=12.

Successful candidates are additionally required to participate in continuing education and accumulate continuing education credits. Credential renewal can be attained through this process over a three-year period or by retaking the certification exam every three years. Specific information about examination schedules, costs, and updates of requirements can be found on the (ISC)2 site at www.isc2.org.

Certified Information Systems Security Professional

The Certified Information Systems Security Professional (CISSP) certification is designed to measure management-level skills and expertise in areas of policy and overall system design rather than the more technical skills that are measured in the SSCP examination. The CISSP exam includes more comprehensive knowledge and experience requirements than does the SSCP examination.

As we mentioned earlier, (ISC)2 has identified a total of 10 domains that have relevance to the CISSP credential. The CISSP credential also requires a more verifiable amount of time working directly with computer and network security, as well as testing the candidate's ability to design and implement a security defense plan. As announced on the (ISC)2 site, the requirements for candidates testing after January 1, 2003, have changed. The new requirements include a minimum experience requirement for certification of four years, or three years with a college degree or equivalent life experience. Further information about the new requirements can be found the (ISC)2 site at www.isc2.org. If you are interested in pursuing this certification in the future, you'll be involved in an in-depth study to gain knowledge of the following 10 domains:

  • Access Control Systems and Methodology

  • Telecommunications and Network Security

  • Security Management Practices

  • Applications and Systems Development Security

  • Cryptography

  • Security Architecture and Models

  • Operations Security

  • Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)

  • Law, Investigations, and Ethics

  • Physical Security

Many of the 10 domains in the CBK appear to contain information presented in the seven domains for the SSCP examination. However, they are discussed in more depth and with a different overall focus than are the domains for the SSCP examination.

Exam Warning 

In the next sections, we begin to describe the content areas of the examination. You will undoubtedly find some new terminology and references with which you are not familiar. Throughout this book, we try to expose you to terminology and definitions that are used in the examination process. Be sure to note terms with which you are not familiar and learn their usages in the various contexts we examine.



SSCP Systems Security Certified Practitioner Study Guide
SSCP Study Guide and DVD Training System
ISBN: 1931836809
EAN: 2147483647
Year: 2003
Pages: 135

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net