A career in information security domain could begin with an experience in servers, testing or networks. On the other hand, acquiring a certification would mean sifting through those available at various institutions to find out what fits you. CISSP security certification is considered to be a high end certification, as it is backed by International Information Systems Security Certification Consortium (ISC)² and focuses on the technology in information security. "CISSP
preparation covers the entire IT curriculum. Now, the advantage of preparing for CISSP is that it offers an understanding into all subjects, which are broad in nature," says Sunil Varkey, the vice president of global security assessment & remediation at Barclays Technology Centre.
The first step of CISSP preparation is to understand the 10 domains that it covers. These domains include Access Control, Application Development Security,Business Continuity and Disaster Recovery Planning, Cryptography,
Information Security Governance and Risk Management, Legal,Regulations, Investigation and Compliance, Operations Security,Physical (Environmental) Security, Security Architecture and Design, aswell as Telecommunications and Network Security. Now let's look at what it takes to start off your CISSP preparation process.
As part of the CISSP preparation process, you have to fulfill the following requirements:
- You should hold a minimum of five years of full time security work experience in two or more information security domains covered under the CISSP security certification program. One year of the five will be waived if the candidate has a four-year college degree or a Master's degree in information security or any other certification.
- Qualifications must be attested by another CISSP certified professional.
Life beyond CISSP Now, are there any other options instead of CISSP that you can look at for equivalent career opportunities? "Equivalent to CISSP certification, you have the Certified Information Security Manager (CISM) certification, which is information security management and IT governance," says Pawan Kumar Singh, the chief information security officer of Tulip Telecom Limited.
Although the above mentioned certification courses are overseen from USA, they are offered in India - including training and examinations. "Other security certifications that you can prepare for include Certified Ethical Hacker (CEH), a certification sponsored by the International Council of E-Commerce Consultants (EC-Council)," says Pushpa Redkar, the head of business development for MIEL e-Security's education division.
- Answer four queries regarding background and criminal history (if any).
- Pass the CISSP security certification exam with 700 points or more. The exam has multiple questions, and the candidate is required to answer 250 questions in six hours.
Candidates with less than five years experience can get an Associate of (ISC)² designation by passing the CISSP security certification exam. This part of CISSP preparation is valid for six years, during which he is required to earn experience and submit the attested copy for a CISSP certification. Once experience is gained, the Associate certification will turn into a CISSP security certification status.
Examinations are held in India by organizations representing the (ISC)². In India, players like MIEL Security and NSS are active in offering CISSP preparation courses. "CISSP All-in-One Exam Guide by Shon Harris, Official (ISC)²; Guide to the CISSP CBK by Harold F. Tipton and The CISSP Prep Guide by Ronald L. Krutz are some of the books that you can refer to for CISSP preparation," says Varkey.
Other courses much in demand include CISSP with Cisco Certified Network Associate (CCNA), CISM, CISSP, project management professional (PMP)with CCNA, PRISM with CCNA and CISSP with Cisco Certified Internetwork Expert (CCIE). According to industry sources, currently CISSP with Cisco Certified Internetwork Expert (CCIE) certification offers excellent prospects.