Options

Question if I can get the CISSP Certification

rohit10rohit10 Member Posts: 41 ■■□□□□□□□□
in SSCP
Hey everyone. Currently, I have a CISA and just passed the CRISC. I am working in internal audit for a company where I also help out in IT auditing. I have been doing this for about 3 years now and I want to move more towards the IT side of things. I was planning on taking the CISSP, but, I don't think 5 years of IT audit would suffice for the experience requirement, I just wanted to check with you guys. Also, I don't have an CISSP's at work that I work directly with, so it may even be hard to get my application signed. Just looking for general advice if I should try to get in to a IT role now and then do the CISSP once I am positive I meet the requirements to get certified or take it now and try to find someone with a CISSP to sign off.
· Share on FacebookShare on Twitter

Comments

  • Options
    mstd0nmstd0n Member Posts: 63 ■■□□□□□□□□
    Just for clarification why do you need someone from within your company to "sign off" on you getting a CISSP?
    · Share on FacebookShare on Twitter
  • Options
    cyberguyprcyberguypr Mod Posts: 6,928 Mod
    I think he means the endorsement. OP, you can have ISC2 endorse you:

    "If you do not know an (ISC)² certified professional in good standing, (ISC)² can act as an endorser for you. In this case, please download and submit the Applicant Endorsement Assistance Form for the credential you are pursuing."
    · Share on FacebookShare on Twitter
  • Options
    rohit10rohit10 Member Posts: 41 ■■□□□□□□□□
    cyberguypr wrote: »
    I think he means the endorsement. OP, you can have ISC2 endorse you:

    "If you do not know an (ISC)² certified professional in good standing, (ISC)² can act as an endorser for you. In this case, please download and submit the Applicant Endorsement Assistance Form for the credential you are pursuing."
    Awesome, thanks for that, yea I meant the endorsement.
    · Share on FacebookShare on Twitter
  • Options
    bpennbpenn Member Posts: 499
    Your CISA will waive one year of experience and then you need 4 years of experience in at least 2 of the 8 domains:

    Security and Risk Management (Security, Risk, Compliance,
    Law, Regulations, and Business Continuity)
    • Confidentiality, integrity, and availability concepts
    • Security governance principles
    • Compliance
    • Legal and regulatory issues
    • Professional ethic
    • Security policies, standards, procedures and guidelines

    Asset Security (Protecting Security of Assets)
    • Information and asset classification
    • Ownership (e.g. data owners, system owners)
    • Protect privacy
    • Appropriate retention
    • Data security controls
    • Handling requirements (e.g. markings, labels, storage)

    Security Engineering (Engineering and Management of
    Security)
    • Engineering processes using secure design principles
    • Security models fundamental concepts
    • Security evaluation models
    • Security capabilities of information systems
    • Security architectures, designs, and solution elements vulnerabilities
    • Web-based systems vulnerabilities
    • Mobile systems vulnerabilities
    • Embedded devices and cyber-physical systems vulnerabilities
    • Cryptography
    • Site and facility design secure principles
    • Physical security
    Communication and Network Security (Designing and
    Protecting Network Security)
    • Secure network architecture design (e.g. IP & non-IP protocols,
      segmentation)
    • Secure network components
    • Secure communication channels
    • Network attacks
    Identity and Access Management (Controlling Access and
    Managing Identity)
    • Physical and logical assets control
    • Identification and authentication of people and devices
    • Identity as a service (e.g. cloud identity)
    • Third-party identity services(e.g. on-premise)
    • Access control attacks
    • Identity and access provisioning lifecycle (e.g. provisioning
      review)
    Security Assessment and Testing (Designing, Performing, and
    Analyzing Security Testing)
    • Assessment and test strategies
    • Security process data (e.g. management and operational controls)
    • Security control testing
    • Test outputs (e.g. automated, manual)
    • Security architectures vulnerabilities
    Security Operations (Foundational Concepts, Investigations,
    Incident Management, and Disaster Recovery)
    • Investigations support and requirements
    • Logging and monitoring activities
    • Provisioning of resources
    • Foundational security operations concepts
    • Resource protection techniques
    • Incident management
    • Preventative measures
    • Patch and vulnerability management
    • Change management processes
    • Recovery strategies
    • Disaster recovery processes and plans
    • Business continuity planning and exercises
    • Physical security
    • Personnel safety concerns

    Software Development Security (Understanding, Applying, and
    Enforcing Software Security)
    • Security in the software development lifecycle
    • Development environment security controls
    • Software security effectiveness
    • Acquired software security impact
    "If your dreams dont scare you - they ain't big enough" - Life of Dillon
    · Share on FacebookShare on Twitter
Sign In or Register to comment.