CISSP (Certified Information System Security Professional) is a certification in the field of information system security, which is independently issued by (ISC) ² aka International Information Systems Security Certification Consortium. The purpose of independence here is that certification does not depend on specific vendors such as Microsoft, Cisco, Oracle, and so on.
The need for professionals in the field of information systems continues to increase. Of course, the company wants to find competent professionals. One of the things that makes it easy for companies to find competent professionals is with their certificates. Because CISSP is a certification in the field of information systems security, it is certain that the owner of this certification deserves to be looked at. Besides CISSP, there are several certifications in the field of other information systems such as CISA, CISM, and CEH. In this article, I will only discuss CISSP.
Many companies from digital industrial sectors starting to look deeper into CISSP. Start from giant-sized company to startup level company competing to improve their level of security. Online Gambling industry also does its best to recruit experts from this very field. SBOBET and MAXBET, 2 giant-sized online gambling companies, also start moving since the earlier month of this year, offering a very huge sum of salary. Both companies are running in Southeast Asia and reign as the King and Queen in Asian Gambling Industry, none can tell which one is what.
Extensive and in-depth knowledge in many fields of information security is needed because CISSP is intended to be in the position of middle management, which requires it to work with Top Management, Users, to IT Engineers, each of which has different perspectives, approaches and “languages.” In addition, information security cannot be seen only from the point of view of a particular domain.
To get CISSP must master ten security domains known as the Common Body of Knowledge (CBK), which consists of:
- Physical (Environmental) Security
- Information Security and Risk Management
- Application Security
- Security Architecture and Design
- Cryptography
- Access Control
- Telecommunications and Network Security
- Operations Security
- Legal, Regulations, Compliance and Investigations
- Business Continuity and Disaster Recovery Planning
Wow, that’s quite a lot, but by searching for tutorials and ebooks about CISSP or maybe by taking part in training, I’m sure it’s not difficult for colleagues who are serious about learning them. Just for your information, the CISSP exam consists of 250 questions in 6 hours.
Participants who took the CISSP exam were very diverse. Most came from the Banking & Finance industry and also from Telco. The background is from the network security path, usually purely pursuing a career in the security field, and some from the audit path is more into IT audit/governance.
What are the prospects for the CISSP?
The need for CISSP is quite large. At least if you look at the fact, the number of examinees is only 10% of CISA exam participants. Maybe CISA is more needed because it is related to regulations, but the need for security professionals is greater than IT audit/governance.
Well, maybe that’s what I can say at a glance about CISSP. If explained in detail, it could be a book. In another article, I will try to explain about CISSP exam materials, who knows there are colleagues who are interested in studying and taking the CISSP exam.