Training Toolkit

Vendor-neutral security certification update

Beth Blakely Tech Republic

Published: 04 Apr 2003 13:33 BST

In a recent edition of "IT Certification Corner," guest columnist Molly Joss said that certifications are essential for all IT security staffers. Joss offered links to information about several security certification options, including the programmes offered by the International Information Systems Security Certification Consortium (ISC)2. The nonprofit organisation offers two certification programmes: the Certified Information Systems Security Professional (CISSP) and the Systems Security Certified Practitioner (SSCP).

TechRepublic members responded with recommended resources for preparing for the CISSP exam. Here's a rundown of their CISSP suggestions, as well as details about another vendor-neutral certification option.

More about the CISSP
In "CISSP tests more than systems security expertise", TechRepublic columnist Erik Eckel presented an overview of the CISSP exam's 10 IT security subjects, which (ISC)² refers to as test domains. He also shared a list of test domains encompassed by the 125 multiple-choice questions on the SSCP exam. TechRepublic's subscription site, TechProGuild, offers a more in-depth look at the 10 test domains on the CISSP exam.

Resources from TechRepublic members
TechRepublic member vraptorz suggested that pros working toward their CISSP should sign up for the CISSP and SSCP Open Study Guides Announce List. Messages posted to the group advise cert seekers of new study guides, links and other developments.

Certified CISSP MadMark prepared for his exam by using the list, along with "two years reading, proposing policy changes, configuring tech, security project management, a self-paced exam simulator, and a three-day course from (ISC)2." In a discussion on TechRepublic, he shared links to the simulator he used and recommended a book, "Information Security Management Handbook, Vol. 4".

Additional study materials
Members will find further tips and materials for study at CISSP.com, which was created by Andrew A. Afifi to promote the certification. For example, the site lists the following free books that may help cert seekers prepare for the exam:

The GIAC alternative
Joss' article didn't mention the vendor-neutral Global Information Assurance Certification (GIAC) series offered by The SANS (SysAdmin, Audit, Network, Security) Institute. However, TechRepublic members chimed in to remind others of its offerings. Hellbee said she believes GIAC is a more relevant option because she's heard that the CISSP is dated. "The infosec guys I know feel more confident in the GIAC series, which are more technical, focused certs," she said.

GIAC currently offers the following individual certificate programmes:

Candidates for GIAC certification must complete a research paper and pass either one or two exams, depending on the certification track. Although candidates don't have to earn GIAC certifications in any particular order, the organisation recommends that you master security fundamentals before moving on to more advanced topics.

TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. TechRepublic offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to email to fire walls, TechRepublic offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.

For all job and work-related news, or to search for a job and get information on training, go to ZDNet Jobs.

Let the editors know what you think in the Mailroom.