<
p class=””>The focus of CISSP is purely Information Security. Having said that, its a very big field. CISSP’s reputation as a certification is for being ‘a mile wide and an inch deep’. In fact it’s so wide that rather like the Great Wall of China, you can probably see it from space.
That, and not technical depth, is what makes it hard. That’s a limitation too – CISSP means you understand something, but not that you know how to do it. And that does make sense, because it is extremely wide and you can’t possibly be an expert in everything.
However, it is not an auditor-specific qualification so it is complementary to CISA rather than an alternative to it. It’s a demanding, well thought out, and well manged certification that commands considerable respect, in some quarters more so than CISA and CISM (though I’m not sure that’s fair), and much as with these others if you see it as a learning experience rather than a rubber stamp, you’ll get a huge amount out of it.
How can I obtain a CISSP qualification?
You need to pass an exam and evidence 5 years of relevant experience, then get an endorsement. Sounds straightforward? Perhaps, but the exam is a six-hour marathon consisting of a vast array of intentionally confusing questions covering everything from the obvious to the extremely obscure. The field is covers – review the CBK or ‘common body of knowledge’ maintained by ISC2 – is vast and detailed.
There are lots of reasons not to do this exam. You can study for ages, but not know whether you know enough to pass. You can know everything, but not like their take on multiple choice questions – or you can just be a but too slow. For some the biggest reason not to do it is the sheer length of the exam, for others the breadth of the syllabus. A few have complained that food and water was not available – I’m told this is better now. For others still, it’s the fact that good people do fail.
ISC2 really should look at splitting the syllabus into several shorter hour exams to do it justice. But all in it is a good test.
Once you’ve done it you haven’t proved your a good IT auditor or Information Security practitioner, but you’ve proved you know your st
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.