Transcript HIPAA Implementation Strategies: Under the covers of the

What is CISSP Anyway?
A Presentation by:
George L. McMullin II, CISSP
COO, CorpNet Security, Inc.
Executive Director, NEbraskaCERT
Where we’re headed today
• A little history
• A little certification
• And a little more
The Certification Movement
• Security organizations already exist pre-’88
• Special Interest Group for Computer Security (SIG-CS) of the
Data Processing Management Association (DPMA) - Nov ‘88
• Volunteers from several organizations began a joint effort to
forge a certification program
–
–
–
–
–
–
SIG-CS of the DPMA
Information Systems Security Association (ISSA)
Computer Security Institute (CSI)
Canadian Information Processing Society (CIPS)
Several agencies of the U.S. and Canadian governments
Idaho State University
Certification Realized
• International Information Systems Security
Certification Consortium (ISC)² established mid’89
– nonprofit corporation
– develop a certification program for information
systems security practitioners
– certification body, not a membership organization
(ISC)²
• Code of Ethics established
– Canons
•
•
•
•
Protect society, the commonwealth, and the infrastructure
Act honorably, honestly, justly, responsibly, and legally
Provide diligent and competent service to principals
Advance and protect the profession
(ISC)²
• Certification for Information Systems Security Professionals
(CISSP)
– Ten “Common Body of Knowledge” (CBK) areas defined
•
•
•
•
•
•
•
•
•
Access Control Systems and Methodology
Telecommunications and Network Security
Security Management Practices
Applications and System Development Security
Cryptography
Security Architecture and Models
Operations Security
Business Continuity Planning and Disaster Recovery Planning
Law, Investigations and Ethics
CISSP
• Certification for Information Systems Security Professionals
(CISSP)
– Examination
• Prerequisites:
– Subscribe to code of ethics
– Have 3 years direct work experience in one of 10 areas of CBK
• $450 fee
• 6 hours
• 250 multiple-choice questions
– Recertification
• Annual fee of $85
• Abide by code of ethics
• Earn 120 Continuing Professional Education (CPE) credits every 3 years
CISSP
• Preparation
– (ISC)² CBK review seminars
• Four days - $1550 (w/ exam add $275)
• Eight days - $2800 (w/ exam add $275)
– NEbraskaCERT CISSP Exam Preparation Course
• Ten weeks - $1495 (discounts available)
– Self study
Coming Certification . . .
• Systems Security Certified Practitioner (SSCP)
– Aimed at network and systems security administrators
– Multiple examinations
• Core examination - multiple choice
• Optional specialty exams specific to technologies - scenario based
• Seven areas of CBK
–
–
–
–
–
–
–
Access controls
Administration
Audit and monitoring
Risk, response and recovery
Cryptography
Data communications
Malicious code
Contacting George
• NEbraskaCERT
– [email protected]
• CorpNet Security
– [email protected]
• Cell phone
– (402) 968-6830