APM Welcome, APM North West Network Conference, Synergies Across Sectors
Become CISSP Certified
1. ASM EDUCATIONAL CENTER INC. (ASM)
WHERE TRAINING, TECHNOLOGY & SERVICE CONVERGE
WWW.ASMED.COM
BECOME CISSP CERTIFIED?
2. BECOME CISSP CERTIFIED?
The road to CISSPdom!
Requirements
Thorough Preparations
Examination – 250 Questions for 6 hours -Approximately 70% of people pass
Get Certified – Needs a sponsor
Maintain Certification – 120 CPE credits, etc.
Other Security Certifications – i.e. CISM, CISA, GIAC, CPP, CAP, CIPP, ITIL, Security+, etc.
3. THE CISSP EXAM
The CISSP exam requires the student to apply knowledge and make a best judgment; unlike other multiple choice
exams that ask for simple, factual information.
The CISSP exam covers a broad set of material, often in greater depth than other certification exams.
However, with careful preparation, one can pass the CISSP exam at first attempt.
4. GO BEYOND CISSP?
“SKY IS THE LIMIT”
The ISSEP, ISSAP, ISSMP Concentration Examinations:
ISSEP – Info Systems Security Engineering Professional
ISSAP - Info Systems Security Architecture Professional
ISSMP - Info Systems Security Management Professional
5. THE OLD 10 DOMAINS
Access Control
Telecommunications & Network Security
Information Security Governance & Risk Management
Software Development Security
Cryptography
Security Architecture & Design
Operations Security
Business Continuity & Disaster Recovery Planning
Legal, Regulations, Investigations, & Compliance
Physical & Environmental Security
6. THE NEW 8 DOMAINS
As of April 15, 2015:
Security & Risk Management
Asset Security
Security Engineering
Communications & Network Security
Identity & Access Management
Security Assessment & Testing
Security Operations
Security in the Software Development Life Cycle
7. FUNDAMENTAL SECURITY PRINCIPLES
Least Privilege
Grant users access to what they need to perform their daily job, and nothing more.
Separation of Duties
A security principle that ensures that no single user has excessive privileges to enable him/her to have full control over a
Violation of this principle will enable such user to compromise systems easily.
Due Diligence
Investigative steps taken by management, all in an effort to protect the assets of the organization.
Due Care
Exercising a “prudent man’s judgment” to protect an organization’s assets.
Failure to exercise due care leads to legal liabilities that may be civil, criminal, or both.
Single Point of Failure
The old proverbial “putting all your eggs into one basket”.
8. FUNDAMENTAL SECURITY PRINCIPLES
Defense in-Depth
A security strategy that employs several layers of protective mechanisms.
Primary benefit is the failure of one control will be compensated by other controls.
AAA of Security
Authentication – proving who you say you are
Authorization – accessing which resources you have privileges to
Accountability – accounting for your behavior while you are logically into a system.
Nonrepudiation
This concept in security ensures that a party cannot deny or repudiate an action already taken.