|
|
CISSP考试介绍
CISSP考试介绍
什么是CISSP?
CISSP是Certification for Information System Security Professional(认证的信息系统安全专家)的缩写,一种反映信息系统安全从业人员水平的证书。CISSP考试由International Information Systems Security Certification Consortium(国际信息系统安全认证协会)--(ISC)2组织与管理。
为什么要成为CISSP?
CISSP认证可以帮助企业与组织发现技术人才;获得CISSP认证可以证明你是有相当的知识水平与经验能力的安全专家,并且关注于安全技术的最新动态。作为业内人士技术能力的证明,CISSP得到广泛的认可,目前许多组织都在寻找安全专业人员,拥有CISSP证书将具有非常大的优势。目前全世界获得CISSP证书的人员不超过3000人,平均初始年薪为7.5万美金,若同时具有Cisco, Microsoft的证书,那么结合你的经验与职务责任,初始年薪在9.5-12.5万美金之间。但没有任何组织要求一定有该证书。
(ISC)2的历史
(ISC)2成立于1989年中期,作为一个独立的、非盈利的组织,他的目标为发展与管理一个信息安全管理人员认证管理组织,总部设立在北美,其认证很快得到国际的认可。从1992年起,(ISC)2进行CISSP认证考试。更多的信息可以通过www.isc2.org了解。
CISSP申请的要求
遵守(ISC)2的规章制度;
在信息系统安全CBK(Common Body of Knowledge)规定的10个考试领域中的一个或多个中工作3年以上;你可以是信息安全相关领域的从业者、审计员、咨询者、客户、投资商或教师,要求你在工作中直接应用信息系统安全知识。3年的实际工作,可以是累加的。
每3年需要重新认证,需要你在3年内获得120个Continuing Professional Education (CPE)信用分。
.
Cissp Exam overview:
What does the CISSP examination consist of?
The CISSP exam is a 250 question English language examination. Two hundred and twenty-five of the questions are scored. The remaining twenty-five are unscored pre-tested questions. Candidates are given 6 hours to complete the exam although most complete it in about 4 hours.
Are there different versions for each country?
No, the test is based on Internationally accepted information security standards and practices. There are no country specific questions or language. The same English language version is given throughout the world.
What do the questions cover?
Examination questions cover all ten domains in the Common Body of Knowledge (CBK). Questions are "scrambled" on the examination, they are not presented in domain order. The domains are:
1. Access Control Systems and Methodology
2. Telecommunications and Networking Security
3. Security Management Practices
4. Application and Systems Development Security
5. Cryptography
6. Security Architecture and Models
7. Operations Security
8. Business Continuity and Disaster Recovery Planning
9. Law, Investigation and Ethics
10. Physical Security
Are the pre-test questions identified?
No. They are scrambled into the examination along with the scored items.
What type of questions are there?
All test questions are multiple choice with four possible answers. They are designed to test a candidate's knowledge of information security facts and concepts and their application.
How hard is the examination?
The examination tests the expected knowledge a 3-5 year practitioner should have. It is designed to test for the minimum level of competency acceptable for someone to be certified as an information systems security professional. A knowledgeable candidate should not find the examination difficult.
If the examination isn't particularly difficult, why don't more people pass it?
What makes the examination difficult is the expansive knowledge base it covers. It's difficult to develop expertise in all ten domains.
Are the questions in the Study Guide really representative of examination questions?
The study guide questions are good examples of the format and type of questions you would see on the exam but are not necessarily representative of the difficulty.
Which domains are the hardest?
The domains that are not commonly used in every day security management such as cryptography, system architecture, and physical security usually score the lowest.
How current is the examination?
Each year between 100 and 150 new questions are added to the question pool, many are based on new security technologies. You can expect to find questions on current technologies, practices and standards.
Are there questions on NT or UNIX?
The CISSP examination is not vendor or commercial product specific. There are questions on the security models and methodologies used by these systems but only security products that are commonly used and freely available (i.e., SATAN) are acceptable for examination questions.
What's the passing score?
There is no fixed passing score for the examination. The cut score for each examination is calculated by equating the scoring values associated with each question. Passing rates estimated to be in the 70% to 80% range. Less than 8% of those tested achieve scores higher than 85%.
How detailed are the questions, what depth of knowledge is being tested?
The CISSP examination is designed to evaluate the ability of a security manager, engineer or architect to properly evaluate, select, deploy and assess security measures. A candidate should have a detailed enough knowledge of security designs, measures, vulnerabilities, etc. to successfully accomplish these tasks.
Term for certification
CIA = Certified Internal Auditor
CISSP = Certified Information Systems Security Professional
CBA = Certified Bank Auditor
CISA = Certified Information Systems Auditor
CCP = Certified Computing Professional
SSCP = Systems Security Certified Practitioner
CPIM = Certified in Production and Inventory Management
资料提供:Robin 咨询:Robin@shtel.net.cn |
|
楼主: 降龙十八掌
IP卡
狗仔卡
发表于 2002-8-7 17:00
显身卡
楼主
