The new requirements include the following components:

* The minimum professional experience requirement for CISSP certification will be 5 years of work experience in two or more of the 10 domains of the CISSP CBK, or four years of work experience with an applicable college degree or a credential from the (ISC)2-approved list. The current requirements for the CISSP call for four years of work experience in one or more of the 10 domains of the CISSP CBK, or three years of experience with an applicable college degree or a credential from the (ISC)2-approved list.

* Candidates for any (ISC)2 credential will be required to obtain an endorsement of their candidature exclusively from an (ISC)2-certified professional in good standing. The professional endorsing the candidate can hold any (ISC)2 certification – CISSP, SSCP or CAP. Currently, candidates can be endorsed by an officer from the candidate’s organization if no CISSP endorsement can be obtained. The board believes that only an (ISC)2-credentialed professional bound by its Code of Ethics should provide a candidate endorsement.

CISSP is added the Department of Defense Directive 8750.

In August of 2004, the U.S. Department of Defense recognized Directive 8570.1, which involves that every full- and part-time military service member, defense contractor, civilian and foreign employee with privileged access to a DoD system, regardless of job series or work-related area of expertise, to get a viable certification record that has been recognized by the American National Standards Institute (ANSI) by January 1, 2010 in order to maintain his or her job.

Government agencies know that their best line of defense for securing and protecting their vital information and information systems is a well-trained and aware user. That’s why DoD Directive 8570.1 was put into place. This enterprise-wide consent requires that any personnel conducting Information Assurance (IA) functions be trained and certified in a commercial certification on the concepts, principles, and applications to enhance protection of the Department of Defense’s (DoD) information, information systems, and networks.

Department of Defense Directive 8570 (DoD 8570) provides guidance and procedures for the training, certification, and management of all government employees who conduct Information Assurance functions in assigned duty positions. These individuals are required to carry an approved certification for their particular job classification. GIAC certifications are among those required for Technical, Management, CND, and IASAE classifications.

In the next post I will discuss about the levels and posts associated with the CISSP cert exam.

CISSP concentrations are fresh new air flowing around. This exam creating fuzz everywhere even into US Army.

This time i will focus on ISSMP i.e. Information Systems Security Management Professional. This concentration requires that a candidate demonstrate two years of professional experience in the area of management, considering it on a larger enterprise-wide security model. This concentration contains deeper managerial elements such as project management, risk management, setting up and delivering a security awareness program, and managing a Business Continuity Planning program. A CISSP-ISSMP establishes, presents, and governs information security policies and procedures that are supportive to overall business goals, rather than a drain on resources. Typically the CISSP-ISSMP certification holder or candidate will be responsible for constructing the framework of the information security department and define the means of supporting the group internally.

CISSP-ISSMP professionals have a far more well-rounded and complete comprehension of
information security than other popular management credentials.

Domains of ISSMP:

• Security Management Practices
• Systems Development Security
• Security Compliance Management
• Understand Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
• Law, Investigation, Forensics and Ethics

CISSP concentrations are fresh new air flowing around. This exam creating fuzz everywhere even into US Army.

This time i will focus on ISSAP i.e. Information Systems Security Architecture Professional. This concentration requires a candidate to demonstrate two years of professional experience in the area of architecture and is an appropriate credential for Chief Security Architects and Analysts who may typically work as independent consultants or in similar capacities. The architect plays a key role within the information security department with responsibilities that functionally fit between the C-suite and upper managerial level and the implementation of the security program. He/she would generally develop, design, or analyze the overall security plan. Although this role may typically be tied closely to technology this is not necessarily the case, and is fundamentally the consultative and analytical process of information security.

Recognition for Advanced Expertise in Information Security Engineering
ISSEP: Information Systems Security Engineering Professional is a new part of the ISC2 CISSP concentration cert. This concentration was developed in combination with the U.S. National Security Agency (NSA) to provide tools for any systems security engineering professional. CISSP-ISSEP is the guide for incorporating security into projects, applications, business processes, and all information systems. Security professionals are hungry for workable methodologies and best practices that can be used to integrate security into all facets of business operations. The four major domains of the CBK covered by CISSP-ISSEP certification are:

• Certification and Accreditation
• Systems Security Engineering
• Technical Management
• U.S. Government Information Assurance (IA) Regulations

How many of CISSP credential holders think that we came up here by studying vast domain on security? Atleast I am. I always think that does it really matter to companies of different field that I am CISSP certified. That make me very specific with my skills.

Fortunately, ISC2 came up with excellent answer. CISSP-CONCENTRATION. They quoted “After the original conception of the CISSP, and the continuous evolution of information security, (ISC)² discovered a need to develop credentials which address the specific needs of our members. With this in mind.” ISC2 developed CISSP Concentrations in the functional areas of:

• Architecture (ISSAP)
• Engineering (ISSEP)
• Management (ISSMP)

CISSP-concentration prove the long awaited proven expertise credentials in specific domain of CISSP certificate holders.

I am sure most of CISSPians out there waiting for this opportunity.

Click here for more information

WHOIS is a famous protocol chiefly used for database query to determine the information of Internet resources like domain name, IP address, or any autonomous address. WHOIS lookup is basically performed with command user interface. Many web-based tools are available to perform WHOIS query. This service is usually communicated using the Transmission Control Protocol (TCP). Server listens to the request on the port number 43. The WHOIS system is originally developed for the system administrator to acquire contact information for different IP address or domain name administrators. Now a days WHOIS lookup query evolved into various different important aspects, including:

• It helps in determining the registration status of domain names.
• WHOIS also helps in law enforcement by various authorities in investigations for enforcing national and international laws.Specialized non-governmental bodies may be involved in this work of law enforement using this database query service.
• WHOIS lookup also help businesses, organizations and users in fighting fraud, complying with relevant laws and safeguarding the interests of the public properties.

I was surfing for the same topic and finally I found something very relevent to this topic. So I thought all my readers should also read this. Article on Footprinting on uCertify.com.

Is CISSP certification is easy?

This is pretty controversial topic, some people think that it is easy but most of the people find it real hard. You should have experience of at least 3 years in IT security before you apply for the exam. You are required to come up with an extremely wide area of IT security such as physical security, very few people will have any experience in. And you will be expected to do enough reading and studying to get through CISSP certification exam: 250 questions to be answered in 6 hours. Hard to keep upwith much fun.

Get certified, sit back and enjoy.

The answer is big NO. After you pass the exam you are expected to earn CPE credits in order to keep your certification active. If you don’t then you are required to resit the exam after 3 years to keep the certification. Getting CPEs is fairly straightforward: if you publish papers, attend seminars, do some presentations, and basically remain active in the IT security arena then you should have no problem here. But it takes a little work: this isn’t a get-it and forget-it sort of certification.

You will get more money/better job/more recognition.

In actual fact, you probably won’t. I have found that many employers and even employment agencies have no idea what a CISSP is. They tend to think in terms of the product-certifications; you know, the Cisco CCNA and Checkpoint CCSE sort of thing. They have no idea that you need 3 years of experience to get a CISSP, and they have no idea that it is an ongoing professional-level certification like a CPA (Chartered Accountant). Ergo, you probably won’t get a better job or more money from waving your CISSP certificate around.

So, why would you want a CISSP? Its not easy to get, it takes maintenance, and may not gain you much. Why would you want to go through all that hassle? Here’s some good reasons:

1. To expand your knowledge in security concepts and practices.
2. To show a dedication to the security discipline.
3. To meet a growing demand for security professionals, and to work in a thriving field.
4. To join a professional organisation and to link up with like-minded individuals.

If you’re genuinely interested in IT security (cryptography, practices, ethics, etc), and you feel you need a driver to learn more then the CISSP is for you. Book the exam, then start learning as much as possible. On the other hand, if you just want a better job/more money then get an MCSE or CCNA

Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the not-for-profit International Information Systems Security Certification Consortium, commonly known as (ISC)2. In June, 2004, the CISSP was the first information security credential accredited by ANSI ISO/IEC Standard 17024:2003 accreditation, and, as such, has led industry acceptance of this global standard and its stringent requirements.It is formally approved by the U.S. Department of Defense (DoD) in both their Information Assurance Technical (IAT) and Managerial (IAM) categories. The CISSP has been adopted as a baseline for the U.S. National Security Agency’s ISSEP program. (ISC)2 promotes the CISSP certification as the “international gold standard” against which other security certifications are measured.

IT professionals with security expertise are often in high demand, and the CISSP is one metric by which that expertise can be demonstrated. A 2006 Certification Magazine salary survey also ranked the CISSP credential highly at $94,070 per year, and ranked CISSP concentration certifications as the top best paid credentials in IT, with CISSP-ISSAPs averaging at $114,210 per year and CISSP-ISSMP at $111,280 per year. These numbers correlate with compensation advantages enjoyed by IT security professionals in general, as well as with advantages accruing to the seniority and management roles that intersect with the concentration certificates.

International Information Systems Security Certification Consortium, Inc., abbreviated (ISC)², creates the Certified Information System Security Professional (CISSP) course. It ranked highly as the important Security course and certification available in the market today. Holder of CISSP certificate have one of the highest package of all IT certifications exam. CISSP course and exam focuses on real-life situations and the parameters of the IT and security market. A candidate with CISSP certification is likely to have a job that deals with the security issues to the management, instead of finding and fixing problems on there own, CISSP certificate holders manages a team as a leader instead of be a part of one.