“Our network could get denial-of-service attack because someone wanted to crash our system or make it perform so poorly and become unusable. Hackers may also want to install Trojan or a root kit through the attack. When a denial-of-service attack is identified, the first thing I would do is to reboot the system. In general I would also need to reprogram the switches and routers in order to drop the offending traffic. I would implement certain security features provided by the vendors to within the system to protect the network from this type of attack. With a Windows server system for example, I can invoke IPSec policies that allow me to limit or forbid traffic from certain hosts.”

CISSP Certification can enhance a professional’s career and provide added IS credibility. Obtaining CISSP certification is a matter of both personal and professional commitment, and on-going dedication to excellence in the information security [IS] industry. Since there is a growing demand on security professionals, there are many reasons to achieve a CISSP certification:

- Become an expert in the hottest field in IT industry.
- Enhance your knowledge of security concepts and practices.
- Increase you marketability and competitive advantage.
- Secure your current job by offering security expertise.
- Increase salary in current job or in new opportunities.

CISSP Exam

The CISSP Certification examination consists of 250 multiple-choice questions. Candidates have up to 6 hours to complete the examination. Ten CISSP information systems security test domains are covered in the examination pertaining to the Common Body of Knowledge (CBK):

Access Control Systems & Methodology
Controlling access to critical system resources that require protection from unauthorized modificaton or disclosure. Topics include two factor authenticaiton, single sign-on, biometrics, etc.

Applications & Systems Development
The integration and unity of the controls within the application design, databse security models, implementation of multi-level security.

Business Continuity Planning
Planning issues used to address catastrophic system failure, natural disasters, and other severe network service interruptions.

Cryptography
Mathematics, techniques, and infrastructure required to provide confidentiality, data integrity, non-repudiation, and other cryptographic functions.

Law, Investigation & Ethics
Legal issues surrounding computer security. Topics include computer forensics, chain of evidence, computer surveillance, privacy, anonymity, netiquette.

Operations Security
Protection issues that occur during the operation of the networked systems. Covers Java and mobile code security issurs, hacker threats, penetration testing.

Physical Security
The real world security issues that sites must address to be secure. Topics includes facility issues, fences, guards, lighting, etc.

Security Architecture & Models
Topics concerning desktop and network security issues. Covers desktop security policies, physical security of desktop and laptop systems, desktop and network data backup security issues, viruses, secure remote access.

Security Management Practices
People and organization issues. Security awareness, enterprise security architecture, risk assessment.

Telecommunications, Network & Internet Security
Communications protocols, network services, and their vulnerabilities. Covers firewalls perimeter security, extranet access control, Internet based attack, application layer, network layer, and transport layer security, security of communication protocols.

To qualify to take the CISSP exam, you must have three years of direct work experience in one or more of the ten domains that make up the CBK.

The CISSP exam is made up of 250 multiple-choice questions and you are given up to six hours to complete it. Each question has four choices with only one right answer.

Recertification is also required every 3 years, with on-going requirements for maintaining your credentials in good standing.

The exam registration fee is $450.

Resources

(ISC)2 and CISSP’s offical home page

https://www.isc2.org/

CISSP and SSCP open study guides website

http://www.cccure.org/

The web portal for CISSP

http://www.cissps.com/

Computer Security Instutite CISSP page

http://www.gocsi.com/cissp.htm

Boson’s Practice Tests for CISSP exams

http://www.boson.com/tests/secure.htm

Yahoo! Groups HIPAA-CISSP

http://groups.yahoo.com/group/HIPAA-CISSP/

Due to all these sweeping changes we experienced in recent years, we are all sure that security will stay as the No.1 priority in IT system implementation, and the demand for security professionals will never die. Security is definitely the growth sector of the day. Thus, the security career track can be a highly remunerative direction.

Because Cisco dominates the network kingdom, anything related to network, such as security, can be influenced by Cisco in a big way. For an individual professional planning career on security field, Cisco security technology is the right choice.

Here’s is a common rule in IT career, – what ever you do, get certified. If you decide to put your career on focus of Cisco security, obtain Cisco security certifications. Cisco certification provides professional-level recognition in designing and implementing Cisco security solutions.

Cisco created this career path through the security certification program because the demand is high and Cisco has a great interest in securing the networks of their clients. With Cisco ranking among the top certification paths for great salaries and job stability, having the security path as part of your resume may prove to be one of the best decisions any IT professional could ever make.

To approach this path, you can check out Cisco certification’s requirements and find out what knowledge and skills are needed to work on the job, and then, do whatever you can to get these knowledge and skills as effectively as possible. Your goal is not only getting the certification credential, but also obtain the real skills. You can reach both goals by self-study, through training, and on-job practicing.

Cisco’s professional-level certifications provide a clear career path in the IT security market. They offer IT professionals the knowledge, skills, and credentials necessary for designing and implementing end-to-end security solutions. Cisco certification program offers one flagship certification and three focused certifications in the security track:

Cisco Certified Security Professional (CCSP)

Cisco Firewall Specialist

Cisco VPN Specialist and

Cisco IDS Specialist

The security certifications meet heightened customer and channel partner demand for knowledgeable network professionals who can design, build, and implement security solutions that include Cisco Secure networks. They are also part of Cisco’s security strategy to embed security throughout the network, making it a transparent, scalable, and manageable aspect of any business infrastructure.

The Cisco Certified Security Professional certification (CCSP) prepares an individual for a career in the IT security market. This certification provides network professionals with professional level recognition in designing and implementing Cisco secure networks. CCSP covers key areas of network security, including identity, firewalls, VPNs, intrusion-prevention systems and security management. CCSP certification is valid for three years.

CCSP recognizes the increased importance placed on today’s IT professionals who are responsible for developing business solutions and integrating security devices with the underlying network architectures. CCSP holders are actively involved in developing business solutions and designing and delivering multiple levels of security departments.

As a CCSP you will understand major networking protocols, procedures and how to integrate security devices with the underlying network. By obtaining all the knowledge and skills required for CCSP certification, you should be fully prepared to design and implement fully secure networks that will thoroughly protect any organization’s IT infrastructure.

The three focused certifications concentrate on the needs of individuals who want to pursue skills in specific areas of network security. These certifications enable individuals to achieve the highest level of technical knowledge and expertise in Cisco specific security technologies and solutions including intrusion detection, firewall and VPN. The focused certifications are valid for two years.

Cisco security professionals are required to demonstrate sound fundamental knowledge and skills on network systems. In fact, in order to obtain these certifications, you must have a valid CCNA (Cisco Certified Network Associate) first in addition to taking and passing the corresponding exams.

In the workplace, you as a Cisco security professional are actively involved in designing comprehensive security solutions for businesses of all sizes. You must demonstrate your ability to secure a network using Cisco IOS Software, ACS, Cisco PIX Firewalls, the Cisco VPN 3000 Series Concentrator, IDS technologies and CiscoWorks VMS. You must be flexible to work within various environments, including IT department, enterprise security, or simply as a consultant.

Primary Responsibilities

• 1) Assess risk, evaluate security , identify vulnerabilities and corrective actions, and review for compliance with security policies and practices.
• 2) Assist in monitoring and maintaining network and/or host intrusion detection systems, and participate as needed in security event response processes.
• 3) Review and approve firewall, VPN and other security changes.
• 4) Participate in the selection and implementation of technologies and security solutions.
• 5) Coordinate/oversee third party security reviews, penetration testing, and consulting projects as necessary.

Required General Skills

• 1) Excellent verbal and written communication skills, including technical/non-technical communication, documentation and presentations.
• 2) Ability to assess risk and provide innovative solutions balancing security and business requirements.
• 3) Strong planning, organization and time management skills with the ability to handle multiple projects without direct supervision.
• 4) Ability to work independently, to follow a work plan, meet project milestones, and interact with various levels of management.
• 5) Energetic team player with strong initiative, team orientation, and excellent problem solving skills.

General Qualifications

Degree Preference: Bachelor’s or greater degree preferred, emphasis in Information Systems/Computer Science.
Certification Requirement: Network or security -related certifications a plus (ex., CISSP, etc.).

Responsibilities:

• Oversee a network of security directors and vendors who safeguard the company’s assets, intellectual property and computer systems, as well as the physical safety of employees and visitors.
• Identify protection goals, objectives and metrics consistent with corporate strategic plan.
• Manage the development and implementation of global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security. Physical protection responsibilities will include asset protection, workplace violence prevention, access control systems, video surveillance, and more. Information protection responsibilities will include network security architecture, network access and monitoring policies, employee education and awareness, and more.
• Maintain relationships with local, state and federal law enforcement and other related government agencies.
• Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.
• Work with outside consultants as appropriate for independent security audits.

Qualifications:

• Must be an intelligent, articulate and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff.
• Should have experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation.
• Must have strong working knowledge of pertinent law and the law enforcement community.
• Must have a solid understanding of information technology and information security.

More about CSO