Questions tagged [cissp]

CISSP is an abreviation for Certified Information Systems Security Professional. It is a certification offered by the International Information Systems Security Certification Consortium, AKA: (ISC)^2.

The CISSP is a widely recognized certification in the IT Security industry. Its requirements include:

Five years of security experience in relevant job roles.
- One year may be waived for having a four-year college degree, MS in information security, or certain other certifications.
- Candidates who do not meet this requirement may be certified as an "Associate of (ISC)²" for until they obtain the experience, up to six years.
Acceptance of CISSP Code of Ethics.
Potential audit of qualifications.
Completion of an exam, with an acceptable score.
Endorsement by a member of (ISC)² who is in good standing.

44 questions

vote

0 answers

What are the similarities and differences between CISSP CBK, ISO/IEC, and the NIST NICE Framework?

There are a ton of different information security/cyber security frameworks but I was wondering if someone can give a quick rundown of some major similarities and differences. It'll really help me decide which one I want to really focus on/start…

iso27001 nist cissp

asked Oct 08 '17 at 19:31

Keith Axelrod

vote

2 answers

What's a practical example of a Trusted Computing Base?

I'm studying for the CISSP exam and trying to wrap my mind around the concept of a Trusted Computing Base. Can someone provide a practical example? The recurring definition I see is that it's a "combination of hardware, software, and controls that…

cissp

asked Apr 26 '17 at 13:54

Mike B

3,336
4
29
39

vote

0 answers

What's a practical example of "declassification"?

I'm studying for the CISSP exam and trying to wrap my mind around the term "declassification". Can someone provide a practical example? I get that declassification is necessary once "an asset no longer warrants or needs the protection of its…

cissp

asked Apr 18 '17 at 14:04

Mike B

3,336
4
29
39

vote

1 answer

The benefits of CISSP Training for a Java developer

I am currently a Java developer and content with what I make. My company currently offers a 7 Day CISSP training and I am not sure, whether to take this training. What benefits can I benefit by taking this training or it would be just a time…

java cissp

asked Oct 10 '16 at 08:11

Ad Infinitum

votes

1 answer

Is there a great cheap or free site for the CISSP exam?

CCCure is not free and many others that are recommended on the site are not free....any suggestions?

cissp

asked Feb 11 '15 at 19:19

Dizzy

votes

2 answers

Is there a "classic" information security textbook?

Much in the same way compilers has the dragon book, algorithms has the Cormen, and graphics has Foley & van Dam I am wondering what the book on computer security is. Not the "best" book, or the most practical, or the "hacking handbook", but the…

professional-education cissp

asked Jun 20 '14 at 08:20

ash

votes

2 answers

Is CISSP suitable for a Java architect?

I am a tech lead developing web (Java/JEE) and mobile applications (Android) for the past 12 years (mobile in last year though). I am somehow interested in IT security. Is it worth taking CISSP or CISA certification and enter into Security stream?…

programming cissp

asked Nov 25 '13 at 16:11

Rao

votes

0 answers

Product evaluation model and certification/accreditation

I'm studying for CISSP exam and some topics are really tricky for me. One of those is the product evaluation model which is described in several standards (the most recent one is the Common Criteria). Later in the same chapter the definition of…

cissp common-criteria

asked Jul 20 '22 at 06:34

Ana Maria

votes

2 answers

How Anomaly Analysis is differentiating from Heuristic analysis

Taking a look at the discription of both kinds, orientation seems the same. while it isn't the same I can't figure the difference. In a Heuristic scan it looks for suspicious or malicious behaviors in a file, Anomaly analysis looks for anomalies in…

cissp

asked Apr 01 '20 at 15:39

inter

votes

1 answer

security related certificate

I work in cyber security r&d for several years. Meanwhile, I have obtained a CEH (Certified Ethical Hacker) certificate and a CISSP certificate. I wish to move to security industry instead of r&d environment as my next step plan. Thus, what kind of…

cissp

asked Sep 05 '18 at 01:52

TJCLK

votes

1 answer

Clarification on "data hiding" and how it applies to hardware?

I'm studying for the CISSP exam and one of the practice questions in my study guide has me a bit confused. The question is: Which of the following is NOT considered an example of data hiding? A. Preventing an authorized reader of an object from…

cissp

asked Apr 19 '17 at 13:38

Mike B

3,336
4
29
39

votes

3 answers

What's the appropriate term for the digest output of various integrity hash and HMAC functions?

I've heard conflicting statements from various CISSP instructors, so I'd like some "real world" perspectives: What is the appropriate terminology for the digest output of the following algorithms: MD5 SHA-1, SHA-256, SHA-x Some folks say that it's…

hash terminology cissp

asked Apr 13 '17 at 12:15

Mike B

3,336
4
29
39

votes

1 answer

Why don't terminal IDs prevent unauthorized entery?

I'm studying for CISSP and had gotten this question wrong. I also found it and the correct answer online, but still don't understand the reasoning. Source Which of the following controls is not appropriate to prevent unauthorized people from…

physical cissp

asked Apr 12 '16 at 02:51

Celeritas

10,039
22
77
144

-1

votes

2 answers

What is the ideal and realistic(affordable) career path to a Cyber Security expert?

I'm a graduating university student taking up BS Computer Science with a specialization in Network Engineering, so I'm currently immersed in CCNA and am about to take the cert exam this month. I've decided to focus my career in Cyber Security. I've…

career cisco cissp

asked Dec 05 '16 at 14:10

Growing Cyber Soldier

Prev 1 2