Steven Hernandez CISSP - Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press)

Foreword to CISSP CBK Study Guide - Third Edition

We are living in an advanced cyber era, with every aspect of our lives, from medical records to bank transactions, now being transmitted online. The plethora of data and information flooding cyber space is overwhelming and there simply arent enough qualified information security professionals to protect it all.

(ISC)2 s mission is to support and provide members and constituents with credentials, resources, and leadership to secure information and deliver value to society. The not-for-profit, vendor-neutral organization was founded by a group of passionate volunteers in 1989 who wanted to create an information security industry standard for professionals. Their initial concept for industry excellence came to fruition with the creation of the Certified Information Systems Security Professional (CISSP) credential. It was the first technology-related credential to be accredited by the International Organization for Standardizations (ISO) ISO/IEC Standard 17024, a global benchmark for the certification of personnel.

The CISSP continues to be recognized as the industrys Gold Standard. The true differentiator is the organizations stringent membership requirements passing the examination, possessing the required number of years of in depth experience in at least 2 of the domains, being endorsed by another (ISC)2 member in good standing, abiding by a Code of Ethics, and maintaining quality continuing professional education (CPE) credits.

The CISSP is not only recognized throughout the industry, its also highly regarded by governments, academia, human resources, and business entities around the world. In fact, the CISSP has become a job requirement and/or candidate differentiator for information security management positions.

The ten domains of the CISSP CBK comprehensively encompass the core competencies that an experienced information security professional should possess. The latest security topics such as cloud computing, mobile security, application security, and more are regularly integrated into the examination through a rigorous process of evaluation and updates. We require our members to obtain the industrys latest knowledge and skills, and we reinforce that sentiment through our own examination process.

83% of (ISC) members are employed in a wide variety of technically diverse professions and 17% are employed in governance and policy making roles.

The Official (ISC)2 Guide to the CISSP CBK is the only study tool that delves into all of the topics and subtopics contained in the CISSP CBK. The authors and editor of this new, comprehensive edition have provided an extensive supplement to the CBK review seminars that are designed to help candidates study for the CISSP credential.

Earning the CISSP is a major highlight in an information security professionals career path. (ISC)2 s elite network of professionals enjoy benefits such as: complimentary access to (ISC)2 s one-day conferences and networking receptions in cities around the world; discounts at industry conferences; access to a Career Center with current job listings; subscription to (ISC)2 s digital magazine InfoSecurity Professional; a dedicated member services staff to address your questions and issues; and much more.

You will also be a member of a highly respected organization that is dedicated to reaching society and shaping the industry at large through community goodwill programs such as Safe and Secure Online, academic scholarships for students, and cutting-edge research under the (ISC)2 Foundation.

We wish you success in your journey to becoming a CISSP.

W. Hord Tipton

International Information System Security Certification Consortium, Inc.

The Certified Information Systems Security Professional (CISSP) is an information assurance professional who has demonstrated a cross-disciplinary expertise ranging from architecture, design, management, risk and controls that assure the security of business environments. There are two main requirements that must be met in order to achieve the status of CISSP; one must take and pass the certification exam, and be able to demonstrate a minimum of 5 years of direct full-time security work experience in two or more of the 10 domains of the (ISC) CISSP CBK. A firm understanding of what the 10 domains of the CISSP CBK are, and how they relate to the landscape of business is a vital element in successfully being able to meet both requirements and claim the CISSP credential. The mapping of the 10 domains of the CISSP CBK to the job responsibilities of the Information Security professional in todays world can take many paths, based on a variety of factors such as industry vertical, regulatory oversight and compliance, geography, as well as public versus private versus military as the overarching framework for employment in the first place. In addition, considerations such as cultural practices and differences in language and meaning can also play a substantive role in the interpretation of what aspects of the CBK will mean, and how they will be implemented in any given workplace.

It is not the purpose of this book to attempt to address all of these issues or provide a definitive proscription as to what is the path forward in all areas. Rather, it is to provide the official guide to the CISSP CBK, and in so doing, to lay out the information necessary to understand what the CBK is, and how it is used to build the foundation for the CISSP and its role in business today. To that end, it is important to begin any journey with a sense of place, specifically where you are, and where you want to end up; and as a result, what tools you will need to have in order to make the journey comfortable and successful. The most important tool that the intrepid traveler can have at their disposal is a compass, that trusty device that always allows one to understand in what direction they are heading, and get their bearings when necessary. The compass of the Information Security professional is their knowledge, experience, and understanding of the world around them. The thing that is amazing about a compass is that no matter where you stand on Earth, you can hold one in your hand and it will point toward the North Pole. While we do not need to know where the North Pole always is in Information Security, as a CISSP, you are expected to be able to provide guidance and direction to the businesses and users that you are responsible for. Being able to map the CISSP CBK to your knowledge, experience, and understanding is the way that you will be able to provide that guidance, and to translate the CBK into actionable and tangible elements for both the business and its users that you represent.