CISSP For Dummies. Peter H. Gregory
Читать онлайн книгу.(RIMS):
www.rims.org
Society of Information Risk Analysts (SIRA): www.societyinforisk.org
The Institute of Internal Auditors (IIA): www.theiia.org
International Association of Privacy Professionals (IAPP): https://iapp.org
Disaster Recovery Institute International (DRII): https://drii.org
Computer Technology Investigators Network (CTIN): www.ctin.org
Local security groups provide excellent opportunities to find peers in other organizations and discover more about your profession. Many people find that the contacts they make as part of their involvement with local security organizations can be especially valuable when they’re looking for new career opportunities.
You certainly can find many more security organizations with local chapters beyond the ones we include in the preceding list. Ask your colleagues and others about security organizations and clubs in your community.
Spreading the Good Word about CISSP Certification
As popular as the CISSP certification is, some people still don’t know about it, and many who may have heard of it don’t understand what it’s all about. Tell people about your CISSP certification, and explain the certification process to your peers. Here are some facts that you can share with anyone and everyone you meet:
The CISSP certification started in 1994.
CISSP is the top-tier information security professional certification.
More than 142,000 security professionals in more than 170 countries have the CISSP certification.
CISSP was the first credential accredited by the ANSI (American National Standards Institute) to ISO (International Organization for Standardization) Standard 17024.
The average CISSP salary is $131,030 (U.S.).
The organization that manages the CISSP certification has other certifications for professionals who specialize in various fields of information security. The organization also promotes information security awareness through education programs and events.
Promote the fact that you’re certified. How can you promote it? After earning your CISSP, you can simply put the letters CISSP after your name on your business cards, stationery, email signature, résumé, blog, and website. While you’re at it, put the CISSP logo or your digital badge on there, too (and be sure to abide by any established terms of use).
Leading by example
Like it or not, security professionals, particularly those with the CISSP certification, are role models for those around them. From a security perspective, whatever we do — along with how we do it — is viewed as the standard for correct behavior.
Using Your CISSP Certification to Be an Agent of Change
As a certified security professional, you’re an agent of change in your organization: The state of threats and regulations is ever-changing, and you must respond by ensuring that your employer’s environment and policies continue to defend your employer’s assets against harm. Here are some of the essential principles for being a successful change agent:
Identify and promote only essential changes.
Promote only those changes that have a chance to succeed.
Anticipate sources of resistance.
Distinguish resistance from well-founded criticism.
Involve all affected parties the right way.
Don’t promise what you can’t deliver.
Use sponsors, partners, and collaborators as co-agents of change.
Change metrics and rewards to support the changing world.
Provide training.
Celebrate all successes.
Earning Other Certifications
In business and technology, no one’s career stays in one place. You’re continuously growing and changing, and ever-changing technology also influences organizations and your role within them.
You shouldn’t consider your quest for certifications to be finished when you earn your CISSP — even if it is the highest-level information security certification out there! Security is a journey, and your CISSP certification isn’t the goal, but a (major) milestone along the way. CISSP should be part of your security lifestyle.
Other (ISC)2 certifications
(ISC)2 has several other certifications, including some that you may aspire to earn after (or instead of) receiving your CISSP. These certifications are
Associate of (ISC)2: If you can pass the CISSP or SSCP certification exams but don’t yet possess the required professional experience, you can become an Associate of (ISC)2. Read about this option on the (ISC)2 website.
CCSP (Certified Cloud Security Professional): This certification on cloud controls and security practices was co-developed by (ISC)2 and the Cloud Security Alliance.
SSCP (Systems Security Certified Practitioner): This certification is for hands-on security techs and analysts. SSCP has had a reputation for being a “junior” CISSP certification, but don’t be fooled — it’s anything but that. SSCP is highly technical, more so than CISSP. For some people, SSCP may be a stepping stone to CISSP, but for others, it’s a great destination all its own.
CSSLP (Certified Secure Software Lifecycle Professional): Designed for software development professionals, the CSSLP recognizes software development in which security is part of the software requirements, design, and testing so that the finished product has security designed and built in, rather than added afterward.
HCISPP (HealthCare Information Security and Privacy Practitioner): Designed for information security in the healthcare industry,