Penetration Testing mailing list archives

RE: Re: CISSP

From: "Clement Dupuis" <cdupuis () cccure org>
Date: Tue, 5 Dec 2006 18:09:38 -0500

http://www.securityfocus.com/news/301  

This topic was discussed at great length on the official CISSP forum as
well.

Now back to the serious stuff...

Clement


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Bruno Cesar Moreira de Souza
Sent: Tuesday, December 05, 2006 5:53 AM
To: pen-test () securityfocus com
Subject: Re: Re: CISSP

What source says that a 11 years old boy got CISSP? I
think this is only a rumour.

<https://www.isc2.org/cgi-bin/content.cgi?category=1187>:
"Applicants must have a minimum of four years of
direct full-time security professional work experience
in one or more of the ten domains of the (ISC)² CISSP®
CBK®. "

The CISSP is not a proof that you are specialist in a
specific security field (for example, penetration
test), but can demonstrate that you have the broad
expected knowledge for a information security
professional in all the 10 information security
domains: Access Control - Application Security -
Business Continuity and Disaster Recovery Planning -
Criptography - Information Security and Risk
Management - Legal, Regulations, Compliance and
Investigations - Operations Security - Physical
(Enviromental) Security - Security Architecture and
Design - Telecomunications and Network Security.

For demonstrate expertise in a specific field, I
agree, you have to look for another certification. I
believe that the certifications offered by SANS are
very good. 

But, ISC2 also offer another certifications for
demonstrate deeper knowledge in specific domains:

"For experienced information security professionals
with an (ISC)² credential in good standing, (ISC)²
Concentrations demonstrate their acquired rigorous
knowledge of select CBK® domains. Passing a
concentration examination demonstrates proven
capabilities and subject-matter expertise beyond that
required for the CISSP or SSCP credentials. 

CISSP Concentrations
Current Concentrations for CISSPs include the: 

ISSAP®, Concentration in Architecture  

ISSEP®, Concentration in Engineering  

ISSMP®, Concentration in Management  
"
(https://www.isc2.org/cgi-bin/content.cgi?category=99)

You have to be a CISSP, before trying get one of
these.


Best Regards,

Bruno Cesar M. de Souza


--- dfullerton () mantor org escreveu:

Then I wonder if this certification should really
have this kind of notoriety. Looks like it's not
technical and if an 11 years old boy can complete
this cert ...it's not about security management
experience either.

Anyone can give me some good reason to acquire CISSP
while not being related to money and the wannabe
marketing-made notoriety?

Personally I done GCIH and GHTQ, the latest is
harder and really related to penetration testing. I
would like some GOOD reason for someone in the
security field for a while and having others, more
in deep, technical certification to go on with
CISSP.

Should we glorify such things? Tell me more about
the exam, the topics are quite general and may not
be totally in line with the exam and the real
knowledge being certified.

Danny Fullerton
---------------
IT Security Specialist, GCIH GHTQ
http://www.mantor.org/~northox
Mantor Organization

------------------------------------------------------------------------

This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download
Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
0008bOW

------------------------------------------------------------------------




        



        
                
_______________________________________________________ 
Você quer respostas para suas perguntas? Ou você sabe muito e quer
compartilhar seu conhecimento? Experimente o Yahoo! Respostas !
http://br.answers.yahoo.com/

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
0008bOW
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Re: CISSP, (continued)
- Re: CISSP Philosophil (Dec 03)
  - Re: CISSP ruud . geelen (Dec 03)
- Re: CISSP killy (Dec 07)
- RE: CISSP Shenk, Jerry A (Dec 03)
- Re: RE: CISSP mr . nasty (Dec 04)
- Re: Re: CISSP dfullerton (Dec 04)
  - RE: Re: CISSP Cony.Zhou (Dec 05)
    - RE: Re: CISSP Clement Dupuis (Dec 05)
  - Re: Re: CISSP Bruno Cesar Moreira de Souza (Dec 05)
    - Re: CISSP Anders Thulin (Dec 07)
    - RE: Re: CISSP Clement Dupuis (Dec 07)
    - Re: CISSP Joey Peloquin (Dec 07)
  - Re: CISSP Nick Besant (Dec 05)
    - RE: CISSP Adam Morey (Dec 07)
    - RE: CISSP Angelacci, Anna M CTR SPAWAR, J616 (Dec 11)
    - RE: CISSP Angelacci, Anna M CTR SPAWAR, J616 (Dec 07)
  - Re: Re: CISSP R. DuFresne (Dec 19)
    - RE: Re: CISSP Mueller, Daniel (NMCI CIRT) (Dec 20)
- RE: CISSP Craig Wright (Dec 04)
- Re: RE: CISSP mr . nasty (Dec 04)
  - RE: RE: CISSP Bates, Chris (Dec 05)

(Thread continues...)