I think information security is a very broad concept: developing specific products (such as firewalls and antivirus software), building encryption and PKI systems, intrusion detection and security assessment. All belong to this range. We can pay more attention to risk assessment, safety planning, safety project management, IT engineering supervision and information system audit.
I also looked up some information about CISSP certificates.
CISSP, your next career goal
Information security specialty is a new professional field in 2 1 century. Internationally, there are a lot of work demands related to information security. In the recent career analysis report, it can be found that information security talents will be a long-term hot commodity both at home and abroad.
Obtaining the qualification certificate in IT field is the best way for job seekers to effectively prove that they have relevant knowledge and experience, which can make job seekers occupy an advantageous position in the fierce competition. CISSP qualification can prove that the holder has the knowledge level, experience and ability of information security that meet the requirements of international standards, and has professional credibility, which is unmatched by other manufacturers' certificates. CISSP qualification provides evidence for enterprises and organizations to find professional talents, which has been widely recognized in the world.
CISSP is the abbreviation of information system security professional certificate. It is the highest level international certificate representing information system security practitioners, and is called "undisputed champion qualification in the field of information security" by the industry.
What is CISSP?
CISSP is organized and managed by (ISC)2- International Information System Security Certification Alliance.
The main target of obtaining this qualification is information system security professionals, including information security professionals of major enterprises, telecommunications, banking and securities industry, system integration and service providers, e-commerce and e-government. Mainly engaged in information system security-related consulting and management, the main positions are CIO, CSO (Chief Security Officer), consultant, security maintenance administrator and security training lecturer. At present, job descriptions of many international companies have clearly required candidates to have relevant qualifications such as CISSP, while in China, financial and telecommunications companies also require employees engaged in information security to obtain CISSP qualifications.
Founded in 1989 and headquartered in North America, (ISC)2 is an independent global non-profit organization. The alliance consists of many professional organizations, universities, government agencies and professionals. Its goal is to develop and maintain a general knowledge system about information security, organize the examination and certification of Information System Security Engineer (CISSP) according to a set of international information security standards, and ensure the validity of the certificate through continuing education.
The Development of CISSP in China
The Employment Situation and Prospect of CISSP in China
(ISC)2 The first public CISSP examination was held in Duolun, Canada on 1995. By February 30th, 2002,13,397 people from more than 60 countries around the world had obtained the CISSP certificate. Apart from the United States, Asia has the most CISSP. At present, the main Asian regions are Hong Kong, Singapore and South Korea.
June 5438+October 2002/KLOC-0, (ISC)2 set up an office in Hong Kong. In May, September and 10, 2002, Chinese mainland held three CISSP examinations in Shenzhen, Shanghai and Beijing respectively. Plus taking overseas exams, there are about 60 CISSPs in Chinese mainland, of which 60% are employed by security vendors and consulting service providers.
With the recognition of CISSP by more people, the distribution of CISSP will gradually become even, and the number of CISSP holders in banking, securities, telecommunications, IT service providers, government and education departments will increase significantly.
Obtaining CISSP qualification is just the beginning, which only shows that you have mastered the professional knowledge in the field of information security. To some extent, CISSP can be regarded as a membership card to join the occupational safety expert club. Everyone has the same language and behavior. As professionals, they need to grasp the development of safety, constantly learn and enrich themselves, and apply their professional experience to practical work.
Acquisition and maintenance of CISSP examination and qualification
CISSP application requirements
To apply for CISSP qualification, you must meet the following conditions:
1. Applicants must have at least 4 years working experience. If they have a bachelor's degree, they need three years of work experience. Work experience should be one or more of the 10 knowledge fields (isc) specified by the public knowledge system (CBK) 2;
2. Applicants must sign and promise to abide by the code of ethics formulated by ISC (2), such as not joining hacker organizations;
Applicants must pay a registration fee of $450 and take a 6-hour CISSP exam.
Only those who meet the above conditions and pass the examination can apply for CISSP qualification. Therefore, CISSP qualification is a professional certification that emphasizes work experience and professional ethics, and is not suitable for beginners.
CISSP exam
The content of CISSP exam covers CBK 10 professional categories, and the topics are extensive but not in-depth. It is unrealistic for professionals engaged in specific work to master all the knowledge covered by CBK in depth. Candidates are not required to be experienced experts in every security field, but they should know all the different knowledge points covered by information security.
The CISSP exam consists of 250 multiple-choice questions. At present, there are only English questions, which need to be completed within 6 hours (9 am to 3 pm). Generally speaking, there is no time pressure. The topic comes from the question bank of (ISC) II, and the topic of each exam will change. According to the author's experience, the topic of each exam will focus on the current security hot issues. Of the 250 questions, only 225 were graded and the remaining 25 were used for investigation purposes, but these questions were not clearly marked. The passing score is generally 70% for 225 questions.
The examination questions are relatively simple, and the setting of the questions has nothing to do with the manufacturer or the operating system, and there will be no problems based on a specific application (such as Windows or UNIX). Because the premise of taking the exam is that the candidate has at least 3 years of work experience, the exam questions focus on assessing whether the candidate has professional practical experience. Although written knowledge is very important for understanding theories, concepts, standards and regulations, it cannot replace the ability to deal with practical problems.
The biggest challenge of the CISSP exam is that every candidate is not familiar with the 10 security category. For example, a candidate may be very proficient in security testing and attack techniques, but he may not be familiar with physical security, cryptography or security management. A lot of reading and studying for the exam is very helpful for expanding the safety knowledge of candidates and for the follow-up work and understanding of the problem.