Re: [SAGE] CISSP Certification Penetration?

[Forrest Houston <fhouston@east.isi.edu>]

On Tue, 2 Mar 2004, Jeff Tyler wrote:

>
> Does it make sense for an SA or NA to pursue ? Well I did and I've
> never been sorry for the effort I expended.  But as I tell the
> people who I mentor for the CISSP, it's not really a technical
> certification (although it has technical aspects), it's really
> more of a business certification.
>

Agreed.  If you are looking for technical certifications I'd stick to the
GIAC program or a vendor specific one (depending upon your needs).  I had
thought the new "sub" certification (the ISSAP) was supposed to address
some of this issue but maybe I'm mistaken.  Looking at the domains for
it 2 of the 5 are still relatively non-tech in nature.


>From the ISC2 website:
Q: What is the purpose of the ISSAP concentration examination?

A: ISSAP stands for Information System Security Architecture Professional.
The development of concentration examinations is a direct response to
(ISC)2 research indicating that these needs of information security
professionals were not being met. This examination is designed to provide
CISSPs with a mechanism to demonstrate competence in the more in-depth and
concentrated requirements of information security architecture, within the
broader scope of information security knowledge identified in the CBK and
required for CISSP certification.

Q: What are the domains of the ISSAP examination?

A: The major domains for this Examination are:

    * Access Control Systems and Methodologies
    * Telecommunications and Network Security
    * Cryptography
    * Requirements Analysis & Security Standards, Guidelines, Criteria
    * Technology Related BCP and DRP