Closed Thread
Page 3 of 4 First 123 4 Last
Results 51 to 75 of 93
  1. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #51
    I don't know how much it really matters now that they only let you take one year off from EITHER certs or a degree. I would imagine that most people would already have a Security+ or other qualifying cert.

  2. SS -->
  3. Stop,Collaborate + Listen LarryDaMan's Avatar
    Join Date
    May 2008
    Location
    DC Suburbs
    Posts
    792

    Certifications
    CISSP, CISA, PMP, FITSP-M, Security+, Network+, A+, (expired: CCNA, CCENT)
    #52
    For a second I didn't realize this was an old "New CISSP Requirements" thread and I almost started to freak out. But no.

    I do know that a major revamp of the CBK is planned for 2009.

    If you download the Candidate Information Bulletin (CIB) from the ISC2 website and scroll through the PDF, a new CIB is also attached that takes affect in Jan 2009. XML and SOAP are some new things that jump out, but supposedly big changes lay ahead later in 2009.

    Shon Harris is planning AIO v5 for a January 2010 release.

    Should be interesting, hopefully I will be long done before then and not on my 4th attempt.

  4. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,598
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #53
    Quote Originally Posted by LarryDaMan
    I do know that a major revamp of the CBK is planned for 2009.
    The CISSP exam should begin reflecting the updated CBK in the first quarter of 2009. I don't think any changes in the actual requirements for the exam are planned.

    And yes, the requirements changed made in 2007 only allows one year to be removed for having either a specific cert, an acceptable undergrad degree, or a Master in InfoSec from an NSA/CAE. It's too bad the Masters degree doesn't count for more than having just a Security+.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray

  5. Member
    Join Date
    Jul 2006
    Posts
    99

    Certifications
    A+, Network+, Security+, Linux+, LPIC-1, SFCAR, SFCSR, SFCSE, CEH, B.S. in MIS, M.Sc. in Info Security (NSTISSI No. 4011 - CNSSI No. 4013)
    #54
    Quote Originally Posted by JDMurray
    And yes, the requirements changed made in 2007 only allows one year to be removed for having either a specific cert, an acceptable undergrad degree, or a Master in InfoSec from an NSA/CAE. It's too bad the Masters degree doesn't count for more than having just a Security+.
    I was about to post something similar when I saw your post. This does not make any sense!!!!

  6. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,598
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #55
    Quote Originally Posted by mengo17
    I was about to post something similar when I saw your post. This does not make any sense!!!!
    Maybe when the Masters in InfoSec become more common the (ISC)2 will bump the requirements up to six years and allow the MS to exempt a year on its own.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray

  7. The Colosus of Clout Paul Boz's Avatar
    Join Date
    Oct 2006
    Location
    Baton Rouge, LA
    Posts
    2,607

    Certifications
    CCNP, CCIP, CCDP, CCDA, CCNA, CCNA Security, NSTISSI 4011, GSEC, GCFW, GCIH, GCIA
    #56
    Hopefully I can get through this in the months before changes start happening. That happened to me with the CCDA and it made me put it off for a year as a result.

  8. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,598
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #57
    Consider the benefits of a CISSP CBK revision. They are likely to drop the Orange Book, older technology, and a lot of pre-2000 InfoSec initiatives from the CBK, leaving CISSP candidates the need to only study more modern InfoSec topics and issues. This revision will further obsolete a lot of CISSP study aides currently available, but it also make it easier to decide on which study materials to use.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray

  9. The Colosus of Clout Paul Boz's Avatar
    Join Date
    Oct 2006
    Location
    Baton Rouge, LA
    Posts
    2,607

    Certifications
    CCNP, CCIP, CCDP, CCDA, CCNA, CCNA Security, NSTISSI 4011, GSEC, GCFW, GCIH, GCIA
    #58
    Also, it never hurts to have the knowledge, whether it's tested or not.

  10. Junior Member
    Join Date
    Sep 2008
    Posts
    6

    Certifications
    CISA, CSSBB
    #59

    Default Re: New Requirements for CISSP.

    Quote Originally Posted by susanj
    Quote Originally Posted by keatron
    Dear (ISC)2 Member,


    The new requirements include the following components:
    • The minimum professional experience requirement for CISSP certification will be 5 years of relevant work experience in two or more of the 10 domains of the CISSP CBK, or four years of work experience with an applicable college degree or a credential from the (ISC)2-approved list. The current requirements for the CISSP call for four years of work experience in one or more of the 10 domains of the CISSP CBK, or three years of experience with an applicable college degree or a credential from the (ISC)2-approved list.
    • Candidates for any (ISC)2 credential will be required to obtain an endorsement of their candidature exclusively from an (ISC)2-certified professional in good standing. The professional endorsing the candidate can hold any (ISC)2 certification – CISSP, SSCP or CAP. Currently, candidates can be endorsed by an officer from the candidate’s organization if no CISSP endorsement can be obtained. The board believes that only an (ISC)2-credentialed professional bound by its Code of Ethics should provide a candidate endorsement.
    Does anybody know what exactly it means to have an "an applicable college degree" ?
    I just wonder why (ISC)2 don't get and verify the endorsement first and then accept the application for CISSP exam. They can charge say a small amount of application fee for this. This will prevent confusion and misunderstanding or what one regards as info sec experiences but not in the eyes of (ISC)2? Moreover, it is required to submit the CV together with the exam applicaton. Why don't they just confirm the candidate's eligibility to be a CISSP prior to the exam?

  11. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,598
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #60
    Because if you don't pass the vetting you will still be awarded the Associate of the (ISC)2 designation rather than the full certification. The goal of the (ISC)2 is to have people pay the full amount for the exam, and become a dues-paying member, even if they aren't fully qualified for the certs. I think the Associate designation accomplishes this goal amazingly well.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray

  12. Junior Member
    Join Date
    Sep 2008
    Posts
    6

    Certifications
    CISA, CSSBB
    #61
    Do you think this is a responsible manner?

    This similiar to one admitted to a University for a degree, studied four years and passed all exams and then the University informed him that he did not satisfy the University entry requirements in the first place and awarded him a certificate or diploma.

  13. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #62
    You can contact them and discuss your experience. You should have a good idea going into it whether you'll qualify or not. I don't think there's a whole lot of surprises.

  14. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,598
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #63
    Quote Originally Posted by billrich88
    Do you think this is a responsible manner?
    The (ISC)2 is a private organization; if you want its certs you must play by its rules. Having gone through the process myself, I have no problem with the way they vet candidates. It helps ensure quality by discouraging people who know that they aren't qualified and don't want the "Associate" tag until they are.

    You needed 4-5 years of InfoSec experience to get your CISA. Did ISACA fully vet you before allowing you to sign up for the exam?
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray

  15. Junior Member
    Join Date
    Sep 2008
    Posts
    6

    Certifications
    CISA, CSSBB
    #64
    That doesn't mean this is a best practice or should be the norm. CISSP is accredited to ISO 17024 which demands a quality system that requires 'review' before 'accept'. May be I should ask ANSI whether this practice conform to the ISO 17024 requirements.

  16. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,598
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #65
    To save yourself some possible embarrassment, I'd suggest that you fully review ISO 17024:2003 before assuming that it defines and regulates anything to do with the business practices of a certification vendor. You might be surprised how much structure and how little definition there actually is in an ANSI/ISO standard.

    If you can't get a copy of the actual standard, start with the Guidance on ISO 17024:2003 (PDF) document.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray

  17. Junior Member
    Join Date
    Sep 2008
    Posts
    6

    Certifications
    CISA, CSSBB
    #66
    The Guidance does not include the I7024 requirements. In 17024 clause 4.4, it demands the certificaton body to operate a management system and there is a note stating that operating an ISO 9001 Quality Management System deems to satisfy this management system requirement and in ISO 9001 7.2.2 requires: 'review' before 'accept'

  18. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,598
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #67
    The (ISC)2's certification experience requirements have been in existence for years. The (ISC)2's current process has already passed vetting from the ISO in order to be certified. If you are really interested in "taking down the (ISC)2," I suggest approaching it from a business ethics or conflict-of-interest point of view rather than a violation of their ISO certification.

    And why the big vendetta against the (ISC)2 anyway? If you have a CISA then you have the experience for a CISSP as well.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray

  19. Junior Member
    Join Date
    Sep 2008
    Posts
    6

    Certifications
    CISA, CSSBB
    #68
    I am in no way taking down (ISC)2 but these are the just the questions in my mind wanting opinions from professional people like you. (ISC)2 is certainly very good and professional in many areas but I think there will always be rooms for improvement in some aspects. Different organizations have different processes, and I agree if one wants to join the party, one has to follow the party's rules. Whether the rules are good or bad is another matter. Todays, corporate social responsibility is a hot topic and this stirrs up many 'rethink' of what a socially responsible organizaiton should be. Thank you so much for your information and opinions.

  20. Senior Member
    Join Date
    Nov 2005
    Location
    Birmingham, AL
    Posts
    1,088
    #69
    I want to point out a couple of things.

    1) People do not blindly register for exams or certifications; unless they are ignorant. Research is typically conducted to determine concepts and material covered, perhaps also on the issuing organization, and most certainly experience or eligibility requirements.

    2) That being said, the paperwork you submit when registering for the CISSP exam asks whether or not you have the necessary experience and even asks you to itemize your experience and provide a resume for review.

    His example of the university scenario doesn't work. You don't jump into a school without researching the school and it's eligibility requirements. Also, it would require the student to lie when asked if they met the requirements before taking the exam.

  21. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,598
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #70
    I hear you, billrich88. I have serious questions myself about the grandfathering practice being used for the (ISC)2's newest cert exams, the CSSLP. Read my thread on this subject and let me know there what you think.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray

  22. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,598
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #71
    Quote Originally Posted by RTmarc
    2) That being said, the paperwork you submit when registering for the CISSP exam asks whether or not you have the necessary experience and even asks you to itemize your experience and provide a resume for review.
    But these are not requirements for taking the exam. You can have zero InfoSec experience and still take the CISSP or SSCP exams. Upon passing, you will be awarded the Associate designation and not the full cert. The Associate of the (ISC)2 was created for people graduating college that do not have much or any InfoSec experience, but are looking to make some aspect of InfoSec their profession. The exam costs the same, experience or not.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray

  23. Junior Member
    Join Date
    Jun 2009
    Location
    Singapore
    Posts
    1

    Certifications
    MCP,MCTS,MCSA,CCNA
    #72
    OMG, I have to wait for one more year?

  24. Senior Member
    Join Date
    Apr 2008
    Location
    Florida
    Posts
    997

    Certifications
    CCIE R&S #38616 and many more!
    #73
    Quote Originally Posted by hellointer View Post
    OMG, I have to wait for one more year?
    Have you considered the associate path? This way after successfully passing the exam you can earn the required experience and submit your resume for evaluation again after you have obtained the requirements. May also want to consider the SSCP this year and CISSP next year.

  25. Junior Member
    Join Date
    Oct 2009
    Posts
    2
    #74
    Quote Originally Posted by dynamik View Post
    I don't know how much it really matters now that they only let you take one year off from EITHER certs or a degree. I would imagine that most people would already have a Security+ or other qualifying cert.
    I am planning to take the CISSP exam, but still not sure whether my masters degree in Information Assurance and a Microsoft Certified Professional certification will be sufficient for me to qualify. I am currently working as an IT Systems Analyst with 2 years experience, but have been in the IT field for close to 7 years now working as a Workstation Engineer, Helpdesk Support Specialist, and as a Technician. I was told I need certain years of experience (5 years) working in the security field, but I honestly don't have that years of experience. Can my masters degree and my certification with the years of experience that I already have substitute for the requirement to take the CISSP exam? Also, if they could substitute for that, what do I need to have in mind to prepare for the exams?

    Thanks
    Last edited by borngunners; 10-25-2009 at 02:01 AM.

  26. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #75
    Welcome to the forums.

    You can take the exam without meeting any of the requirements. If you pass, you'll be an associate and be given six years to fulfill the requirements.

    That masters sounds like something that would qualify, but I'd contact them just to confirm that. If your systems analyst position meets their criteria, you'd be an associate for two more years.

    Good luck!

Closed Thread
Page 3 of 4 First 123 4 Last

Social Networking & Bookmarks