CISSP For Dummies. Peter H. Gregory

Скачать книгу

       Society of Information Risk Analysts (SIRA): www.societyinforisk.org

       The Institute of Internal Auditors (IIA): www.theiia.org

       International Association of Privacy Professionals (IAPP): https://iapp.org

       Disaster Recovery Institute International (DRII): https://drii.org

       Computer Technology Investigators Network (CTIN): www.ctin.org

      Local security groups provide excellent opportunities to find peers in other organizations and discover more about your profession. Many people find that the contacts they make as part of their involvement with local security organizations can be especially valuable when they’re looking for new career opportunities.

You certainly can find many more security organizations with local chapters beyond the ones we include in the preceding list. Ask your colleagues and others about security organizations and clubs in your community.

       Many communities have local information security groups and clubs that are not affiliated with national or global organizations. Through word of mouth, you might find one of these groups located near you.

Spreading the Good Word about CISSP Certification

      As popular as the CISSP certification is, some people still don’t know about it, and many who may have heard of it don’t understand what it’s all about. Tell people about your CISSP certification, and explain the certification process to your peers. Here are some facts that you can share with anyone and everyone you meet:

       The CISSP certification started in 1994.

       CISSP is the top-tier information security professional certification.

       More than 142,000 security professionals in more than 170 countries have the CISSP certification.

       CISSP was the first credential accredited by the ANSI (American National Standards Institute) to ISO (International Organization for Standardization) Standard 17024.

       The average CISSP salary is $131,030 (U.S.).

       The organization that manages the CISSP certification has other certifications for professionals who specialize in various fields of information security. The organization also promotes information security awareness through education programs and events.

      Promote the fact that you’re certified. How can you promote it? After earning your CISSP, you can simply put the letters CISSP after your name on your business cards, stationery, email signature, résumé, blog, and website. While you’re at it, put the CISSP logo or your digital badge on there, too (and be sure to abide by any established terms of use).

       Many other certifications available from (ISC)² are described later in this chapter.

      Leading by example

      Like it or not, security professionals, particularly those with the CISSP certification, are role models for those around them. From a security perspective, whatever we do — along with how we do it — is viewed as the standard for correct behavior.

       Being mindful of this fact, we need to conduct ourselves as though someone is looking — even if no one is — at everything we do.

Using Your CISSP Certification to Be an Agent of Change

      As a certified security professional, you’re an agent of change in your organization: The state of threats and regulations is ever-changing, and you must respond by ensuring that your employer’s environment and policies continue to defend your employer’s assets against harm. Here are some of the essential principles for being a successful change agent:

       Identify and promote only essential changes.

       Promote only those changes that have a chance to succeed.

       Anticipate sources of resistance.

       Distinguish resistance from well-founded criticism.

       Involve all affected parties the right way.

       Don’t promise what you can’t deliver.

       Use sponsors, partners, and collaborators as co-agents of change.

       Change metrics and rewards to support the changing world.

       Provide training.

       Celebrate all successes.

       Your job as a security professional doesn’t involve preaching; instead, you need to recognize opportunities for improvement and reduced risks to the business. Work within your organization’s structure to bring about change in the right way. That’s the best way to reduce security risks.

Earning Other Certifications

      In business and technology, no one’s career stays in one place. You’re continuously growing and changing, and ever-changing technology also influences organizations and your role within them.

      You shouldn’t consider your quest for certifications to be finished when you earn your CISSP — even if it is the highest-level information security certification out there! Security is a journey, and your CISSP certification isn’t the goal, but a (major) milestone along the way. CISSP should be part of your security lifestyle.

      Other (ISC)² certifications

      (ISC)² has several other certifications, including some that you may aspire to earn after (or instead of) receiving your CISSP. These certifications are

       Associate of (ISC)2: If you can pass the CISSP or SSCP certification exams but don’t yet possess the required professional experience, you can become an Associate of (ISC)2. Read about this option on the (ISC)2 website.

       CCSP (Certified Cloud Security Professional): This certification on cloud controls and security practices was co-developed by (ISC)2 and the Cloud Security Alliance.

       SSCP (Systems Security Certified Practitioner): This certification is for hands-on security techs and analysts.

Скачать книгу