Certifications are very important in the field of information security. There are various organizations out there who provide different certificates that measure an individual’s skills from beginner to advance and which even include qualifications for the managerial aspects of information security. You might have heard about different certifications like skill sets such as ethical hacking, computer forensics, and most definitely, CISSP. A Certified Information Systems Security Professional (CISSP) is an individual who has acquired a skill set recognized internationally by the International Information Systems Security Certification Consortium; formally known as (ISC)2.
The CISSP is a well known and an important certificate that increases the value of a certificate holder. According a 2006 study by Certification Magazine, “The CISSP by (ISC)2 is a top paid certificate in IT.” Personally I believe that anyone who acquires basic penetration testing certification should then take the CISSP because it offers many advantages. In my case, I decided to take the CISSP exam but was worried about getting the right training. I spent a lot of time researching CISSP certification and training courses, and was particularly meticulous because there are so many online institutes available. This plethora of instructions means thatthe reputation of an institute is very important. After careful consideration, I decided to train at the . There were various factors that contributed to my decision to study at InfoSec Institute, and after completing the course, I decided to write a review so that others can learn what to do and what not to do.
I went to the CISSP certificate page of InfoSec Institute’s website, and I got a lot of information about the certificate. For example, I learned about the benefits of having the certificate, directions for a likely career path, and the expected salary level. The same page also contains information about the certification process and information regarding how to become a certificated CISSP professional, which is very helpful for anyone seeking general CISSP information. The InfoSec Institute program has over 93% success rate, which is a very good percentile. Of-course, I also went to the CISSP Boot Camp page, and learned that the Institute describes their program stating:
“You will leave the InfoSec Institute CISSP Boot Camp with the knowledge and domain expertise to successfully pass the CISSP exam the first time that you take it. We have ‘best-in-the- industry’ 93% pass-rate.”
Right after the registration process, I went to the online portal of InfoSec Institute for CISSP training. They categorized each lecture in a form of a module, which was very helpful.
In any course, the instructor plays an important role, and I was worried about learning from an online instructor. I was concerned about his or her ability to deliver the proper course material, and about the methods adopted for online teaching (which I consider very important). The instructor of the course is J. Kenneth (Ken) Magee, and he has a very strong IT background. He is the president and owner of Data Security Consultation and Training, LLC and the senior instructor at InfoSec Institute. Prior to holding these positions, he was the chief information security officer for the entire Virginia Community College system, . Magee holds 20 certifications including: CISSP, CISA, ISO 27001 PA, Security+, and CDP.
The next most important thing for me is the course material. I wanted to know what the instructor going to teach me, so I went to the (ISC)2 official website review the basic information about the standard CISSP course. From this, I learned that the topics covered in the regular (non-online) course are:
- Access Control
- Telecommunications and Network Security
- Information Security Governance and Risk Management
- Software Development Security
- Security Architecture and Design
- Operations Security
- Business Continuity and Disaster Recovery Planning
- Legal, Regulations, Investigations and Compliance
- Physical (Environmental) Security
After comparing the online course to the regular course, I noted that similar modules are available through the online portal of InfoSec Institute’s CISSP program, which is very helpful for online students.
The first module is the introductory module which gives you information about the CISSP and (ISC)2. The most important part of the module is the exam overview, which covers the duration of the exam, the passing grade, total number of questions, types of the questions, and provides other relevant information. This module discusses the requirements for receiving the CISSP certificate, and explains what to bring and what not to bring to the examination.
communication channels and their security. In summary, this course discusses integrity, availability, and confidentially.
ISGRM (information security governance and risk management) is the third section according to (ISC)2 and the fourth module of InfoSec Institute’s Boot Camp portal. This class covers the roles and responsibilities of the CISSP certificate holder. The class also discusses security policies (how to implement and practice the policies), the risk management, and risk analysis. It includes information on security training and awareness and the standards of information security management. In short, the overall module discusses who owns what?
and models,. It also discusses internationally recognized guidelines for security implementation; for example, the PCI-DSS and ISO. The module also looks at the importance of integrity models like Biba and Clark-Wilson.
an incident and how to response to a particular event. This module also focuses on preventative techniques to ward off attacks, patches, and vulnerability management. The module also discusses change and configuration management, and provides information on operation security responsibilities for effectively installing patches and managing a backup. Logs are also covered (including firewall logs, IDS logs, server logs, etc.), along with auditing and other relevant topics on operation security.
This is the eighth point in the CISSP course, and of course, it is the ninth module in the InfoSec Institute portal. I was very happy while viewing the video of this topic, and was very excited to learn about business cycles and the importance of information security. Additionally, I was excited to learn how information security affects a company’s overall business plan; and this module had the answers to all of my questions. This module is very important because it allows you to learn about business impact analysis (BIA) and business continuity planning (BCP). The exciting part of this module is learning about possible threats and the disaster recovery planning process.
It is the ninth topic emphasized by CISSP certification, and it is a very important class that covers legal issues. I really enjoyed learning about computer crime laws and regulations. The module discusses the legal issues of cyber crime, what the cyber crime laws are, and how to investigate a possible crime. The module also looks at different codes of ethics.
My experience with the InfoSec Institute regarding the CISSP course was very good. Although it is a very dry course (which I think all of you already know), I really enjoyed my journey and found it very informative. In my opinion, there is a need to add some practical examples into the course material; I mean, it would be very helpful the instructor could provide examples that he had faced in real life. The examples that were given throughout the course were enough to understand the concept, but extra examples can grab the attention of the student. Overall, the course has helped me to prepare for the exam and provided useful material. The teaching style and the valuable information presented in the first module really helped me to prepare myself for the CISSP exam.