Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Security /

Preparing for the CISSP exam, Part 3

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

By M. E. Kabay
Network World Security Newsletter, 03/28/01

A reader and colleague recently asked me a few questions about the Certified Information Systems Security Professional exam, and I thought readers might benefit from the interchange.

Mr. Pritsky (see http://www.pritsky.net ) is one of the authors collaborating in the preparation of " The Computer Security Handbook, Fourth Edition, " edited by Sy Bosworth and me. It will be published in 2001 by Wiley. In this last of the three-part series, I look at conferences that are helpful to aspiring CISSPs and add a few comments on the general issue of preparing for professional certifications.

Advertisement:

As part of your ongoing education in security, attend security conferences. Some of the top conferences (in alphabetical order by organizer) are run by:

* Canadian Communications Security Establishment.

* Computer Security Institute conferences.

www.gocsi.com

* European Institute for Computer Anti-virus Research.

conference.eicar.org/

* Information Systems Security Association (many regional conferences).

www.issa.org

* MIS Training Institute.

www.misti.com

* RSA Data Security.

www.rsasecurity.com/

* System Administration and Network Security Institute.

www.sans.org/

For much more extensive lists of security conferences, see:

* The events list at the Center for Education and Research in Information Assurance and Security at Purdue University:

www.cerias.purdue.edu/hotlist/detail.php?arg1=410&arg2=Events+%26+Call+For+Papers+/+Present

* The calendar of security- and privacy-related events maintained by the School of Computing at University of Utah:

www.cs.utah.edu/flux/cipher/cipher-hypercalendar.html

Mr. Pritsky also said:

" I'm not planning on sitting for the exam for several months, but I want to start allocating time, resources, etc, now. Any guidance you can give is much appreciated. "

Read for half an hour on some subject in one of the required areas every day. Write articles about security for your own company's security-awareness program (or help to establish such a program) and for professional publications on areas you are trying to understand - articulating the information will force you to learn better.

This whole question of preparing for professional certification reminds me of my experience in working on my doctorate in the early 1970s. I saw that some students tried to cram for their exams, and I disliked the results. It was very irritating discovering that some of my colleagues who aced their exams had already forgotten the bulk of what they pretended to learn within a few months after the exams.

So I resolved that I would just learn by osmosis. I read every day in my fields (applied statistics and invertebrate zoology). My lab notebooks had a literature search and explanation for each set of experiments, as well as a discussion. When I took my doctoral comprehensive, oral field exam, I didn't study for it at all. I just showed up at the meeting and had a ball discussing neat stuff with my professors (at one point my director had to insist, "Hey, this is supposed to be Mich's exam!" because we were all having such a good time arguing over some point of developmental biology).

Similarly, when I took the CISSP exam, I didn't study for it at all and did fine. So just learn all the time, think critically, write and teach as much as you can, and you'll do fine, too.

RELATED LINKS

Check out the new "Computer Security Handbook, 4th Edition" edited by Seymour Bosworth and Michel E. Kabay; Wiley (New York), ISBN 0-4714-1258-9. Available now at your technical bookstore or visit Amazon.

M. E. Kabay, Ph.D., CISSP is Associate Professor of Information Assurance in the Department of Computer Information Systems at Norwich University in Northfield, Vt. Mich can be reached by e-mail by clicking here. He invites inquiries about his information security and operations management courses and consulting services. Visit his Web site for papers and course materials on information technology, security and management.

Archive of Network World Fusion Focus on Security newsletters

Network World Security and Bug Patch Alert
News of the latest security holes and patches.

'Lion' worm targets Linux

Network World's 15th Anniversary Issue
 


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.