According to a survey by Deloitte, it has been revealed that more than 50 percent of the companies under the survey program reported data loss between June 2005 to June 2006. As a result of this data loss, these organizations have faced almost 33 percent financial loss directly. In the US, it is reported that the rate of data breaches occurrences at a rate of one of every three days. So, the question comes at this point, how this can be stopped? How one organization can keep its data more securely? The answer must be to employ one certified information security professional to make the security system more secure.
To have qualified CISSP certified information security personnel, it is mandatory to pass the examination conducted by (ISC)2 CISSP examination. There are options for having CISSP online training and get prepared for the examination. But, it is not so easy one for aspirants to become a CISSP, as it needs a minimum of 5 years prior experiences on the eight information security domains specified by the (ICS)2. These are known as CISSP CBK (Common Body of Knowledge) as follows:
- Asset Security
- Software Development Security
- Identify and Access Management
- Security Engineering
- Security and Risk Management
- Security Assessment and Testing
- Communications and Network Security
- Security Operations
The expertise areas of a CISSP professional:
The candidates who will be awarded the CISSP certification will be able to:
- Implement operations security
- Understand law, ethics, and investigation
- Understand the Access control system and methodology
- Handle security management practices
- Apply Application and System Development Security
- Implement Physical Security
- Understand Security Architecture and Models
- Implement Business Continuity Planning & Disaster Recovery Planning (DRP)
- Understand Telecommunications and Networking Security
- Understand Cryptography and how it is used
- Can apply application and System Development Security (SDS)
It is reported that by the end of 2019 there will be almost 1.5 million information security professionals duly certified by (ICS)2 will be working globally to protect the data disaster. That means the domain of information or data security will be handled more securely and there will be no case of data breaches with the companies or organizations dealing with tons of data regularly.
How you can be a CISSP Certified Professional:
As we previously discussed that experience on those eight domains on data security marked by (ICS)2 is a primary requirement along with 5 years of work experience. Now, if anyone has this experience can be able to apply for the certificate? No, certainly not. The delegate has to pre-qualify the following essentials:
- Has to be worked on two or more domains of eight CBK domains
- Have to score 700+ on a scale of 1000 in the CISSP examination conducted by (ICS)2 which will be monitored by Pearson VDU enabled centers.
- After the exam, they have to complete the endorsement process conducted by (ICS)2 Code of Ethics.
- Has to maintain the certification with repute through continuing professional education (CPE) credits.
The role of the information security professional in an organization:
It is a common problem to the people that they think the CISSP certified people are the problem-solving elements in an organization. But, to be very specific, that this is completely “wrong” concept. The information system Security professionals are the key person to the organization who will be acting as the “Risk Advisors”. They do not fix any problem rather they will place their suggestions to the higher management or superiors about the threats and risks that may come to the organization and what will be the possible outcomes to avoid those threats.
Say for example, if one employee of your organization has been terminated. What will be the outcome? What are the risks that may be attached to this termination process? What are the things to be done to secure the data which could be tampered or destroyed? Here the role of an information system security professional comes into existence. He or she will not be entitled to go to the server room and fetch the data security process or change the firewall system and block the user. The data security professional will instruct the concerned database administrator and the associated technical people of the organization who are looking after the data security system to make the necessary changes as and what he or she thinks suitable to handle the data security system.
The vital role of an information system security professional in an organization:
As we discussed that the information system security professionals are not the mere “Do”-ers, they are the security policymakers. How the system security of an organization should be, what are the possible threats to the organizational data system structure, how they can be overcome- these are the things a data security officer will look after. The handling of data, maintaining of the database, firewall proofing, system administration, etc. are not the responsibilities of an information system security professional. They will be the asset of an organization as they are full-proof data security plans against every possible threat to an organization may face. Data integration, maintenance, syndication, violation- are the processes that will be followed by the suggestions given by these data security professionals to the upper management or top management.
Being a data security officer and a certified CISSP professional you need to be trained against illegal or unethical hacking. As a data security officer, you should have to have in-depth knowledge about unethical hacking and data loss. This has become a burning issue in today’s information system to save the massive data loss from the unethical hackers. After completing the CISSP certification the attendee will be able to get the objective of this modern day’s data security knowledge and security methodologies and tools as a whole.