Future of Certified

Information Systems
Security Professionals
Engr. Md. Mushfiqur Rahman
CISA, CCISO, CISSP, OSCP, CCISO, LPT (Master), CISM, CRISC, CGEIT, CDPSE,
CEH, CHFI, ECSA, CSA, CTIA, CLPTP, ISO 27001 LA, CND, COBIT5, MCP, MCSA,
MCSE,MCTS, MCITP, OCP, CCNA, OCP, SCSA, Prince2, ITIL, MCT, PCT, ECI,
Presented by
APMGAT

2
 The quieter you become,
The more you are able to hear

3
People are the Key to a Secure Organization

Technological solutions alone cannot protect an organization's critical information assets.

Employers demanding qualified information security staff give their organizations a leading
edge by providing the highest standard of security for their customers', employees',
stakeholders' and organizational information assets. (ISC)², the only not-for-profit body
charged with maintaining, administering and certifying information security professionals via
the compendium of industry best practices, the (ISC)² CBK ®, is the premier resource for
information security professionals worldwide.

4
The International Information System Security Certification Consortium,
or (ISC)² is an international nonprofit membership association focused on
inspiring a safe and secure cyber world. Best known for the acclaimed
Certified Information Systems Security Professional (CISSP®)
certification, (ISC)² offers a portfolio of credentials that are part of a
holistic, programmatic approach to security. Our membership, more than
150,000 strong, is made up of certified cyber, information, software and
infrastructure security professionals who are making a difference and
helping to advance the industry. Our vision is supported by our
commitment to educate and reach the general public through our
charitable foundation – The Center for Cyber Safety and Education™.

Founded: 1989
Membership cost: U.S. $125

5
• Independent, nonprofit, global association
• Engages in
• development,
• adoption and
• use
of globally accepted, industry-leading knowledge and practices for
information systems.
• ISACA got its start in 1967
• Previously known as the Information Systems Audit and Control
Association
• ISACA now goes by its acronym only
• ISACA serves 140,000 professionals in 180 countries

6
 Introduced in 1994
 DoD Approved
 Most Required Security Certification on
LinkedIn
 Exam available in 8 languages at 882 locations
in 114 countries
 First information security credential to meet
the strict conditions of ISO/IEC Standard 17024
 CISSPs work in more than 170 countries globally
 93% of CISSPs are lifers
CISSP Facts
 More than 142,000 professionals currently hold
the CISSP certification
 Average CISSP Salary: US $131,030
 Computerized Adaptive Testing (CAT)
introduced December 18, 2017 7
CISSP Facts

8
Why organization hire CISAs
Highly
qualified

Ongoing
Experienced
professional
professionals
development

CISA
Employee Recognized
Competence
by
in five
multinational
domains
clients

Proficiency in
technology Credibility
controls
Job Practice
Domain 1: Information System
Domain 5: Protection of
Auditing Process, 21%
Information Assets, 27%

Domain 2: Governance and

Management of IT, 17%
Domain 4: Information Systems
Operations, Maintenance and
Business Resilience, 23%

Domain 3: Information Systems

Acquisition, Development and
Implementation, 12%
CISSP Linear Examination Information
• Exam language availability: French, German, Brazilian Portuguese,
Spanish, Japanese, Simplified Chinese, Korean
• Length of exam: 6 hours
• Number of questions: 250
• Question format: Multiple choice and advanced innovative
questions
• Passing grade: 700 out of 1000 points
• Testing center: ISC)2 Authorized PPC and PVTC Select Pearson VUE
Testing Centers

11
Computerized Adaptive Testing (CAT)
• Exam language availability: English
• Length of exam: 3 hours
• Number of questions: 100-150
• Question format: Multiple choice and advanced innovative
questions
• Passing grade: 700 out of 1,000 points
• Testing Center: ISC)2 Authorized PPC and PVTC Select Pearson VUE
Testing Centers
• For additional information, go to
www.isc2.org/certificatons/CISSP-CAT
12
 Pearson VUE
• Ready to sign up for the exam?
Visit the Pearson VUE website to create an account and
book your exam.
• What to expect in a Pearson VUE test center:
• At Pearson VUE, your security matters to us. You will
experience some - or all - of the security measures featured in
this video. Be prepared; for specific security requirements,
please check the relevant documentation/website/FAQ
information related to your test program
• https://youtu.be/T6tK_tY2AQQ
13
CISA Examination Summary

• Total Question = 150

• Total Time = 4 Hours
• Continues exam
• 365-day exam eligibility period
• Reschedule is possible without any fee, If you are unable to take your exam
• Can register anytime and any place (subject to availability)
• Reschedule as many as you want
• You CANNOT reschedule within 48 hours of your original seat time as you will forfeit your exam registration fee.
 Benefits of the CISSP / CISA for Professionals

  Demonstrates a working knowledge of information security

  Confirms commitment to profession 
  Offers a career differentiator, with enhanced credibility and marketability 
  Affords you exclusive benefits as an (ISC)² member, including valuable
resources such as peer networking and idea exchange 
  Indicates that certified information security professionals earn a worldwide
average of 25% more than their non-certified counterparts, according to the
Global Information Security Workforce Study 
  Fulfills government and organization requirements for information security
certification mandates  

15
Benefits of the CISSP / CISA for Employers

  Positions candidates on a level playing field as (ISC)² certifications are

recognized internationally   
 Provides increased credibility for your organization when working with
vendors and contractors 
 Empowers employees with a universal language, circumventing ambiguity
with industry-accepted terms and practices   
 Validates commitment and years of experience gained in the industry   
 Requires Continuing Professional Education (CPE) credits to ensure that
personnel keep their skills current   
 Satisfies certification mandate requirements for service providers or
subcontractors    

16
 Importance of a CISSP certification

 The value of any certification is determined primarily by the following factors:

 Recognition by the industry – The certification has to be widely recognized and respected
by a large section of companies in the target industry. There is no point in talking about a
certification, no matter how difficult it is to get, if no one knows about it.

 Difficulty level of achieving the certification – The certification needs to be difficult to

achieve to separate the high performers from the rest.

 Potential increase in earnings as a result of the certification – A top level certification

should significantly increase your chances of getting a much higher paying job which
recognizes and uses your improved skill set.

17
Let us see how the CISSP / CISA certification performs on the above factors:

Industry Recognition – The fact that CISSP is very widely recognized can be gauged
from multiple sources. Bank Info Security rated CISSP as the top information security
certification for 2012. Almost all the top certification forums have a separate section
dedicated to CISSP. In fact, you can speak to any senior professional in the world of
information security and he/she can tell you how much they value the certification.

Difficulty Level – The CISSP certification is one of the toughest certifications to get –
and not just because of the grueling 6 hour, 250 questions exam, which is as much a test
of endurance as of your knowledge. You need to have at least 5 years of experience in at
least 2 of the 10 domains of knowledge defined by (ISC)2 , or barring that, 4 years of
experience and a 4 year degree. If that was not enough, you need to be further have your
qualifications endorsed by another CISSP in good standing. Hence, it is a very good idea
to get some expert help while preparing for the examination, as the exam fee is in the
region of $500 and you would want your first attempt to be your best.

18
Let us see how the CISSP / CISA certification performs on the above factors:

Earning potential – The CISSP certification ranked 4th amongst the top 15 highest paying
certifications as per a salary survey conducted by TechRepublic. The average salary for a
CISSP is $95,000. Amongst IT certifications, it is the highest paying one..

19
 How can pass the Exam

 The challenge of preparing for this exam lies in its

exhaustive coverage of INFOSEC topics.
 Preparing for the exam is much like preparing for a
race:
 Practice, practice, practice…
 This course should be only part of your passing
strategy.
 You are not likely to be familiar with all of its topic
areas even if you have been in administrating
network security for a decade.
 Lecture along with nightly self study from several
sources is highly recommended.
 Augment your studies with practice exams.

20
The CISSP exam is based on the following ten domains:

Domain 1. Security and Risk Management

Domain 2. Asset Security
Domain 3. Security Architecture and Engineering
Domain 4. Communication and Network Security
Domain 5. Identity and Access Management (IAM)
Domain 6. Security Assessment and Testing
Domain 7. Security Operations
Domain 8. Software Development Security

21
Let us see how the CISSP / CISA certification performs on the above factors:

Experience Requirements Candidates must have a minimum of 5 years cumulative paid full-
time work experience in 2 or more of the 8 domains of the CISSP CBK. Earning a 4-year
college degree or regional equivalent or an additional credential from the (ISC)² approved
list will satisfy 1 year of the required experience. Education credit will only satisfy 1 year of
experience.
A candidate that doesn’t have the required experience to become a CISSP may become an
Associate of (ISC)² by successfully passing the CISSP examination. The Associate of (ISC)² will
then have 6 years to earn the 5 years required experience.

Accreditation CISSP was the first credential in the field of information security to meet the
stringent requirements of ANSI/ ISO/IEC Standard 17024.

22
Let us see how the CISSP / CISA certification performs on the above factors:

23
 Benefits of the CISSP / CISA for Employers

  Positions candidates on a level playing field as (ISC)² certifications

are recognized internationally   
 Provides increased credibility for your organization when working
with vendors and contractors 
 Empowers employees with a universal language, circumventing
ambiguity with industry-accepted terms and practices   
 Validates commitment and years of experience gained in the
industry   
 Requires Continuing Professional Education (CPE) credits to ensure
that personnel keep their skills current   
 Satisfies certification mandate requirements for service providers or
subcontractors    

24
Who Should Attend

 Security Consultant  Security Analyst

 Security Manager  Security Systems Engineer
 IT Director/Manager  Chief Information Security Officer
 Security Auditor  Chief Information Officer
 Security Architect  Director of Security
 Infrastructure Architect  Network Architect

25
 ThankYou!

email: mushfique98@gmail.com