There has been some confusion with students as to the number and category of defined ISO and CISSP security domains. This is quite understandable as the CISSP security domains have significant parallels with the domains defined by the International Organization for Standardization (ISO) International Elecgtrotechnical Commission (IEC).
There are 12 security domains specified by the ISO. The 12 domains are intended to serve as a common basis for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities.
The 12 domaines of network security: Risk Assessment; Security Policy; Organization of Information Security; Assess Management; Human Resources Security; Physical and Environmental Security; Communications and Operations Management, Access Control; Information Systems Acquistion, Development and Maintenance; Information Security Incident Management; Business Continuity Management; and Compliance.
The CISSP, one of the most popular certifications in the network security profession, was the first credential in the field of information security accredited by the American National Standards Institute (ANSI). For CISSP credential, in addition to five years of experience, professional experience must be in two or more of 10 defined (ISC)2 CISSP domains.
The 10 CISSP domains include: Access Control; Application Security; Business Continuity and Disaster Recovery Planning; Cryptography; Information Security and Risk Management; Legal, Regulations, Compliance and Investigations; Operations Security; Physical (Environmental) Security; Security Architecture and Design; and Telecommunications and Network Security.
While the CISSP domains are specific to (ISC)2 CISSP certification, the ISO domains serve as a useful reference for networking and/or security professional, independent of any specific certification.
Monday, August 3, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment