« Mark Spencer changes roles at Digium/Asterisk... new CEO | Main | Heading to Ottawa... and OCLUG's Asterisk talk tonight »

February 01, 2007

In the service of the CISSP for another three years... (resetting CPEs to 0!)

Received a nice email from ISC2 this morning confirming that my Certified Information Systems Security Professional (CISSP) certification is all set for another three years. Having been involved with creating a certification, I find ISC2's process quite interesting.  First, obviously, there is the barrier of obtaining the CISSP credential.  The 6-hour exam is certainly not an easy one as it encompasses an extremely wide area in the 10 domains of the Common Body of Knowledge.  Then there is the professional experience requirement and then the requirement to be endorsed by another CISSP.  Add to that the fact that the exams are not computer-based but rather proctored... and are therefore only scheduled an infrequent intervals.  All in all, it winds up not being terribly easy to obtain the CISSP credential.  Which is part of the point, really.  There have been too many certification mills out there.

Anyway, once you obtain the CISSP, the next part is to maintain the credential.   There's an Annual Maintainence Fee to pay, but that's <$100 and not really a big deal.  Much harder is the Continuing Professional Education (CPE) requirement which is that over three years you have to obtain 120 CPEs.  If you fail to do so after 3 years, you lose your CISSP and have to retake the exam!  Now, it's not overly difficult to obtain CPEs.  You can get them for attending conferences, webcasts, training courses... even, once per year, for reading a security book.  You can also get more for providing training or serving on the board of a local security association.  Really, it's nothing for the normal security professional who is keeping up on the current state of the profession.  And that's the point, really.  ISC2 wants to ensure that someone representing themself as a CISSP does in fact have relatively current security knowledge.  The main issue, I find, is remembering to record CPEs with ISC2!  If I attend a conference or webinar or something like that, I try to remember to go and record that soon thereafter.

In any event... I've blown past the required CPEs... now the counter gets reset and I'll have to start again to have them in place before 2010!  :-)

P.S. Wikipedia, of course, also has more info on the CISSP.

Technorati tags: , , ,

Posted by Dan York on February 01, 2007 in Security |

|

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341bfc6e53ef00d834e80f2753ef

Listed below are links to weblogs that reference In the service of the CISSP for another three years... (resetting CPEs to 0!):

Comments

Subscribe


  • Or enter your email address:

Become a Fan

License

Full Disclosure

  • Dan York, CISSP, is Senior Content Strategist at the Internet Society and is also the Chairman of the VOIP Security Alliance (VOIPSA).

    Please note that neither the Internet Society nor VOIPSA have any connection to this weblog and any opinions stated here are entirely Dan's.

Contact Info

Archives

More...

Categories

My Latest Book


  • Migrating Applications to IPv6

  • Search:

Other Places I Write

Twitter Updates

    follow me on Twitter

    Disruptive Conversations

    Voxeo Blogs

    Voice of VOIPSA