When Is Access Control Chart CISSP Necessary?

CISSP describes professionalism. CISSP stands for the Certified Information Systems Security Professional. The CISSP is an indication of a qualified Information Systems Security Practitioners. The examination for CISSP consists of hundreds of multiple choice questions – 250 to be exact – and discusses topics within the area of Cryptography, Security Management Practices, and Access Control Systems. The ISC2 (or International Information Systems Security Certification Consortium) encourages CISSP as a helper in evaluating practitioners who are concerned with information security functions. CISSP was first introduced back in 1989.

Some basic facts about CISSP is that any Certified Information Systems Security Professional is honored and recognized worldwide by the Information Technology industry. CISSP maintains its growth and is used as a mark of excellence within the industry.

Here are some of the prerequisites before you can attain a CISSP certification: you must have years of professional experience (which used to be four years  but was later changed to five years on October first of 2007.) You must also pass the CISSP exam, a complete endorsement form, and a clear audit of the work experience and then pledge to ISC-2 Code of Ethics.

Why do I need CISSP? CISSP concentrates on three forms of Information System Security which are: the ISSAP (which stands for Information System Architecture Professional); the ISSEP (which stands for Information System Engineering Professional); and the ISSMP (which stands for Information System Security Management Professional.)

CISSP does serve its purpose when employees find their careers are enhanced. CISSP (being known worldwide) does affect the individuals who carry the certification since it boosts their competence and knowledge in the industry so that they can perform as expected within the work field.

A website posted an informal survey on information security jobs, which showed that over 70% of the positions required CISSP certification. Corporations are in the serious business of protecting their information assets, so they consider CISS Professionals to be the most competent information security protectors around. IT consultants, managers, privacy officers, information security officers, security device administrators, security policy writers, and security engineers among others, are those qualified to take the CISSP certification exams.

All the 10 core domains in the Body of Knowledge (CBK) of ISC2 lie at the heart of CISSP certification. Leading the list of CBKs is Access Control. Access control is concerned with having the advantage of denying entry to someone. By principle, physical and computer security access is the same. In physical access, the entrance to any building or restricted area, is always guarded so anyone trying to gain entry must have a permit or a form of identification to show to the guard, or the person controlling the access.

Computer security access control includes three important details: authentication, authorization, and audit. There are two classes of access control models, which are either based on capabilities or based on access control lists (ACLs). Capability-based models provide access to the object as conveyed to another party through transmitting the capability over a secured channel. In the ACLbased model, access depends on the identity of the one gaining access, which should be recorded or is in the lists. Capability access is just like having a key to gain access, no matter who is holding it. On the other hand, the ACL-based model is like having the right key with the  person holding it properly identified.