Call for CISSP Mentors
The Las Vegas Chapter of the Information Systems Security Association (ISSA) has begun its call for mentors for the Winter 2019 session of the Certified Information Systems Security Professional (CISSP) review course.
If you are interested in being a mentor for the group, please reach out to the Board of Directors at firstname.lastname@example.org with your interest. As a mentor, you may earn CPE credits towards your own certification by presenting to the chapter’s students.
As a mentor, you do not need to be a current member of the Las Vegas ISSA. You do need to be qualified as an expert in your field and in the subject you wish to mentor. Existing CISSPs are preferred, but other qualifications may apply in lieu of the CISSP.
We are seeking mentors to cover each of the 8 current CISSP domains as illustrated in the attached outline. Below is a brief description of each domain:
1. Security and Risk Management
a. Security Governance and Compliance, including business continuity planning, business impact analyses, and recovery point objectives.
2. Asset Security
a. The collection, handling, and protection of information throughout its lifecycle. Includes data handling, data storage, labeling, and destruction.
3. Security Engineering
a. Building of secure information systems and related architecture. Involves the integration of security controls, behaviors, and capabilities.
b. Client and server-side vulnerabilities, database security, distributed systems and cloud security, cryptographic systems, and web application vulnerabilities are part of this domain.
4. Communication and Network Security
a. Encompasses the network architecture, transmission methods, transport protocols, control devices, and security measures of information transmitted over private and public communication networks.
5. Identity and Access Management
a. Involves provisioning and managing the identities and access used in human interaction of information systems. Includes role-based, rule-based, mandatory and discretionary access control.
6. Security Assessment and Testing
a. Identifying risk due to architectural issues, design flaws, configuration errors, hardware and software vulnerabilities, coding errors, etc.
7. Security Operations
a. The application of information security concepts and best practices, forensic investigations, effective logging/monitoring, disaster recovery, and business continuity.
8. Software Development Security
a. Application of security concepts and enforcement of security controls in the Software Development Life Cycle.