1. Identify three vendor-centric professional certifi cations in security. Professional Information Systems Security Certifi cations-Charting Your Career Path
2. In the DoD 8570.01-M directive, which professional certifications map to the 8570.01-M directive?
3. From a career perspective, which professional certifications make sense for someone wishing to perform intrusive, penetration tests?
4. What is the primary difference between the (ISC)2 SSCP® and CISSP® professional certifications from an information systems security career path perspective?
5. Why do you think it is important to take both vendor and vendor neutral professional certification exams for your career progression? Explain.
6. Pick two professional certifications that you want to pursue and explain what the prerequisites are and in what time frame in your career path you plan on achieving them.
7. Why would an organization that is not in the DoD but does business with the DoD choose to get its employees certified using the measurement of the DoD 8570.01-M directive?
8. Explain in your own words what the significance of the (ISC)2 Code of Ethics implies to information systems security professionals.
9. What IAT levels in the DoD 8570.01-M map to the hands-on, entry-level professional certifications: Security+, SSCP®, SCNP, Network+, and GEAC?
10. At the IASAE level in the DoD 8570.01-M directive, what professional certification acts as the core foundation for Levels I, II, and III?
Systems Security Certifications- Charting Your Career Path
11. What are two professional certifications that can be obtained for systems and network auditing and information
systems auditing?
12. If you just obtained a B.S. Degree in Information Systems Security and have one year of work experience but less than five years of work experience in information systems security, which professional certification from (ISC)2 would you be eligible for?
13. If you were pursuing a management position in information systems security or information assurance,
which professional certification would you obtain from (ISC)2?
14. When is it a good idea to have vendor professional certifications as opposed to vendor neutral?
15. If you were responsible for designing and configuring DMZs, firewalls, and IDS/IPS security solutions, which vendor certifications would you consider?