|
Home > Archive > Security+ > September 2003 > CISSP vs Security+
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
CISSP vs Security+
|
|
| walterbyrd 2003-08-29, 2:00 pm |
| Is there really all that much difference? Both cover IS security essentials, and neither cover anything in very much depth.
I know CISSP is supposed to be a BFD senior level professional gold standard cert, and the Security+ is supposed to be for beginers. But, from what I have seen, the material covered in either exam is about the same. | |
|
| Ummm - considering a couple of the Comptia questions are directly off a CISSP practice test I have seen with just some subtle wording changes in the answers, there is surely a lot of overlap. However the exams really are a world apart. CISSP is more based on fact than consensus of the exam writers and a lot more in-depth, however the biggest difference is that you must have (I think) 3 years real experience in the security area and you must also have a current CISSP to 'sign you off'. | |
| jdmurray 2003-08-29, 8:44 pm |
| I think the Security+ exam is more on par with the ISC2's SSCP cert rather than their CISSP cert. Both seem to cover more networking and admin topics than the Security+.
The CISSP is a 6 hour, 250 question exam that also requires four years of verifiable work experience (https://www.isc2.org/cgi/content.cgi?category=19). The SSCP is a 3 hour, 125 question exam that only requires one year of work experience ( https://www.isc2.org/cgi/content.cgi?category=20).
I haven't taken any of them, but there are plenty of study materials available from the leading cert study publishers that can be compared. | |
| walterbyrd 2003-08-30, 4:17 pm |
| >>CISSP is more based on fact than consensus of the exam writers and a lot more in-depth<<
Sure about that? As I understand CISSP choses their questions though a statisical method. Also, the CISSP has long been regarded as "a mile wide, and an inch deep."
>>however the biggest difference is that you must have (I think) 3 years real experience in the security area and you must also have a current CISSP to 'sign you off'.<<
I think it was recently changed to four years, unless you have a bachelor's degree or better. The endorsement required by the CISSP does not have to be another CISSP. It can be an officer from your employing company, or anybody with a professional designation, i.e.: CPA, MD, Lawyer. But here is the thing: the endorser has has to sign an agreement saying that you have all the qualifications to be a CISSP. Unless the endorser is familiar with the program, the endorser may be reluctant to sign anything like that.
According to the comptia site:
"The Security+ exam consists of 100 questions to be completed in 90 minutes. The minimum passing score is 764, graded on a scale of 100 - 900. Test results are displayed as soon as you complete the exam."
Since the grading starts at 100. I suppose each question counts for 8 points. Which means you need to get 82 questions correct. Not much room for error. In this regard the Security+ is even tougher than the CISSP. | |
|
| Well I can only comment on what my Australia CISSP buddy told me. I haven't really bothered reserching it as I do not have near the required experience. However the CISSP practice exams I have seen are a whole lot closer to the mark the the Comptia stuff as far as being factual goes. | |
| walterbyrd 2003-09-01, 12:34 pm |
| Your CISSP friend could be exactly correct, for all I know. However, my understanding is that the ISC2 considers SQL to be part of the ISO/OSI 7-level protocol - and I think that is dead wrong. SQL is a language, and has nothing to do with any communications protocol.
I have read about the SQL being part of this protocol stack in two CISSP books: the all-n-one, and the dummies guide.
I have questioned this on a few different forums. From what I can gather, the ISC2 considers SQL a data-comm protocol, and nothing will change their minds.
Of course, the comptia-security+ could be even worse. | |
|
| Ahh Sec+ is both better and worse - read a few of the posts in here ... particularly Trivial Pursuit  | |
| jdmurray 2003-09-01, 6:06 pm |
| quote:
From what I can gather, the ISC2 considers SQL a data-comm protocol, and nothing will change their minds.
Whoa, whoa, whoa! SQL is COMPLETELY INDEPENDANT from any networking protocols! Ask any database admin, who configures a database service (e.g., SQL Server) for the network protocols it will use.
There are no such drivers as TCP/IP for SQL, or IPX/SPX for SQL. SQL is an abstract entity that resides ABOVE the Application layer. This is clearly evident to us programmers, anyway.  | |
| walterbyrd 2003-09-02, 9:28 am |
| >>
Whoa, whoa, whoa! SQL is COMPLETELY INDEPENDANT from any networking protocols! <<
My point exactly. When I read about SQL being a networking protocol in the CISSP All-in-One study guide. I gave up on that guide, and got the CISSP Dummies Guide. Then I read the same thing in the CISSP Dummies guide.
I have since been told that ISC2 has their own view of the ISO/OSI 7 layer stack, and nothing will change their minds.
In the All-in-one book, first edition, it's on page 350, under "Session Layer" :
"Some protocols that work at this layer are Secure Sockets Layer (SSL), Network File System (NFS), Structured Query Language (SQL), and Remote Procedure Call (RPC)."
From the CISSP for Dummies, page 85, under "Session Layer" :
"Some examples of Session Layer protocols include . . . . Structured Query Language (SQL)"
This is one of the reasons that I am a bit sceptical of the CISSP exam. |
|
|
|
|