cissp versus comptia security
DESCRIPTION
Cissp Versus Comptia SecurityTRANSCRIPT
CISSP Versus CompTIA Security+
By Robert Hanson
BIT 546 – Information Security Systems Fundamentals
Week 1 Lab
July 7, 2008
CISSP Versus CompTIA Security +
This paper will look at two certifications, CISSP (Certified Information Systems Security
Professional) and CompTIA Security+ (Computer Industry Association Security Plus). The
paper will briefly cover why a professional would pursue each of these and will cover some of
the difference between the two.
CISSP
If someone wants to build a career in information security and they have at least five years
experience then a CISSP certification is recommended. The CISSP certification will separate a
person from others for information security positions, assignments and promotions. The
professional will want to achieve a CISSP for the following reasons:
• International recognized credential
• Indicates a person measures up to certain professional and ethical standards
• Opens up many more career opportunities
• Shows an employer a person has knowledge and competence in the 10 domains of the
information system security Common Body of Knowledge (CBK)
• Allows for exchanges of ideas with peers
((ISC)2. Why Certify?)
CompTIA Security +
CompTIA Security+ Certification is required for those who will work for and with the
DoD (Department of Defense). If someone is going to performing IA (information
assurance) functions outlined under the technical or management categories in the DoD
8570.1M Manual, they will need to meet the DoD baseline certification requirement. The
training, certification, and workforce management requirements of 8570.1 apply to all
members of the DoD IA workforce including military, civilians, foreign nationals, local
nationals, and contractors. The rule applies whether the duties are performed full-time, part-
time, or a specific duty. Based on these facts the CompTIA Security+ Certification will be
very important to those in or looking to enter the IA field as it relates to DoD or
organizations involved with the DoD. The professional will want to achieve a CompTIA
Security+ Certification for the following reasons:
• Allow them to work for/with DoD when other certifications will not
• Can be used in any industry
• Shows they have a baseline knowledge of security
• Experience before getting certified is recommended but not required
(SYS Computer Training. FAQ)
Difference between CISSP and CompTIA Security +
CISSP requires up to five years experience (with one year reduction possible due to
education exception) in direct full-time security professional work experience in two or more of
the ten domains of information systems security. CompTIA Security+ recommends two years
experience in networking with an emphasis on security but not required.
CISSP could be viewed as better known and tougher to get then the CompTIA Security+.
The CISSP requirement of having actually experience could open up more high level positions to
someone with a CompTIA Security+ Certification. For someone looking to break into the
security field the CompTIA Security+ Certification is a realistic certification and with more than
30,000 jobs requiring it, seems to a viable option. CISSP appears to be good for an IT Security
Architect while CompTIA Security+ seems to be good for a Security Administrator. (Rothman,
M. 2007)
Reference List
(ISC)2. Why Certify? Retrieved on July 6, 2008 from https://www.isc2.org/cgi-
bin/content.cgi?category=97
Rothman, M. 2007. SearchSecuirty.Com. Ask the security expert. Retrieved July 6, 2008 from
http://searchsecurity.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid14_gci1251550,
00.html
SYS Computer Training. FAQ. Retrieved July 6, 2008 from
http://www.syscomputertraining.com/DOD_8570.1_files/faqs.html