This preview shows page 1. Sign up to view the full content.
Unformatted text preview: d what tools are used to accomplish them. Professionals also need to follow which new security products are released and how they compare to the existing products. This is followed up by keeping track of new technologies,
service patches, hotfixes, encryption methods, access control mechanisms, telecommunications security issues, social engineering, and physical security. Laws and regulations
have been ascending the list of things that security professionals also need to be aware
of. This is because organizations must be compliant with more and more laws and regulations, and noncompliance can result in a fine or a company going out of business,
with certain executive management individuals ending up in jail.
Laws, regulations, and directives developed by governments or appointed agencies
do not usually provide detailed instructions to follow to properly protect computers
and company assets. Each environment is too diverse in topology, technology, infrastructure, requirements, functionality, and personnel. Because technology changes at
such a fast pace, these laws and regulations could never successfully represent reality if
they were too detailed. Instead, they state high-level requirements that commonly have
companies scratching their heads on how to be compliant with them. This is where the
security professional comes to the rescue. In the past, security professionals were expected to know how to carry out penetration tests, configure firewalls, and deal only
with the technology issues of security. Today, security professionals are being pulled out
of the server rooms and asked to be more involved in business-oriented issues. As a
security professional, you need to understand the laws and regulations that your company must comply with and what controls must be put in place to accomplish compliance. This means the security professional now must have a foot in both the technical
world and the business world.
Over time, the CISSP exam has become more global in nature and less U.S.-centric.
Specific questions on U.S. laws and regulations have been taken out of the test, so you
do not need to spend a lot of time learning them and their s...
View Full Document
- Fall '12