取得CISSP后，该怎么办呢？

brain

这里的人都是信息安全界的从业者，CISSP对于象我一样的很多人是事业的目标，但是达到这一目标后，大家有没有想过以后？对此，想听听大家的一些想法。

omni

CISSP is the beginning, IMHO. \r\nBeing a CISSP is to say that you \r\na) subscribe to (ISC)2 Code of Ethics\r\nb) have the basic necessary knowledge set required to perform IS security tasks\r\nCISSP is by no means the end of it, it just brings you up to a new level of development.\r\n\r\nmy 1.5 cent

brain

Thanks.\r\n\r\n\r\n[QUOTE]最初由 omni 发布\r\n[B]CISSP is the beginning, IMHO. \r\nBeing a CISSP is to say that you \r\n……

zmkm

omni说得很好，CISSP只是一个证书，考试是对你的督促和压力，最终目的是获得更多的知识，促进你事业的发展。

insecurity

Read and practise \"(ISC)2 Code of Ethics\"\r\n\r\n----In the course of my professional activities, I shall conduct myself in accordance with the highest standards of moral, ethical, and legal behavior.\r\n----  I shall not commit or be party to any unlawful or unethical act that may negatively effect my professional reputation or the reputation of my profession\r\n----  I shall appropriately report any activity related to the profession that I believe to be unlawful, and I shall cooperate with any resulting investigation\r\n----  I shall support efforts to promote the understanding and acceptance of prudent information security measures throughout the public, private, and academic sectors of our global information society.\r\n----  I shall provide competent service to my employers and clients, and shall avoid any conflicts of interest. I shall execute my responsibilities in a manner consistent with the highest standards of my profession.\r\n----  I shall not misuse information to which I become party in the course of my duties, and I shall maintain the confidentiality of all information in my possession that is so identified.

ninelson

考cissp 时，劲头十足。\r\n可考之后，面对自己很多可学和可做的事情，又不知从哪里开始了。\r\n也许钻研某一方面是一个好主意。

cissp

通过CISSP考试只是万里长征的第一步，接下来可以作个工作很多，我觉的可以在以下几个方面考虑：\r\n1、学：CBK是高度概括的安全所涉及的方方面面，但只是提到了一些基本的概念，许多的内容还需要花大量的时间去充实，比如密码学、风险管理、系统评估、质量管理、业务持续与容灾计划、法律与道德等等。\r\n2、想：你所从事的工作和你的兴趣点在那个方面，该领域的知识如何获取，该领域的知识是否对您的未来发展有帮助，你希望在这个领域达到何种水平？\r\n3、说与写：对于您所熟悉的领域知识是否达到融会贯通。能否表达出来让别人接受？国内的资料非常匮乏，能否写出一些东西来，让更多的人了解信息安全，同时完成您的CPE。\r\n4、做：在实际的工作中如何把理论的知识变为实际的行动。比如写一份Policy，然后在您所在的企业中推行和实施，完成这样的一个过程，才能真正成为Professional。\r\n以上是我的一点看法。目前国内的CISSP已经有了一定的数量，或许可以成立一个类似协会的组织，便于交流、促进和提高。

omni

Or something similar to ISSA:\r\nwww.issa.org

omni

可考之后，面对自己很多可学和可做的事情，又不知从哪里开始了。\r\n也许钻研某一方面是一个好主意。

\r\n\r\nIS Security Policy and Procedures are the most important area;\r\nPublic awareness is the most challenging topic;\r\nAnd, have you taken look into computer crime forensic area?\r\nhttp://www.cfenet.com/\r\n\r\nThis is a very interesting area - totally different from law enforcement perspective but the technology is the same.

tonydeck

cissp只是一个开始。愿各位Cissp为中国的IT安全事业做更大的贡献。做为一个IT Consultant，我深深感到，中国的IT安全事业实在太落后了！