- Overview
- Interview with Dr. Cole
- Student Comments
- Domain 1: Access
- Domain 2: Network
- Domain 3: Management
- Domain 4: Application
- Domain 5: Cryptography
- Domain 6: Architecture
- Domain 7: Operations
- Domain 8: Planning
- Domain 9: Law
- Domain 10: Physical
Featuring a total of 92 white papers in 10 domains.
| Special Categories | Last Updated |
|---|---|
| Last 25 Papers Added | August 9th, 2007 |
| Student Comments | April 20th, 2007 |
GIAC Research in The Common Body of Knowledge
Summary
This site offers several white papers on key issues included in the Common Body of Knowledge and is a rich source of resources for every person seeking CISSP® certification and technical expertise in network security and information security. Each paper is designed to be read in 30 minutes or less. New papers are added often. The papers are for your personal use or for you to use in sharing knowledge with co-workers inside your organization. They may not be posted on Internet reachable distribution systems like websites and torrents.
The 10 Domains
- 1. Access Control Systems and Methodology
- 2. Telecommunications and Network Security
- 3. Security Management Practices
- 4. Applications and Systems Development Security
- 5. Cryptography
- 6. Security Architecture and Models
- 7. Operations Security
- 8. Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)
- 9. Law, Investigations, and Ethics
- 10. Physical Security
Why Do You Need The Papers?
Because they help you prepare for the CISSP, GISP and GSEC security certifications.
How Do You Know These Papers Will Help Pass the Security Certification Exams?
Because the top rated CISSP trainer in the English-speaking world, Dr. Eric Cole, personally selected the topics, recruited the best expert on each topic, and vetted the content. Dr. Cole headed the red team focusing on internal threats at one of America's best known intelligence agencies, wrote one of the top selling books on hacker techniques, and has set the highest bar for teaching CISSP Common Body of Knowledge topics by ensuring students get knowledge they can put to work on the job as well as pass the tests. More than 4,000 people have spent a full week learning security with Dr. Cole and nearly half of them have written comments about how extraordinary they have found the experience:
I want to thank you much for presenting the material in a way that made the CISSP Exam-Prep course very much enjoyable. For most of the "dry" topics, your introduction of real world scenarios and/or your personal experiences allowed me to better comprehend the material.
- James Chon, Ernst and Young
You did a great job preparing us for that exam! When I sat for the exam it was like you were sitting next to me going through the questions with me (cue the "What would Eric do?" jokes). That was my first SANS class and I will definitely attend future SANS courses based on this very positive experience.
- Steve Joyce
The preparation I did for the certification was actually only participating on your course, listening to you and reading through the slides, so I must say that the course was really cool - thanx.
- Brian Jacobsen
Security Certification in 2007
Demand for skilled network security practitioners is surging as people, organizations, and countries place massive reliance on electronic data and systems and cyber crime grows in sophistication and menace. Sadly, as was the case with Y2K and other rapidly growing technology areas, a significant portion of people claiming to be network security experts have few hot technical skills and little or no background securing information systems. Employers looking for network security specialists, and organizations that hire security consultants all struggle to determine the actual security capabilities of the candidates.
Security certifications have emerged to help employers make that determination. The two most popular and trusted network and information security certifications today are the CISSP (Certified Information System Security professional) from (ISC)2® and the GSEC (GIAC Security Essentials Certification) from the SANS Institute.
While some people view these as competing certifications they are actually very complementary. CISSP tests very broad knowledge of security theory but does not go very deeply into current technology, skills or methods. GSEC is more focused on what security professionals actually have to do, and goes deeper in technical concepts. CISSP provides foundational information, theory and concepts across a wide range of areas. GSEC takes core areas and covers more technical information. For example CISSP covers security program management and development methodologies with no coverage of specific operating systems. GSEC has nearly one third of its focus on testing skills that people need to secure the most common and most important operating systems, so it test knowledge the professional can put to work immediately in their jobs.
During the past five years, people who knew network and information security theory and could and write about security were in great demand. Today, many of the people hired originally to write reports are being asked to take more of a hands-on role in actually securing the systems and networks. In this more demanding environment, security professionals who have earned both CISSP and GSEC report that they are both more marketable in today's more demanding hiring environment, and more effective in their jobs.
The Bottom Line
Earning both GSEC and CISSP certifications is a winning strategy for career growth through the rest of this decade.
If you have any questions, comments or need further assistance, feel free to contact us at anytime. We are always looking for new topics and new authors for papers. Email ecole@sans.org.
When it comes to certification training, our job is not done until you are certified and fully satisfied with the knowledge you learned.
