From: G. Matthew Rice <[EMAIL PROTECTED]> > Dang and I was already attached to the previous mapping.
I brought this up back in 2004-2005 IIRC. ;) > I'll attempt a mapping to these, too, but I do like the > 'marketing' spin on the CISSP side. The SSCP is a subset of the CISSP CBK. The SSCP is, literally, the "System Security Certified Practitioner." It is, literally, the system-focused CBK. The CISSP gets all the glory because it requires at least three (3) years of experience (with credentials), while the SSCP requires half that or can even be credited for other things. The CISSP is also more abstractly focused on the "architect" role, whereas the SSCP is more of the "sysadmin" aspect. But if you start breaking down the CISSP CBK, a lot of things are more development or network-centric, not services and system concepts. That's why the SSCP is more appropriate, technically. I have the same issue with people on MBA v. MSIE. Most people have never heard of Industrial Engineering, and say I should get a MBA. Yet everyone I've ever met that has worked with a MSIE will instantly go against the grain and say, "sorry, if I have the choice of a MBA or MSIE, I will take the MSIE" -- even if those people are few. But that all aside, the MSIE is far more applicable to my job function, management and microeconomics of technology. It picks up where my 2 years of microeconomics and risk management classes in my BSEE core left off and continues to use calculus of variations to explain systems. In fact, I sat in two MBA classes at my Alma Matter, and I could not believe that they were doing stuff that I had already had in my first year of engineering management, and definitely simplified (either algebra or first order calculus). It was _not_ "review" either, so it was like I'd be going backwards. A MBA might be fine for the majority of people who don't have an engineering degree, like coming from arts or non-engineering sciences, but it's really not much of one for those of us who do. Same deal on the CISSP. Are we going to test based on a book of knowledge that spends half of its time testing for networking concepts that are generic to OSes? Or one that really really focuses on system details and their services, which could be well-mapped and adapted for a specific platform like Linux? > Besdies, who's ever heard of the SSCP? I can't > even get the acronym correct when I speak of it. > Always ends up as CSSP, SCCP, CCCP, ... :) I know it's a joke, but ... It's still the (ISC)2. If you ask them, I'm sure some would even agree it's more applicable. Again, it's not about marketing, but reality in my view. > No, they're in 303. In host-based AC but it'll > probably get broken out. > ... I'll leave all of DAC, MAC and RBAC in the > 303 for now. We can always push some of it down into > LPIC-2 at some point. Okay then. > No doubt on that. We seem to have picked some token and > ubiquitous services but people want to seem to focus that > way. My point was that the tasks can probably be broken out better. > Ah, I wasn't thinking a total mapping but an > 'applied subset' (by applied, I mean non-theory). The CISSP really gets into conceptual things, not applied tasks, for half the exam. The SSCP does that somewhat too in its CBK, but it really does map well to actual, system tasks. Again, "System Security Certified Practitioner." If I was interested in focusing on network IDS, policies and procedures, etc..., then yes, CISSP. I've been there, I've done that. A lot of things just don't map. But for system security, no, SSCP is better in my view. Hell, say it's "based on the (ISC)2 CISSP and SSCP CBKs" in marketing, but map to the SSCP. Change the objectives to be generic, but you'll find the SSCP maps far more to actual tasks that can be accomplished for system and service security of a Linux system. _______________________________________________ lpi-examdev mailing list lpi-examdev@lpi.org http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
