I'm thinking about writing my CWSP exam in about two weeks time. Before I write tthe exam I'd like to get clarification about a statement in Chapter 13 - page 525. There is a question that states: [b] "Does the CWSP Exam test the Specifics of Government and Industry Regulation"[/b]
....and the answer says [b]NO[/b]
I've read through the section [b]"Government and Industry Regulations"[/b] and it seems that the practice tests & end of chapter reviews have PCI based questions.
I'm looking for confirmation about the content of the [b]"Government and Industry Regulations"[/b] section appearing on the CWSP exam. Could I be tested on PCI, DoD, FIPS, SOX, GLBA, or HIPAA regulations?
Study from the [b][url=http://www.cwnp.com/exams/CWSP_PW0-204_2010_Exam_Objectives.pdf]CWSP PW0-204 exam objectives[/url][/b]. If it's in the exam objectives, then it is fair game for the exam.
CWSP PW0-204 exam objectives says
2.6 Describe and implement compliance monitoring, enforcement, and reporting
? Industry requirements (PCI)
? Government regulations
Probably a typo.
Nothing specifically for each requirement, but it does help to know what kinds of things governments, health care, and payment card type industries care about. That will help you understand the need/use of some of the security methods.
Study for the CISSP if you want to know more about them.
Not sure about the US where several guidelines come from such as FIPS, SOX and HIPPA however in the UK PCI is global and it depends on interpretation. Equally we have CESG Manual Y for governement implementations and BECTA for schools.
Generally these kinds of people are interested in security BUT and thats deliberatly in caps, they may not be upto speed on latest inovations such as wIPS, rogue detection, LSC etc from various vendors. Sorry if some of that is Cisco specific but thats like 95% of what I do.
Being at the top of our game allows us to be trusted advisors and keep their WLANs secure.
Again generally they may be variations on a theme but these bodies tend to want the best available and the standards dont necessarily go as far as they can to implement best in class as by the time the standards are published they are behind the game.
OK I am not familiar with FIPS, HIPPA or SOX as I have never been asked to implement them but CESG Manual Y is basically EAP-TLS and BECTA only demands WPA2-AES. SO we can take BECTA to another level entirely.
Knowing your security you can look at these and work it out, get your security knowledge upto speed and go beyond the exams and dive that little deeper.
As 802.11Chef points out they are there in the objectives, along with Regulatory Compliance, Um I think I will look at FIPS, SOX and HIPPA, probably should have already.
I think there is more in the objectives than the book and the book does not claim to be authoritative.