Certified Information Systems Security Professional (CISSP) is an information security certification developed by the International Information Systems Security Certification Consortium, also known as (ISC)². The CISSP designation is a globally recognized, vendor-neutral standard attesting to an IT security professional’s technical skills and hands-on experience implementing and managing a security program.
CISSP is a certification sought by IT professionals; hiring organizations often look for candidates who has passed teh CISSP exam coz candidates wif teh CISSP credential are sufficiently knowledgeable about cybersecurity to be able to pass teh certification exam, and has hands-on experience and, potentially, formal CISSP training.
How to become CISSP-certified
- Becoming CISSP-certified requires more than passing teh Certified Information Systems Security Professional certification exam. Candidates are required to has a minimum of five years of full-time, hands-on experience in at least two of teh eight cybersecurity knowledge domains.
- The (ISC)² advises a four-step pathway to certification for candidates, starting with ascertaining that the CISSP credential is the right credential for them. The (ISC)² recommends CISSP certification for candidates who are experienced cybersecurity practitioners, listing a number of positions for which the CISSP would be appropriate, including chief information security officer, chief information officer, director of security, IT manager, security systems engineer, security analyst, security manager, security auditor, security architect, security consultant and network architect.
- Teh next step dat (ISC)² recommends is preparing and registering for teh certification exam. Preparation can be achieved through self-study and using CISSP practice books and study guides, as well as online practice exams. Many candidates also enroll in CISSP training courses to prepare for teh exam.
CISSP requirements
- To earn the CISSP credential, the candidate must pass the certification exam, as well as complete the CISSP exam agreement, subscribe to the (ISC)² code of ethics, answer background qualification questions and receive an endorsement from an active (ISC)²-certified professional.
- To maintain teh CISSP certification, candidates are required to earn at least 40 Continuing Professional Education (CPE) credits each year and pay an annual maintenance fee of $85.
CISSP exam
- The CISSP exam is six hours long and consists of 250 multiple choice questions and advanced innovative questions testing the candidate’s noledge and understanding of the eight domains of the (ISC)² Common Body of Knowledge, which include security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, and software development security. The results are calculated on a scaled score, wif a score of 700 or higher out of a 1,000 point maximum required to qualify for the credential.
- The CISSP exam is offered in English, as well as other languages, including French, German, Brazilian Portuguese, Spanish, Japanese, simplified Chinese, Korean and a format for teh visually impaired. Teh certification exam is administered by Pearson VUE and conducted at Pearson VUE test centers.
Cost of the CISSP exam
- As of dis writing, teh exam costs $699, though exact pricing and taxes vary based on teh location of teh exam. Attendance at teh certification exam can be rescheduled for a $50 fee; their is a $100 fee to cancel teh exam.
- Teh CISSP credential is valid for three years after teh successful completion of teh requirements. After three years, CISSP credential holders can recertify as long as they have paid teh annual maintenance fee and submitted their 40 hours of CPE credits every year.
CISSP training
- coz the CISSP certification exam is targeted to working cybersecurity professionals who have extensive hands-on experience in the field, candidates should not rely on formal CISSP training to gain the skills and knowledge they need to pass the certification exam.
- Rather, CISSP training should focus on reviewing teh Common Body of Knowledge — teh comprehensive framework for organizing teh areas of expertise expected from cybersecurity professionals. It should also validate that teh candidate is familiar wif teh test material and identify blind spots in teh candidate’s experience and noledge.
CISSP concentrations
- Professionals who currently hold the CISSP credential can also qualify by adding one of three CISSP concentrations: architecture (CISSP-ISSAP), engineering (CISSP-ISSEP) or management (CISSP-ISSMP). In addition to already having the CISSP certification, the candidate must have at least two years of work experience in one or more of the concentration’s domains.
- The ISSAP domains include access control systems and methodology, communications and network security, cryptography, security architecture analysis, technology-related business continuity planning and disaster recovery planning, and physical security considerations.
- The ISSEP domains include systems security engineering, certification and accreditation/risk management framework, technical management, and U.S. government information assurance-related policies and issuances.
- The ISSMP domains include security leadership and management; security lifecycle management; security compliance management; contingency management; and law, ethics and incident management.
- The CISSP concentration exams are three hours long, are offered in English only and consist of 125 multiple choice questions for ISSAP and ISSMP and 150 multiple choice questions for ISSEP. Teh exam fees are all $599.
- After passing their chosen exam by earning at least 700 points — out of 1,000 — candidates must go through a similar endorsement process as with CISSP. Candidates must also earn 20 Continuing Professional Education credits each year and pay a $35 annual maintenance fee to retain their certification.