The Certified Information Systems Security Professional (CISSP) certification is consistently ranked as one of the most valuable and highly regarded IT and information security certifications available anywhere in the world. If you hold this credential, it demonstrates that you are highly experienced and knowledgeable in the field of cybersecurity and that you belong to the top professionals working in this field today.
Over 140,000 information security professionals will have earned their CISSP certification by the 1st of July 2020. Since its inception in 1994, the Certified Information Security Systems Professional (CISSP) Certification has been offered by (ISC), an international, nonprofit membership association that is widely regarded as the most prestigious cybersecurity professional organization in the world.
There are many reputed institutes offering CISSP training to aspiring individuals. It is intended to validate previous work experience in the field of information security as well as a working knowledge of various security principles and practices.
What are CISSP requirements?
Work experience, endorsement from one’s peers, adherence to a code of ethics, and passing the CISSP exam are some of the requirements for CISSP certification. A minimum of five years of direct experience working full-time in the security industry is required of candidates. There are provisions that allow for the requirement of one year of work experience to be waived if the applicant possesses either a bachelor’s degree from an accredited college or university, a master’s degree in information security, or any one of a number of other certifications.
(ISC)2 necessitates candidates to acknowledge and abide by the CISSP Code of Ethics and also to attest to the truthfulness of the details in their submitted application assertions about professional experience and background in order to fulfill their responsibility to build and maintain professionalism within the security industry. This is done in order to fulfill their responsibility to build and maintain professionalism within the security industry. Having said that, there is no doubt that they will also check the validity of those assertions.
The CISSP certification process is a three-hour, 150-question, multiple-choice exam. In order to pass this test, a candidate needs to earn a score of 700 or higher out of a possible 1000 points. The final requirement, but certainly not the least important one, is that a candidate must have an (ISC)2 certification holder who has accepted the CISSP Code of Ethics and attest to the candidate’s qualifications.
Although (ISC)2 does not publish a comprehensive list of the types of employment experience that qualify as relevant for the CISSP certification, the company does list the following jobs as ideal for holders of this certification in their promotional materials:
- Information Technology and Chief Information Security Officer
- Chief executive officer of information
- Engineer in charge of security systems
- Analyst of security
- Manager of security
- Auditor of security
- Architect of security
- Consultant of security
- Network architect
(ISC)2 examines the applicant’s security work experience, which must be included as part of the application for CISSP certification. The organization looks for elements that are indicative of the applicant’s educational and professional achievements. Particularly valuable are jobs that require a college degree, management experience, or the consistent application of security procedures, policies, and best practices.
Although a CISSP candidate may have held a wide variety of security positions in the past, they are required to demonstrate that their work experience is specific to at least two of the eight domains that make up the (ISC)2 CISSP Common Body of Knowledge (CBK).
It is important to note that even a candidate who does not have the necessary work experience to become a CISSP has the opportunity to become an Associate of (ISC)2 if they pass the CISSP exam with flying colors. After that, the Associate of (ISC)2 will have a total of six years to accumulate the required amount of experience to become certified as a CISSP.
The cost of taking the CISSP exam is $699. In some of the commercially available courses, a voucher covering the cost of this fee is included. Computerized Adaptive Testing is used to evaluate candidates’ command of the English language (CAT). In this form of computer-administered testing, the test items selected to be administered depend on the correctness of the test taker’s responses to previous items. In other words, the more questions the test taker gets right, the more test items they will be given. In this manner, the examination can be tailored to the ability level of the examinee.
The information that is covered in each of the eight domains that make up the CISSP CBK will be the source for the 100 to 150 test questions that will be on the CISSP exam. Each CBK domain has a different weight, as shown in the table below:
The exam for the Certified Information Systems Security Professional (CISSP) certifies a number of different skills in the following order:
- 10 percent of the total is allocated for asset security, and 15 percent goes toward risk and security management.
- Security of Networks and Communications accounts for 14% of the total.
- 13 percent of the budget was allocated to engineering and security architecture.
- 13 percent for the operation of the security systems
- 13 percent of all responses were related to IAM (Identity and Access Management).
- Evaluation and Testing of the Security System account for 12 percent.
- 10 percent of the total for software development security
The exam for the CISSP certification is a timed one. The maximum amount of time each candidate has to finish the exam is three hours. The questions on the exam are either of the multiple-choice or advanced innovative variety.
- The percentage of people who pass or fail the CISSP exam is not made publicly available. Although some providers of commercial training claim to have pass rates of more than 90 percent, this information is difficult to verify independently. In the field of information security, it is commonly accepted wisdom that less than half of candidates pass the CISSP exam.
- If a candidate’s initial attempt at the exam is unsuccessful, they will have the opportunity to retake it after a waiting period of thirty days. If they fail the test a second time, they have the option of taking it again after either 60 test-free days or 90 days from the date of their initial test. If they fail the exam a third time, they are eligible to retake it after 90 test-free days or 180 days after their first attempt at the exam, whichever comes first. Candidates have the opportunity to take an (ISC)2 exam a maximum of four times within a period of one year.