Certified Information Systems Security Professional – CISSP

The Certified Information Systems Security Professional (CISSP) is a globally recognized certification in the field of information security, which validates an individual’s ability to effectively design, implement, and manage a top-notch cybersecurity program. It’s governed by the International Information System Security Certification Consortium, or (ISC).

The CISSP certification is designed for experienced security practitioners, managers, and executives interested in proving their knowledge across a wide array of security practices and principles. It’s often considered as a standard of achievement that’s acknowledged worldwide.

CISSP is divided into eight common body of knowledge (CBK) domains:

1. Security and Risk Management
2. Asset Security
3. Security Architecture and Engineering
4. Communication and Network Security
5. Identity and Access Management
6. Security Assessment and Testing
7. Security Operations
8. Software Development Security

Each of these domains is a deep well of knowledge in itself and focuses on a specific area of information security, thereby ensuring a holistic understanding and approach towards implementing and managing an Information Security Management System (ISMS).

The CISSP certification isn’t just about passing an exam – it’s a demonstration of deep understanding and hands-on experience in the information security field. After getting certified, CISSPs are expected to maintain their certification through continuous learning and staying updated with the latest in the field.

In the subsequent sections, we’ll delve into the specifics of who should consider getting a CISSP certification, prerequisites, preparation strategies, and more.

Who Should Consider the CISSP Certification?

The CISSP certification is designed for experienced professionals in the field of information security, who are involved in designing, managing, and making decisions related to the overall security posture of an organization.

This may include roles such as:

• Security Consultants
• Security Managers
• IT Directors/Managers
• Security Auditors
• Security Architects
• Security Analysts
• Security Systems Engineers
• Chief Information Security Officers
• Director of Security
• Network Architects

The certification can also be useful for professionals looking to transition into these roles from other areas of IT, or professionals who already have some level of responsibility for information security within their current role.

CISSP certification serves as evidence of your knowledge and competency in information security, thereby providing a competitive edge in the job market. It’s recognized globally and often a prerequisite for many advanced information security roles.

For those looking to specialize in specific areas of information security, (ISC)² offers concentrations under CISSP such as ISSAP (Architecture), ISSEP (Engineering), and ISSMP (Management).

However, it’s worth noting that CISSP isn’t an entry-level certification. It requires a certain level of experience and deep understanding of information security. If you’re starting in the field, other certifications like CompTIA Security+ might be more suitable.

What are the prerequisites for the CISSP certification?

Earning a CISSP certification requires not only knowledge and skills but also substantial professional experience in information security. (ISC)², the organization that offers the CISSP certification, has set a few prerequisites that candidates must meet:

1. Work Experience: Candidates must have at least five years of full-time, paid work experience in at least two of the eight domains of the CISSP CBK (Common Body of Knowledge).
2. Educational Credits: A one-year experience waiver can be granted if the candidate holds a four-year college degree (or a regional equivalent), or an approved credential from the (ISC)² approved list, reducing the required experience to four years.

It’s worth noting that full-time experience means the candidate must have worked a minimum of 35 hours per week in a given domain. Part-time work can also be considered, where 20-34 hours of work per week will count as half of a year’s experience, and 35 hours or more per week will account for a full year of experience.

If you don’t have the required work experience, you can still pass the CISSP examination. You’ll then receive an Associate of (ISC)² designation, giving you up to six years to earn the work experience needed for the CISSP.

CISSP Certification Exam Coverage

The CISSP certification covers a wide range of topics that constitute the eight domains of the (ISC)² CISSP CBK (Common Body of Knowledge). Each domain represents a specific percentage of the examination, reflecting its weightage. Here’s a brief look at each domain:

1. Security and Risk Management: This domain covers key topics, including confidentiality, integrity, and availability concepts; security governance principles; compliance; legal and regulatory issues; professional ethics; and risk management.
2. Asset Security: This involves protecting the data the organization owns. Topics include information and asset classification; ownership; privacy protection; appropriate retention; data security controls; and handling requirements.
3. Security Architecture and Engineering: This includes the principles of secure design and architecture; web-based systems vulnerabilities; mobile systems vulnerabilities; IoT vulnerabilities; and cryptographic systems and physical security.
4. Communication and Network Security: It involves designing and protecting network security. Key topics are secure design principles for network architecture and network components; secure network operations; secure communication channels; and network attacks.
5. Identity and Access Management: This domain encompasses identity as a service, different types of access controls, and identity and access provisioning lifecycle.
6. Security Assessment and Testing: This includes the design and validation of assessment, test, and audit strategies.
7. Security Operations: It involves foundational concepts, investigations, incident management, disaster recovery, and managing physical security.
8. Software Development Security: It includes understanding, applying, and enforcing software security, including the software development lifecycle and its required controls.

Each of these domains intertwines to provide a comprehensive perspective on information security, making CISSP a highly sought-after certification for security professionals globally.

Format of The CISSP Examination

The CISSP examination is a computer-based test (CBT) conducted at Pearson VUE Testing centers around the world. The exam format is as follows:

• The CISSP exam contains 100 to 150 questions.
• The questions are a mix of multiple-choice questions and advanced innovative questions.
• The length of the exam is three hours.
• The exam is scored on a scale of 0-1000 points, and the passing score is 700.

The questions are drawn from the eight domains of the (ISC)² CISSP CBK (Common Body of Knowledge) with varying degrees of weightage. They test not just the candidate’s recall of knowledge but also their ability to apply concepts and think critically under different scenarios.

What happens after I pass the CISSP examination?

Passing the CISSP examination is a significant accomplishment, but there are a few more steps to complete before you can call yourself a CISSP.

1. Endorsement: Once you pass the exam, you need to complete the endorsement process. This involves having your professional experience validated by another (ISC)² certified professional. They will verify your professional work experience and vouch for your information security knowledge.
2. Certification Awarded: After your endorsement application has been approved, which may take up to six weeks, (ISC)² will award you the CISSP certification.
3. Adherence to the Code of Ethics: As part of becoming a CISSP, you are required to adhere to the (ISC)² Code of Ethics. This ensures that you apply the best practices in your professional role and contribute positively to the information security domain.
4. Continuing Professional Education (CPE) Credits: To maintain your CISSP certification, you must earn Continuing Professional Education (CPE) credits. Over three years, you should earn a total of 120 CPEs. You are also required to pay the Annual Maintenance Fee (AMF).
5. Recertification: Recertification is required every three years. The recertification process involves earning the required CPE credits and paying the AMF.

Becoming a CISSP is a journey of professional development. It opens up new opportunities and is a testament to your expertise and dedication to the information security domain.

Benefits of CISSP Certification

The CISSP certification is recognized globally as a standard of achievement that confirms an individual’s knowledge in the field of information security. The benefits of obtaining a CISSP certification are many:

1. Career Advancement: CISSP certification can help you move up the career ladder. Many organizations now demand this certification for senior IT security roles.
2. Increased Earning Potential: On average, CISSPs earn higher salaries compared to non-certified IT professionals.
3. Expanded Knowledge Base: The certification process helps you cover a wide range of subjects related to information security, broadening your knowledge and understanding of complex security concepts.
4. Professional Networking: Being a CISSP opens the door to a global community of information security professionals, offering you opportunities to network and exchange knowledge.
5. Employer Confidence: Having a CISSP certification reassures employers of your skills, dedication, and commitment to the field of information security.

In the rapidly evolving world of information security, becoming a CISSP can provide a significant boost to your career prospects and professional credibility.

How is the CISSP certification valued in the job market?

Employers increasingly value professionals who can demonstrate validated skills and a commitment to continuous learning. The CISSP certification has gained widespread recognition and respect in the job market due to its rigorous nature and comprehensive content.

1. Preferred by Employers: The CISSP is often a preferred, if not mandatory, requirement in job descriptions for senior-level information security roles. This is testament to the credibility and value employers place on this certification.
2. Global Recognition: The CISSP is a globally recognized certification. It signifies that the holder has advanced knowledge of information security and the practical application of security concepts.
3. Proof of Dedication and Commitment: The considerable effort needed to earn the CISSP certification shows employers that the holder is dedicated and committed to their professional development and to the field of information security.
4. Versatility: The comprehensive nature of the CISSP curriculum ensures that its holders have a wide-ranging understanding of information security, making them suitable for various roles within the industry.
5. Higher Salary Potential: On average, professionals with a CISSP certification earn considerably more than their non-certified counterparts. This is reflective of the value organizations see in CISSP-certified professionals.