CISSP Certification Overview
The need for a standardized certification program in information systems security started in the mid-1980s; benchmarks were needed that would provide structure and demonstrate competence among IT security professionals. In 1989, the non-profit organization, International Information Systems Security Certification Consortium or "(ISC)2" formed with this professional training goal in mind.
The (ISC)2 developed the CISSP, or Certified Information Systems Security Professional, an independent information security certification. Since its inception, CISSP has led to industry acceptance of this global standard and its requirements.
The CISSP Examination and the CBK
The CISSP certification examination is based on a Common Body of Knowledge (CBK) as defined by the ISC. This is a common framework of ten terms and principles that information security professionals worldwide use to discuss, debate and resolve matters pertaining to the profession.
Information security has long held confidentiality, integrity and availability (known as the CIA triad) to be the core principles of information security. The CISSP CBK attempts to balance these three core values across the ten CBK domains:
- Access Control
- Software Development Security
- Business Continuity and Disaster Recovery Planning
- Information Security Governance and Risk Management
- Legal, Regulations, Investigations and Compliance
- Operations Security
- Physical (Environmental) Security
- Security Architecture and Design
- Telecommunications and Network Security
CISSP Requirements and Professional Training
To become a CISSP you must meet the following requirements*:
- At least five years of direct full-time security work experience in two or more of the ten above-mentioned CBK domains. You may earn a one year waiver if you have a four-year college degree, a Master’s degree in Information Security, or one of several other certifications.
- Attest to the truth of your professional experience and accept the CISSP Code of Ethics.
- Answer four background and criminal history questions.
- Pass the CISSP exam with a scaled score of 700 points or greater out of 1000 possible points.
- Have another CISSP in good standing endorse your work experience and qualifications.
The CISSP certification is valid for three years, and can be renewed by re-taking the exam. A more common renewal method is to complete at least 120 Continuing Professional Education (CPE) credits since your last renewal.
To keep your CISSP certification, you must earn and submit a total of 120 CPEs by the end of your three-year certification cycle. Payment of an $85 Annual Membership Fee for each year of the three-year certification cycle is also required.
You can earn your CPEs by attending seminars and conferences, taking and/or teaching classes, volunteering, engaging in professional writing, or other professional training activities in areas covered by the CBK. You will usually earn one CPE for each hour of time spent; preparing training for others earns 4 CPEs/hour, published articles are worth 10 CPEs, and published books 40 CPEs.
Benefit From a Villanova Master Certificate – 100% Online!
Average Annual Salary
U.S. Cybercrime Net Cost
PROJECTED JOB GROWTH
SSCP®, CAP® & More
*Certification requirements are subject to change. Prospects should consult with certifying association for current requirements.
Statistics used are sourced from: 2011 (ISC)2 Global IS Workforce Study (salary); Norton Cybercrime Report 2011 (net cybercrime cost); and Bureau of Labor Statistics 2010-11 Occupational Outlook Handbook (projected job growth).