Articles & Resources > Cybersecurity >

CISSP Certification Overview

CISSP Certification Overview

A woman at her desk typing on her computer with another woman in the background talking on an office phone.

Last Updated May 8, 2012

The demand for a standardized certification program in information systems security started in the mid-1980s. Benchmarks were needed to provide structure and demonstrate competence among IT security professionals. In 1989, the non-profit organization, International Information Systems Security Certification Consortium or (ISC)2 formed with this professional training goal in mind.

The (ISC)2 developed the CISSP, or Certified Information Systems Security Professional, an independent information security certification. Since its inception, CISSP has led to industry acceptance of this global standard and its requirements.

The CISSP Examination and the CBK

The CISSP certification examination is based on a Common Body of Knowledge (CBK) as defined by the ISC. This is a common framework of eight terms and principles that information security professionals worldwide use to discuss, debate and resolve matters pertaining to the profession.

Information security has long held confidentiality, integrity and availability (known as the CIA triad) to be the core principles of information security. The CISSP CBK attempts to balance these three core values across the eight CBK domains:

  • Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
  • Asset Security (Protecting Security of Assets)
  • Security Engineering (Engineering and Management of Security)
  • Communication and Network Security (Designing and Protecting Network Security)
  • Identity and Access Management (Controlling Access and Managing Identity)
  • Security Assessment and Testing (Designing, Performing and Analyzing Security Testing)
  • Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
  • Software Development Security (Understanding, Applying and Enforcing Software Management)

CISSP Requirements and Professional Training

To become a CISSP, professionals must typically meet the following requirements:

  • At least five years of direct full-time security work experience in two or more of the eight above-mentioned CBK domains. You may earn a one year waiver if you have a four-year college degree, a Master’s degree in Information Security, or one of several other certifications
  • Attest to the truth of your professional experience and accept the CISSP Code of Ethics
  • Answer four background and criminal history questions
  • Pass the CISSP exam with a scaled score of 700 points or greater out of 1000 possible points
  • Have another CISSP in good standing endorse your work experience and qualifications

Ongoing Certification

The CISSP certification is valid for three years, and can be renewed by re-taking the exam. A more common renewal method is to complete at least 120 Continuing Professional Education (CPE) credits since your last renewal.

To keep your CISSP certification, you must earn and submit a total of 120 CPEs by the end of your three-year certification cycle. Payment of an $85 Annual Membership Fee for each year of the three-year certification cycle is also required.

You can earn your CPEs by attending seminars and conferences, taking and/or teaching classes, volunteering, engaging in professional writing, or other professional training activities in areas covered by the CBK. You will usually earn one CPE for each hour of time spent; preparing training for others earns 4 CPEs/hour, published articles are worth 10 CPEs, and published books 40 CPEs.

Benefit From a Villanova Certificate – 100% Online!

Average Annual Salary


The 2015 (ISC)2 Global IS Workforce Study said cybersecurity certification can pay off: (ISC)2-certified professionals average $99,759 annually – $18,458 more than those without it.

U.S. Cybercrime Cost

$15.4 million per organization, per year

According to a 2015 report by Hewlett Packard and the Ponemon Institute of Cyber Crime, the financial impact of Internet-related crimes is staggering, which is why professionals with cybersecurity skills are often in high demand.



Job opportunities for computer and information systems managers are projected to grow steadily through 2024.