CISSP: Certified Information Systems Security Professional

Learn how Adaptive Multi-Factor Authentication combats data breaches, weak passwords, and phishing attacks.
Read more
Okta
Updated: 07/25/2022 - 2:01
Time to read: 5 minutes

Earning a CISSP (Certified Information Systems Security Professional) certification can enhance and advance your IT and information security career, proving that you have exceptional technical expertise, knowledge, and abilities in the field of cybersecurity.

A CISSP is designed for security analysts to prove mastery in eight different domains, or the common body of knowledge (CBK) framework, which includes both technical and managerial knowledge. The CISSP certification requires at least five years of experience as a security professional, a background check, and passing of the CISSP examination.

Once certified by the International Information Systems Security Certification Consortium, or (ISC)2, a CISSP has more earning and career advancement potential.

What positions benefit from CISSP?

The CISSP is a specialized certification created by the (ISC)2 that can indicate advanced information security knowledge, technical abilities, and managerial skills. Experienced security practitioners can seek the CISSP to validate extensive IT/IS knowledge and for career advancement opportunities and salary increases.

The following IT professionals can benefit from securing a CISSP certification:

  • Chief information officer (CIO)
  • Chief information security officer (CISO)
  • Security manager
  • IT director/manager
  • Directory of security
  • Security systems engineer
  • Security architect
  • Security analyst
  • Security auditor
  • Security consultant
  • Network architect

The CISSP can designate you as an experienced cybersecurity professional.

What is the CISSP?

The CISSP certification includes a broad range of cybersecurity skills. It requires demonstrated knowledge and proficiency in the ability to manage risks, develop security policies, understand technical security controls, design and implement an information security platform, and manage cybersecurity from an enterprise standpoint.

The CISSP examination is a three-hour, 150-question exam that will test your knowledge in the following Common Body of Knowledge (CBK) domains:

  1. Security and Risk Management
  2. Asset Security
  3. Security Engineering
  4. Community and Network Security
  5. Identity and Access Management
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security

CISSP certification process

To obtain the CISSP certification, you will need to pass the CISSP examination with a passing score of 700 out of 1,000 points. The test costs $749 per try, and it often takes more than one attempt to pass it.

You will need to subscribe to the (ISC)2 Code of Ethics and have the endorsement from another (ISC)2 professional. You will also need to pass a background check on criminal history and related issues.

To qualify for the CISSP, you must have at least five years of experience as a professional in the information security field. Additionally, this work experience needs to be directly within two of the eight domains listed in the (ISC)2 CBK framework.

You can become an Associate of (ISC)2 without this work history after passing the exam. Then, you can take up to six years to gain the necessary and required career experience to obtain and apply for the CISSP certification.

There are waivers for some of the professional experience that can include additional IT credentials approved by the (ISC)2. If you have a college degree, you may also qualify for professional experience waivers.

Once certified, you are required to pay an $85 annual maintenance fee and commit to either 40 annual continuing education credits (CPEs) or retake the test every three years to recertify. Continuing education is necessary to prove continued proficiency and commitment to the field as it advances. You will need to obtain 120 CPEs in the three years after passing the CISSP exam to keep your certification.

Preparing for the CISSP

To prepare for the CISSP exam, the (ISC)2 offers a number of different types of resources from instructor-led classroom-based sessions to self-guided study tools and team training for ten or more employees. The official training seminar for the CISSP course provided by the (ISC)2 can prepare security professionals for the exam.

When looking to become CISSP certified, you will need to have the required technical knowledge and work experience prior to taking the exam. This includes knowledge of access control and architecture for protecting data and information system assets and being able to explain these issues.

You should understand operations policies for incident response, and be able to recommend improvements and explain the importance of disaster recovery policies while demonstrating various effective strategies to clients. You will need to discuss the advantages and disadvantages of different cryptographic protocols and use this analysis to make a recommendation on business security needs. You should be able to create information security standards, procedures, policies, and guidelines from a business standpoint.

Proficiency in specific technical knowledge is also expected and tested through the CISSP exam. This can include the following:

  • Network architecture and design
  • Implementation of network architecture to anticipate potential threats and best uses even with limited resources
  • Understanding of software security applications and life cycle effectiveness
  • Collection of digital forensic evidence and maintaining the integrity of collected evidence
  • Knowledge of physical security systems and value added to network security systems

Benefits of CISSP certification

Obtaining the CISSP certification can validate your expertise and experience as an advanced information systems and IT professional. It is a highly regarded and sought-after certification in the IT information security field. The opportunity for advancement, along with job security, is greater with the CISSP certification than without it.

Unemployment rates for a certified CISSP are virtually nonexistent. The field is growing at exponential rates. The Certified Information Systems Security Professional is the sixth highest paying IT certification, (ISC)2 publishes, and the average salary is over $140,000 per year.

Earning a CISSP is similar to earning a master’s degree in IT security. It can show that you are a highly trained and experienced professional in the field of cybersecurity with a high level of both technical and management skills.

References

(ISC)2. (2021). (ISC)2, Inc.

(ISC)2 Code of Ethics. (2021). (ISC)2, Inc.

Certification Exam Prep. (2021). (ISC)2, Inc.

Official (ISC)2 Training Seminar for the CISSP Course Outline. (2021). (ISC)2, Inc.