Introduction to CISSP® Course

1 CISSP®—Introduction

Hello and welcome to the CISSP® Certification Course offered by Simplilearn. Certified Information Systems Security Professional (CISSP®) is an autonomous information security certification governed by International Information Systems Security Certification Consortium or (ISC)²® (read as ISC square). A CISSP® is an information assurance professional who defines the architecture, design, management, and/or controls that assure the security of business environments. CISSP® was the first credential in the field of information to meet the stringent requirements of ISO/IEC Standard 17024. CISSP® is an objective measure of excellence and a globally recognized standard of achievement. In June 2004, the CISSP® became the first information security credential accredited by ANSI ISO/IEC Standard 17024:2003 (read as A-N-S-I I-S-O I-EC standard seventeen thousand twenty four) accreditation. The objectives of this domain will be discussed in the following screen.

2 Before you start

3 Objectives

After completing this lesson, you will be able to: Define CISSP List the different CISSP domains Explain the importance of CISSP Identify the various CISSP certification requirements Describe CISSP exam


CISSP® expands to Certified Information Systems Security Professional. The various features of CISSP® are as follows: It is the first certification in information security, which is globally recognized. The Certified Information Systems Security Professional (CISSP®) is an information assurance professional who has demonstrated a globally recognized level of competence provided by a common body of knowledge that defines the architecture, design, management, risk, and controls that assure the security of business environments. CISSP® is a Gold Standard and vendor-neutral IT security certification. The CISSP® is governed by the International Information Systems Security Certification Consortium or (ISC)²® (read as ISC square). The CISSP® curriculum covers subject matter in a variety of Information Security topics. The CISSP® examination is based on the Common Body of Knowledge (or CBK®). The CBK® is taxonomy—a collection of topics relevant to information security professionals around the world. In the subsequent screen, we will discuss the International Information Systems Security Certification Consortium, Inc. (read as incorporated) in detail.

5 (ISC)²®

(ISC)²® (read as ISC square) stands for International Information Systems Security Certification Consortium, Inc. (read as incorporated). Headquartered in the United States and with offices in London, Hong Kong, and Tokyo, the International Information Systems Security Certification Consortium, Inc. (ISC)²®, is the global, not-for-profit leader in educating and certifying information security professionals. They are recognized for Gold Standard certifications and excellent education programs. (ISC)2® is comprised of a global team of top information security professionals and managed by professional staff who work together with regional and topical Advisory Boards to tackle any and all new information security issues with zeal. (ISC)²® develops and maintains the (ISC)²® CBK or the Common Body of Knowledge, a compendium of information security topics. Let us look at the various domains in CISSP® in the next screen.

6 CISSP® Domains

CISSP domains are drawn from various information security topics within the (ISC)2 CBK (Read as: (ISC-squared C-B-K). Updated annually, the domains reflect the most up-to-date best practices worldwide, while establishing a common framework of terms and principles to discuss, debate, and resolve matters pertaining to the profession. CISSP CBK consists of the following eight domains: 1.Security and Risk Management: This domain includes the fundamentals of security, security governance, compliance law and regulations, professional ethics, security policies, business continuity, personnel security, risk management, threat modeling, and security awareness, training, and education. 2.Asset Security: This domain includes collection, handling, and protection of information throughout its lifecycle. The topics covered in this domain include information classification, ownership, privacy protection, asset retention and handling, and security controls. 3.Security Engineering: This domain discusses the concepts of secure design principles, security models, evaluation models, security architecture, cryptography, and physical security. 4.Communications and Network Security: This domain discusses network structures, countermeasures, transmission methods, transport formats, and security measures used to provide availability, integrity, and confidentiality. 5.Identity and Access Management: This domain includes physical and logical access control, identification, authentication, authorization, identity services, identity and access provisioning lifecycle, and attacks on access control and its countermeasures. 6.Security Assessment and Testing: This domain focuses on security control assessment and testing, testing strategies, testing reports, and internal and third party audits. 7.Security Operations: This domain discusses investigations, monitoring and logging, resource provision, security operations, disaster recovery, and incident, patch, vulnerability, and change management. 8.Software Development Security: This domain focuses on security in a software development lifecycle, applying security controls, and measuring security effectiveness and impact. Let us discuss the requirements of the CISSP certification in the next screen.

7 Benefits of CISSP® for Professionals

CISSP® or Certified Information Systems Security Professional provides many benefits for professionals. The benefits of CISSP® for professionals are: It helps in demonstrating a working knowledge of information security. It ensures that the professionals have commitment to profession. CISSP® offers a career differentiator, with enhanced credibility and marketability. CISSP® provides the exclusive benefits of valuable resources such as peer networking and idea exchange, for (ISC)² members. CISSP® indicates that certified information security professionals earn a worldwide average of 25% more than their non-certified counterparts, according to the Global Information Security Workforce Study. It helps to fulfill government and organization requirements for information security certification mandates. In the next screen, we will discuss how CISSP® is beneficial for employers.

8 Benefits of CISSP® for Employers

CISSP® adds its benefits not only to the professionals but also to the employers. The benefits of CISSP® for employers are as follows: CISSP® improves the credibility and value of the employees in the organization to a higher rank as the (ISC)²® certifications are recognized internationally. It offers an increased credibility and goodwill for the organization when working with vendors and contractors. CISSP® empowers the employees with a universal language, circumventing ambiguity with industry-accepted terms and practices. It validates the organization’s commitment and years of experience gained in the industry. It requires the Continuing Professional Education or CPE credits to ensure that CISSP® professionals improve their skills. CISSP® satisfies certification mandate requirements of the organization when dealing with service providers or subcontractors. In the following screen, we will discuss CISSP® Certification Requirements.

9 CISSP® Certification Requirements

Obtain the Required Experience Five years of direct full-time professional security work experience in two or more of the ten domains of the (ISC)²® (read as ISC square) CISSP® Common Body of Knowledge or CBK®. Four years of direct full-time professional security work experience in two or more of the ten domains of the CISSP® CBK® with a four-year college degree, or additional credential from the (ISC)²® approved list. In case of no experience, the candidates can become an Associate of (ISC)²® by successfully passing the CISSP® exam. He has six years to earn the required experience to become a CISSP®.

10 CISSP® Certification Requirements (contd.)

To register for the examination Register for the exam by visiting ISC2® official website. Click on the link for exam registration. Create a user account and then select Pearson Vue testing center for scheduling the exam. Appear for the exam on the scheduled date and pass the exam.

11 CISSP® Certification Requirements (contd.)

Complete the Endorsement Process The candidate is required to subscribe to the (ISC)²® Code of Ethics and has to get the application endorsed before the credential can be awarded. An endorsement form must be completed and signed by an (ISC)²® certified professional. The Professional should be an active member, and able to attest to your professional experience. The time limit for the Endorsement to become certified is nine months from the date of examination or become an Associate of (ISC)²®. If the candidate does not become certified or an Associate of (ISC)²® within nine months from the date of examination, he or she is required to retake the exam in order to become certified. (ISC)²® can act as an endorser, if the candidate is not able to find a certified individual to act as one. Please refer to the Endorsement Assistance Guidelines for additional information about the endorsement requirements.

12 CISSP® Certification Requirements (contd.)

The credential can only be awarded once the steps, discussed in the previous slide, have been completed and the form has been submitted. Please refer to the website for additional information about the endorsement requirements. Recertification is required every three years, with ongoing requirements to maintain the credentials in good standing. This is primarily accomplished through Continuing Professional Education or CPE (Read as: C-P-E); 120 CPE credits are required every three years. A minimum of 40 CPEs must be posted during each year of the three-year certification cycle. More information on qualifying CPEs will be available upon certification. CISSPs must pay an annual maintenance fee of $85 per year. Audit: Passing candidates will be randomly selected and audited by (ISC)² Services prior to issuance of any certificate. Multiple certifications may result in a candidate being audited more than once. Let us discuss the CISSP examination details in the following screen.

13 CISSP® Examination

Exam Format: The CISSP examination consists of 250 multiple choice questions with four choices each. Only 225 questions are graded, while 25 are used for research purpose. There may be scenario-based questions, which may have more than one multiple choice question associated with it. Drag and drop, and hotspot questions will be there as well. There is no penalty for incorrect answers. So, candidates should not leave any question unanswered. Exam Duration: The maximum duration of the CISSP exam is 6 hours. Please note that there will be no lunch break during the testing period. However, you are permitted to bring a snack with you. You may, at your option, take a break and eat your snack at the back of the examination room. No additional time will be allotted for breaks. Exam Passing Grade: Examination results will be based only on the scored questions of the examination. There are several versions of the examination. Each candidate has an equal opportunity to pass the examination. Subject Matter Experts or SMEs have provided inputs regarding the difficulty level of all the questions used in the examinations. The information is used to develop examination forms that have comparable difficulty levels. When there are differences in the examination difficulty, a mathematical procedure called Equating is used to make the difficulty level of each test form equal. As the number of questions required to pass the examination may be different for each version, the scores are converted onto a reporting scale to ensure a common standard. The passing grade required is 700 out of a possible 1000 points on the grading scale. Examination Results: Computer-Based Test or CBT results are displayed when the candidate submits the exam. For paper-based exams, results are released via email within 4 to 6 weeks of the examination date. A comprehensive statistical and psychometric analysis of the score data is conducted prior to the results. To retake the exam, candidates must wait for 30 days from the date of the first attempt. From the date of the second attempt, candidates must wait for 90 days to retake the exam. From the date of the third attempt, candidates must wait for 180 days to retake the exam. After this, the cycle is repeated. Let us discuss the CISSP examination fees in the next screen.

14 CISSP® Examination (contd.)

Examination Fees: The exam fee is USD (read as US dollar) 599 for both paper-based test and computer-based test. Examination Type: From September 1st, 2012 (read as twenty twelve), (ISC)²® (read as ISC square) offers only computer-based testing or CBT for all of its certification exams. For candidates located in areas outside of 75-mile (read as seventy-five mile) radius from an approved testing center, a case-by-case basis paper-based exam is offered.

15 Conclusion

This concludes the Introduction. The next domain is ‘Security and Risk Management.’

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Phone Number*
Job Title*