CISSP Exam Requirements
Certified Information Systems Security Professional Certification was the first technology-related credential to earn ANSI/ISO/IEC Standard 17024 accreditation, making it the Gold Standard within the information security industry. This makes CISSP is one of the most sought after certification and a globally recognized standard of achievement.CISSP practice exams can help candidates clear it in the first attempt.
Once you achieve your CISSP certification you become member of elite network of information security professionals and you also enjoy exclusive benefits as an (ISC)² member, including valuable resources such as access to leading industry conference registrations worldwide, access to information security webinars, subscription to—InfoSecurity Professional which is (ISC)2’s members-only digital magazine, access to a Career Center with current job listings, peer networking and idea exchange, and others.
The (ISC)2 board of directors continually review the entire spectrum of the consortium’s education and certification programs to ensure that (ISC)2 continues to provide the “gold standard” of professional certification in the information security industry. To maintain the rigorous standard of CISSP and to meet the challenges of ever increasing threat environment, the (ISC)2 has set following requirements for the achieving CISSP certification.
The requirements include the following components:
Applicants must have a minimum of five years of direct full-time security professional work experience in two or more of the ten domains of the (ISC)² CISSP CBK, OR
Four years of direct full-time security professional work experience in two or more of the ten domains of the CISSP CBK with a four-year college degree or a credential from the (ISC)2-approved list, OR
If you don’t have the experience you can become an Associate of (ISC)² by successfully passing the CISSP exam. You’ll have six years to earn your experience to become a CISSP.
Note that only one year experience exemption is granted for education. Then again, there is a one-year waiver of the professional experience requirement for holding an additional credential on the (ISC)2 approved list. Valid experience includes information systems security-related work performed as a practitioner, auditor, consultant, investigator or instructor, that requires Information Security knowledge and involves the direct application of that knowledge. The five years of experience must be the equivalent of actual fulltime Information Security work (not just Information Security responsibilities for a five year period); this requirement is cumulative, however, and may have been accrued over a much longer period of time.
Ten domains of CISSP CBK
CISSP is divided into 10 areas or domains, known collectively as the ‘Common Body of Knowledge CBK’. These domains are:
- Access Control
- Telecommunications and Network Security
- Information Security Governance and Risk Management
- Software Development Security
- Security Architecture and Design
- Security Operations
- Business Continuity and Disaster Recovery Planning
- Legal, Regulations, Investigations and Compliance
- Physical (Environmental) Security
CISSP Professional Experience Requirements
CISSP professional experience includes but not limited to:
- Work requiring special education or intellectual attainment, usually including a liberal education or college degree.
- Work requiring habitual memory of a body of knowledge shared with others doing similar work.
- Management of projects and/or other employees.
- Supervision of the work of others while working with a minimum of supervision of one’s self.
- Work requiring the exercise of judgment, management decision-making, and discretion.
- Work requiring the exercise of ethical judgment (as opposed to ethical behavior).
- Creative writing and oral communication.
- Teaching, instructing, training and the mentoring of others.
- Research and development.
- The specification and selection of controls and mechanisms (i.e. identification and authentication technology) (does not include the mere operation of these controls).
- Applicable job title examples are: CISO, Director, Manager, Supervisor, Analyst, Cryptographer, Cyber Architect, Information Assurance Engineer, Instructor, Professor, Lecturer, Investigator, Computer Scientist, Program Manager, Lead etc.
Approved Credentials for Experience Waiver:
- CCSP (Cisco Certified Security Professional)
- CCNP Security (Cisco Certified Network Professional Security)
- CERT Certified Computer Security Incident Handler (CSIH)
- Certified Business Continuity Planner
- Certified Computer Crime Investigator (Advanced) (CCCI)
- Certified Computer Crime Prosecutor
- Certified Computer Examiner (CCE)
- Certified Forensic Computer Examiner (CFCE)
- Certified Fraud Examiner (CFE)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified Internal Auditor (CIA)
- Certified Protection Professional (CPP)
- Certified Wireless Security Professional (CWSP)
- CIW Web Security Associate
- CIW Security Analyst
- CIS Web Security Professional
- CIW Web Security Specialist
- CompTIA Security+
- Cyber Security Forensic Analyst (CSFA)
- GIAC Certified Enterprise Defender (GCED)
- GIAC Security Essentials Certification (GSEC)
- GIAC Certified Firewall Analyst (GCFW)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Windows Security Administrator (GCWN)
- GIAC Certified UNIX Security Administrator (GCUX)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Security Leadership Certification (GSLC)
- GIAC Systems and Network Auditor (GSNA)
- GIAC ISO 27000 Specialists (62700)
- GIAC Certified Forensics Examiner (GCFE)
- GIAC Information Security Professional (GISP)
- GIAC Information Security Fundamentals (GISF)
- Certified Penetration Tester (GPEN)
- Information Security Management Systems Lead Auditor (IRCA)
- Information Security Management Systems Principal Auditor (IRCA)
- MCITP Microsoft Certified IT Professional
- Microsoft Certified Systems Administrator (MCSA)
- Microsoft Certified Systems Engineer (MCSE)
- Master Business Continuity Planner (MBCP)
- Systems Security Certified Practitioner (SSCP)
Once the candidate successfully clears the CISSP exam, his/her qualifications needs to be endorsed by another CISSP in good standing. The endorser attests the candidate’s assertions regarding professional experience. If you cannot find a certified individual to act as an endorser, (ISC)² will act as an endorser for you. For further details visit (ISC)2 website http://www.isc2.org.
About the On-Demand Webinar
About the Webinar