Certified Information Security Systems Professional Certification- Over 140,000 security professionals will possess the CISSP certification by July 1, 2020. (ISC)2, a worldwide, nonprofit membership group and perhaps the world’s premier cybersecurity professional organisation, created the Certified Information Security Systems Professional (CISSP) Certification in 1994. Its purpose is to verify that you have worked in the field of information security and have a working knowledge of security principles and procedures.
The purpose and significance of a CISSP designation will be examined in this guide, as well as the certification expenses and benefits. The qualifications for this professional title are also spelled out in full.
The CISSP is not appropriate for every security practitioner or executive, but it is a certification that anyone interested in a career in information security at any level should pursue. CISSP certification should be considered a necessity for various security roles, such as IT director, security analyst, and chief information security officer.
What is the Certified Information Security Systems Professional CISSP Certification?
In the security business, the CISSP is one of the most sought-after professional credentials. CISSP stands for Certified Information Systems Security Professional, and it was intended to show that a security professional can plan, engineer, implement, and manage an information security programme.
Many security professionals consider acquiring a CISSP certification a priority because of the high salary and predicted career growth rate.
The CISSP is difficult to achieve due to a difficult exam and stringent work experience criteria, but its popularity indicates that most security professionals can obtain certification.
What are CISSP Requirements?
Work experience, peer endorsement, adherence to ethics, and passing the CISSP exam are all prerequisites for CISSP certification. A minimum of five years of direct full-time security work experience is required. There are rules that allow one year of work experience to be excused if the applicant has a four-year college diploma, a master’s degree in information security, or one of several other certificates.
Candidates must adopt the CISSP Code of Ethics and certify to the truthfulness of their application assertions on professional experience and background in order to fulfil their commitment to establish and sustain professionalism within the security industry. Nonetheless, they will definitely verify those claims as well.
A three-hour, 150-question multiple-choice exam is the crown jewel of the CISSP certification process. This examination must be passed with a score of 700 points or higher out of a possible 1000. Finally, a candidate’s qualifications must be endorsed by a (ISC)2 certification holder who has ostensibly embraced the CISSP Code of Ethics.
While (ISC)2 does not provide a detailed list of what career experience qualifies as relevant for the CISSP certification, their promotional materials suggest that the following positions are appropriate for CISSP holders:
- Chief information security officer
- Chief information officer
- Director of security
- IT director/manager
- Security systems engineer
- Security analyst
- Security manager
- Security auditor
- Security architect
- Security consultant
- Network architect
(ISC)2 evaluates security job experience provided as part of a CISSP certification application for components indicating educational and professional accomplishments. Work that requires a college diploma, managerial skills, or the consistent application of security policies and principles is very crucial.
A CISSP applicant may have held a variety of security positions, but must demonstrate work experience in two or more of the (ISC)2 CISSP Common Body of Knowledge’s eight domains (CBK).
It’s worth mentioning that a candidate without the necessary experience to become a CISSP can become an Associate of (ISC)2 after passing the CISSP exam. After that, the Associate of (ISC)2 will have six years to gain the required experience for CISSP certification.
How Much Does Obtaining a CISSP Certification Cost?
The overall cost of CISSP certification preparation varies depending on the candidate’s expertise and experience. A candidate might choose a comprehensive CISSP course to help them prepare for the exam if they have a minimum of related knowledge and expertise. A more experienced candidate, on the other hand, may merely need to brush up on their skills with a few books or videos.
There are four types of CISSP courses offered to help applicants pass the exam:
Directly from (ISC)2 or one of their official training providers, training, seminars, courseware, and self-study aids are available. There are a variety of websites, books, and videos available to help applicants pass the CISSP exam in addition to official training sources. When looking for CISSP exam information from unauthorised sources, be cautious. The format of the exam has changed in recent years, and prior guidelines and training materials may be out of current.
Self-paced e-learning courses start at $2,499 from well-known official training providers. These courses come with a voucher for an exam as well as a number of practise tests. Instructor-led courses start at roughly $2,900 and go up to $4,400 depending on the extent of instructor engagement. Some of these courses give a guarantee of passing the exam.
CISSP reference books and videos are widely available for candidates who choose to piece together their own study materials. Books cost around $100, and videos cost around $300. To prevent receiving obsolete information, use the most recent material accessible.
There are soft expenses to consider in addition to the expenditures connected with training courses and materials. Preparing for the exam will necessitate sacrifice, and because time is money, those expenditures should be factored into the total cost-benefit analysis. Despite this, the greater salaries and increased career options enjoyed by CISSP holders almost usually outweigh the costs of pursuing the certification.
The cost of keeping a CISSP certification is also an ongoing expense. A holder must recertify every three years after becoming qualified. Earning 120 continuing professional education (CPE) credits over three years and paying a $125 Annual Maintenance Fee (AMF) to support the program’s continuous growth is required for recertification.
Deep Dive into the CISSP exam
The cost of the CISSP exam is $699. In certain commercially available courses, a voucher for this fee is included. Computerized Adaptive Testing is used to administer English language tests (CAT). The quality of the test taker’s responses to prior items determines which test items are offered in this type of computer-administered testing. The test adapts to the examinee’s ability level in this way.
The material covered in one of the eight domains of the (ISC)2 CISSP CBK will provide the basis for the 100 to 150 test items in the CISSP exam. As illustrated below, each CBK domain is weighted:
| DOMAINS OF THE CBK | WEIGHTS |
| Domain 1: Security and Risk Management | 15 percent |
| Domain 2: Asset Security | 10 percent |
| Domain 3: Security Architecture and Engineering | 13 percent |
| Domain 4: Communication and Network Security | 14 percent |
| Domain 5: Identity and Access Management (IAM) | 13 percent |
| Domain 6: Security Assessment and Testing | 12 percent |
| Domain 7: Security Operations | 13 percent |
| Domain 8: Software Development Security | 10 percent |
The CISSP exam has a time limit. The exam can take up to three hours for each candidate to complete. Multiple-choice or advanced creative questions make up the test items.
The pass/fail rate for CISSP exam candidates isn’t made public. Commercial training providers claim pass rates of more than 90%, however this information is difficult to verify. The CISSP exam pass rate is usually thought to be below 50% in the security profession.
If a candidate fails the exam on the first attempt, he or she has 30 days to retake it. They can retest after 60 test-free days or 90 days from their initial test date if they don’t pass the second time. They can retry after 90 test-free days or 180 days after their initial exam attempt if they don’t pass the third time. Candidates may take the (ISC)2 test up to four times in a 12-month period.
CISSP Salary Information
The CISSP is one of the most in-demand professional distinctions, owing to the fact that it is consistently ranked as the highest-paying industry certification. According to (ISC)2, the average pay for CISSP holders was $131,030 in 2018. While compensation numbers for succeeding years have not been released by (ISC)2, the current skills gap in information security employment has undoubtedly pushed CISSP wages even higher.
According to the US Bureau of Labor Statistics, job growth for Information Security Analysts is predicted to be substantially stronger than normal from 2019 to 2029, at a rate of 31%.
The CISSP is recognised by the US Department of Defense (DoD) and opens many doors inside the US Federal Government. According to (ISC)2, members earn 35% more than non-members.
The CISSP is a globally recognised credential that can lead to worldwide travel and job opportunities all around the world.
Conclusion
The CISSP would be the sole professional certification for information security practitioners to consider if there were just one, and there are many more. It is the most well-known and thorough certification programme accessible.
The CISSP is difficult to achieve by design. Employers value certification because of the degree of knowledge and experience required to achieve it. Many high-level security roles need a CISSP, and it serves as a benchmark by which security leaders are judged.
