Study Groups‎ > ‎

CISSP

What is the CISSP Certification

Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the International Information System Security Certification Consortium, also known as (ISC)².

As of March 1, 2016, there are 105,705 (ISC)² members holding the CISSP certification worldwide, in 160 countries. In June 2004, the CISSP obtained accreditation by ANSI ISO/IEC Standard 17024:2003 accreditation. It is also formally approved by the U.S. Department of Defense (DoD) in both their Information Assurance Technical (IAT) and Managerial (IAM) categories for their DoDD 8570 certification requirement. The CISSP has been adopted as a baseline for the U.S. National Security Agency's ISSEP program. CISSP is a globally recognized certification in the field of IT security.

Certification subject matter

The CISSP curriculum covers subject matter in a variety of Information Security topics. The CISSP examination is based on what (ISC)² terms the Common Body of Knowledge (or CBK). According to (ISC)², "the CISSP CBK is a taxonomy – a collection of topics relevant to information security professionals around the world. The CISSP CBK establishes a common framework of information security terms and principles that allow information security professionals worldwide to discuss, debate and resolve matters pertaining to the profession with a common understanding."

From 2015, the CISSP curriculum is divided into eight domains:

    Security and Risk Management
    Asset Security
    Security Engineering
    Communications and Network Security
    Identity and Access Management
    Security Assessment and Testing
    Security Operations
    Software Development Security

Requirements

Possess a minimum of five years of direct full-time security work experience in two or more of the (ISC)² information security domains (CBK). One year may be waived for having either a four-year college degree, a master's degree in Information Security, or for possessing one of a number of other certifications. A candidate without the five years of experience may earn the Associate of (ISC)² designation by passing the required CISSP examination, valid for a maximum of six years. During those six years a candidate will need to obtain the required experience and submit the required endorsement form for certification as a CISSP. Upon completion of the professional experience requirements the certification will be converted to CISSP status.
Attest to the truth of their assertions regarding professional experience and accept the CISSP Code of Ethics.
Answer questions regarding criminal history and related background.
Pass the multiple choice CISSP exam with a scaled score of 700 points or greater out of 1000 possible points.
Have their qualifications endorsed by another (ISC)² certification holder in good standing.

Value
From Wikipedia

In 2005, Certification Magazine surveyed 35,167 IT professionals in 170 countries on compensation and found that CISSPs led their list of certificates ranked by salary. A 2006 Certification Magazine salary survey also ranked the CISSP credential highly, and ranked CISSP concentration certifications as the top best-paid credentials in IT.

In 2008, another study came to the conclusion that IT professionals with CISSP (or other major security certifications) tend to have salaries $21,000 higher than IT professionals without such certificates. However, there's no proof that there's any cause-and-effect between the certificate and salaries.

ANSI certifies that CISSP meets the requirements of ANSI/ISO/IEC Standard 17024, a personnel certification accreditation program.