CISSP Certification: Explained From A to Z
Did you know that CISSP-certified information security professionals have around 26% higher salary than those without the certificate?
Since you’re here, it’s safe to assume that you are interested in how the CISSP Certification program works, how CISSP exam looks like, best CISSP online training course, and so on.
We’ve curated a handy CISSP guide for you that covers all the essential information. When the exam day comes, you’ll be completely ready to pass it with flying colors!
Related: CISSP Practice Exam
A Brief Intro to CISSP
CISSP stands for Certified Information Systems Security Professional issued by (ISC)².
To get an idea of the educational level of CISSP, you can consider the fact that the UK National Recognition Information Center recognizes it as Level 7 award, which is equivalent to a Master’s degree.
As of 2020, 141,607 certified CISSP professionals hold the certification and have become members of (ISC)². Countries that dominate the fare are the US (with 89,880 CISSP-certified security members), the UK (with 7,590), Canada, China, Japan, the Netherlands, and Australia.
Should I Go for a CISSP Certificate?
If you want to work in one of the cyber-security positions listed below, the answer is: yes, you should definitely go for a CISSP certification!
- Information systems security professional
- Network security consultant
- Software development security engineer
- Software development security consultant
- Security architect
- Security auditor
- IT manager
- Director of security
Additional Benefits
CISSP certification opens the doors for three additional security professional degrees:
- CISSP-ISSAP (Information Systems Security Architecture Professional)
- CISSP-ISSEP (Information Systems Engineering Professional)
- CISSP-ISSMP (Information Systems Security Management Professional)
Is CISSP Worth It?
The epoch of technology and the internet is now more developed than ever. Occupations in the sphere continue to rank as the highest and most in-demand in the world.
Plus, we definitely need more information security professionals to make the cyber world safer, as we’re witnessing the constant rise of cybercrimes.
CISSP is a golden standard when it comes to network security.
The sole fact that (ISC)² is a leader in the field speaks volumes about the value of CISSP certification.
Next, there are multiple studies that found that CISSP-certified information systems security professionals earn more than other IT professionals.
Add to the equation the fact that there is a shortage of skilled information security workers, and it’s clear as a crystal: CISSP is definitely worth it.
How Long Does It Take to Get a CISSP?
The answer is: It depends.
The biggest factor is the time you need to study and prepare to take the CISSP exam.
If you have some relevant knowledge (which is likely, considering that five work of experience in the sphere of information security is a requirement), you’ll probably need no more than four to six months.
It’s best to go over the CISSP exam curriculum and see which areas you already know. If you haven’t got any background in IT security, you will probably need around a year to fully prepare for the exam.
No need to hurry, though. Once you obtain it, it will be more than worth it!
What are The Requirements for CISSP?
And now, the most important factor: What are the requirements one has to fulfill to be eligible for CISSP certification?
Work Experience
An individual must have a minimum of five years of full-time work experience in two or more CISSP domains (more about them a bit later).
A four-year college degree or a post-secondary degree equivalent from the institution approved by (ISC)² can count as one year of the required experience.
By the way, related internships (both paid and unpaid) are also acceptable as a form of work experience.
Don’t have enough working experience? No worries, there’s a solution to that!
In case you don’t possess enough years of experience, you can become an (ISC)² associate by taking their certification CISSP exam. It is valid for six years, during which you need to obtain the required experience.
Becoming an (ISC)² associate is not just a matter of proving that you are a certified information systems security professional, but it opens many new doors and possibilities for you. It’s well-known that there’s a shortage of skilled information security managers and other specialties.
Declarations
Candidates have to attest to the truth of the data regarding their full-time security work experience.
(ISC)² also requires members to accept their Code Of Ethics that encourages the best practices from CISSP-certified individuals.
Exam
The aforementioned CISSP is a mixed test that has up to 150 questions. You’ll have three hours to complete the exam.
Also, they use the “Computerized Adaptive Testing” strategy that adapts the questions to your level, making sure that they can assess you completely objectively.
When it comes to the marking scheme, the passing score is 700 points and above (out of 1000), and it has to be a pass in all of the CISSP domains.
Tips and Tricks to Prepare for CISSP Exam
Passing the CISSP exam is a great achievement. It’s certainly not enough to pull a caffeine-infused all-nighter to pass. It requires a lot of dedication and studying.
But it’s not by any means too difficult. You just need to know what to learn, where to begin, and what to focus on.
We’ve provided a handy guide that will have you prepped before the exam so that you feel confident and minimize the pressure.
Learn Eight Domains of CISSP
The CISSP curriculum lists the following eight domains as the main Information Security topics, and their exam weight:
- Security and Risk Management (15%)
- Security Architecture and Engineering (13%)
- Communication and Network Security (14%)
- Asset Security (10%)
- Identity and Access Management (13%)
- Security Operations (13%)
- Security Assessment and Testing (12%)
- Software Development Security (10%)
As you can see, the exam is well-balanced, and you cannot skip any domain if you want to pass. The percentage can give you an overall idea of how much time you should allocate for each domain.
Know the Format of CISSP Exam
Okay, you will cover all the domains. But to go in fully prepared, you have to know what to expect.
The format of the test is very well thought-out.
In total, there are 100-150 questions.
Some of them are classic multiple-choice questions, and others are what (ISC)² calls “advanced innovative questions.”
“Advanced innovative questions” sounds a bit intimidating, but these are actually two kinds of questions:
- Drag-and-drop, where you have to select the correct answers from the list of possible ones. This one is pretty self-explanatory.
- Hot-spot questions, where you need to select the right part of a diagram. Here’s an example: You have two ends of the diagram – desktop and internet. They ask you which segment in-between is needed to deploy a single firewall, and you ought to select a “webserver.”
Basically, these are also multiple-choice questions; it’s just that they are posed in an innovative way.
Get Acquainted with the Study Materials
First, go over the CISSP Glossary. These terms will be mentioned throughout the exam literature, so it’s vital to see if there are any you may not be familiar with.
Then you can indulge in the(ISC)² literature and resources. It’s a good thing that the materials are sufficient for self-study, especially if you’re already familiar with some of the terms.
Bonus Details
Here’s what happens after the CISSP exam: In most of the cases, you will receive the unofficial results at the testing center. Then, (ISC)² will send you an official email.
If (ISC)² cannot provide you with the immediate results (this sometimes happens if there’s much data in the test cycle), you will wait for no longer than eight weeks.
You can retake the test in 30 days if you fail the first time. After the second attempt, you’ll have to wait 90 days before you can try again, and 180 days after the third one.
What Happens After You Pass the CISSP Exam?
Endorsement
Remember how we talked about obtaining the necessary work experience if you don’t have it? This is the so-called “endorsement process” that will prove you have enough competence within the information security industry.
After passing the (ISC)² Certified Information Systems Security Professional exam, you have to complete the endorsement processwithin nine months.
Your endorser should be an active member with (ISC)² certification who can attest that your professional security experience is true. Sometimes, (ISC)² will require an audit to confirm your security systems knowledge and experience.
Always be truthful about your endorsement reporting!
After that, (ISC)² will approve your application, and the only thing left is to pay your first-year maintenance fee.
By the way, if you’re already an (ISC)² member who is getting an additional certification, you don’t have to pay the fee.
Certification Renewal
After you earn the security CISSP certification and become an Information System Security Certification Consortium member, you will have to renew your certificate every three years.
To do so, you should accumulate 120 CPE (Continuing Professional Education ) credits as proof that your cyber-security work is continuous and up to the standard (40 CPE credits per year).
The alternative is to retake the CISSP exam.
Okay, but how can you earn CPE credits?
By engaging in various security-related activities, such as:
- Educational courses
- Conferences
- Meetings
- Seminars
- College courses
- Publishing articles
- Self-study
- Volunteer work
You should also pay an annual maintenance fee of $85. This can be done online.
Final Words on CISSP
Congratulations, future information systems security professional!
By reading this article, you’re one step closer to earning your well-deserved (ISC)² CISSP certification.
Just make sure to go carefully over the requirements, exam materials, and tips. It will boost your confidence, and the desired results will naturally come.
Fingers crossed!