Introduction to CISSP Certification
The following article provides an outline for CISSP Certification. Certified Information Systems Security Professional (CISSP) is issued by the (ISC)² International Information System Security Certification Consortium and is an independent information security certification. 131,180 (ISC)² members were possessing the CISSP certification globally, around 171 countries, with the United States of America having the maximum number of members at 84,557 members. The CISSP designation was accredited to the ANSI ISO/IEC Standard 17024:2003 as per June 2004.
The U.S. Department of Defense (DoD), in case of both Information Assurance Technical (IAT) and Managerial (IAM) categories, formally approve it. The need to have a set standard of a vendor-neutral certification program that provided a hierarchy and proper demonstration of techniques arose in the mid-1980s. Several organizations interested in this goal were made to associate with it in November 1988 by the Special Interest Group for Computer Security (SIG-CS), an associate of the Data Processing Management Association (DPMA). As a result, the International Information Systems Security Certification Consortium or (ISC)² was established in the year 1989 as a non-profit organization.
A first of its kind, the committee to establish a Common Body of Knowledge (CBK) was established in 1990. CBK, in its first version, was finalized by 1992, and the CISSP certification was official by 1994.
Certification Subject Matter
The CISSP deals with numerous security management topics. The CISSP examination is conducted on the basis of the definition of the CBK by the (ISC)². As per (ISC)², “The CISSP CBK is a taxonomy – a collection of topics relevant to information security professionals around the world. The CISSP CBK helps set a fixed structure of information and security management that ensures professionals in the IT sector globally to solve matters related to this field with a cohesive comprehension.”
The CISSP covers the following topics as of 15 April 2018:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
- Should have complete security-related work experience of at least five years in minimum two of the (ISC)² security management. A year of course time can be deducted if an individual has either a four-year degree from a recognized college, a master’s degree in security management, or has done numerous other certifications, particularly security management related. A candidate who does not possess the requisite experience may qualify for the Associate of (ISC)² position by qualifying for the necessary examination; validity is a maximum of six years. In these six years, the associate will have to undergo the required and relevant experience and provide the authorities with the requisite form for CISSP certification.
- Should get the certificates of their claims regarding work experience attested and strictly adhere to the ethical structure of CISSP.
- Should get criminal history and background verified.
- Should score a minimum of 700 out of 1000 in order to qualify.
- They should get themselves endorsed by another fellow certificate holder.
Number of CISSP members on December 31, 2018.
|Country (Top 12)||Count|
Concentration of CISSP Certification
Professionals with CISSP certification can also pursue additional certifications in areas related to security management.
There are three possibilities:
- Information Systems Security Architecture Professional (CISSP-ISSAP): It is an advanced information security certification accredited by (ISC)² that deals with the design facet of information security.
- Information Systems Security Engineering Professional (CISSP-ISSEP): It is an advanced information security certification affiliated to the (ISC)² that deals with the development facet of information security. The United States Department of Homeland Security declared in October 2014 that it would make a part of the course available in the public domain via its National Initiative for Cybersecurity Careers and Studies program. ISSEP has been named as one of tech’s most valuable certifications by ZDNet and Network World.
- Information Systems Security Management Professional (CISSP-ISSMP): It is an advanced information security certification given away by the (ISC)², and it deals with how to manage information security. ISSMP was rated as one of the top ten most valuable technical certifications of all time by Computerworld in October 2014.
Initial Fees and Ongoing Certification
699 USD or 650 EUR is charged per exam as of 2015 data made public. The validity of the CISSP credential is for three years; it can be further renewed by putting into use the Continuing Professional Education (CPE) credits. The payment of a yearly maintenance fee is also required to hold the certification; at the beginning of mid-2019, this fee was hiked by almost 50%.
Value of CISSP Certification
35,167 IT professionals in 170 countries were surveyed by Certification Magazine in 2005 on the basis of compensation and concluded that CISSP certification topped their list of certificates arranged in a chronological manner on the basis of salary. Certification Magazine salary survey of 2006 also placed the CISSP credential at the top order and ranked IT professionals with CISSP associated certifications as the top best-paid credentials.
As per a survey of 2008, the corporate world concluded that professionals in the IT sector with CISSP concentrated certifications and work experience of 5 years at the minimum generally have salaries around 26% higher than other IT professionals with similar experience credentials without any certificates across the USA. But the actual cause and effect of the relationship between the certificate and salaries remain unproven.
CyberSecurityDegrees.com studied about 10,000 current and erstwhile cybersecurity vacancies made public that opted for candidates holding CISSP certifications as of 2007. It concluded that the studied job vacancies paid a higher median salary than the average cybersecurity salary.
This is a guide to CISSP Certification. Here we discuss the introduction, certification subject matter, requirements, CISSP members, initial fees and ongoing certifications. You can also go through our other suggested articles to learn more –