The Certified Information Systems Security Professional (CISSP) is a world recognized leading information security (IS) certification. An independent certification program, CISSP is governed by
Qualifying for CISSP exam and certification
The pre-qualification criteria for CISSP exam includes:
• At least five years of direct, full time work experience in two or more of the 10 (ISC)2 CISSP Common Body of Knowledge (CBK) domains. A one-year waiver is available against a four-year college degree, or if you hold an approved professional certification (such as CSIH, CISA, CISM, CFE). The work experience must be as an auditor, consultant, investigator, instructor or an IS professional. The five years could have been accumulated over a period of time and not necessarily at one stretch.
• Legally adhering to the (ISC)2 Code of Ethics and completing an exam agreement, attesting your professional, educational, and background details.
Obtaining the CISSP certification requires:
• Passing the CISSP exam with at least 700 points.
• Obtaining an endorsement from a CISSP certified professional.
• Applying to (ISC)2 for the CISSP certification.
• Passing an audit of your experience and qualification if your name gets randomly selected.
CISSP exam tests competency in CBK domains
The CISSP exam taken by thousands of professionals every year tests their IS knowledge across (ISC)2 CBK domains. The CISSP exam lasts six hours and comprises 250 multiple choice questions to test working knowledge in security management, engineering, and architecture for implementation, design, maintenance, and measurement.
To register for the CISSPexam, you need to pay US$ 599 as fees on the (ISC)2 website. A CISSP certified professional is expected to demonstrate technical, managerial, strategic and tactical skills and an all-round competency in the (ISC)2 CBK domains, as listed below:
- Access control
- Application development security
- Business continuity and disaster recovery planning
- Information security governance and risk management
- Legal, regulations, investigations and compliance
- Operations security
- Physical (environmental) security
- Security architecture and design
- Telecommunications and network security
About 100 to 150 new questions are added every year to the question bank. Hence, make sure to continuously update yourself about the new security practices, threats and risks.
The CISSP exam passing score is 700. The cut off score for each CISSP exam is calculated by equating the scoring values associated with each question. The passing rate ranges between 70% and 80%, with less than 8% achieving scores higher than 85%.
Strategizing for the CISSP exam
Preparing for the CISSP exam takes an average of four to eight months, assuming you also have a regular job. The best study resource is the official (ISC)2 study guide that can be purchased online. Many other books, including The Official All-In-One Guide, The Information Security Management Handbook, and The Advanced CISSP Guide are also available. Other CISSP exam resources include online and offline training programs.
Before purchasing, it will be wise to consult with your mentor(s), view online reviews and obtain feedback from peers, as the programs are quite expensive. You could also identify candidates in your location who would be appearing for the CISSP exam and put together a study group to share resources and experiences.
A practice test at the start of the CISSP study program will help you create a plan and provide a reference baseline against which you can chart your progress. Do not take the same test every time, but keep the duration, number of questions and domain area constant. Use practice tests to identify your ‘weak’ knowledge areas and make special efforts to study and master these subjects by reading books. Prioritize review of your ‘weak’ domains based on their percentage. When revising for the CISSP exam, start with the high percentage domains and move down the chain.
Time yourself and work on improving your knowledge and speed to answer questions during the CISSP exam. Give yourself a few seconds to read and respond. If the right answer does not come to your mind immediately, move on to the next question and come back to it later.
Remember that all the CISSP exam references only help you review your skill and provide an overview of the subject; however, they do not provide you with the knowledge needed to master the subject. Hence, it is important that you use the CISSP exam preparation period to add to your knowledge about IS practices by reading books and referring to online resources.
If you do not meet the criteria, you can still sit for the CISSP exam and get the Associate CISSP certification. Later on, once you meet the criteria, you can apply for CISSP certification.
After passing the CISSP exam, you can apply for certification following an ‘Endorsement’ process defined by (ISC)2. The CISSP certification has to be maintained with continuous professional education credits and annual certification costs.
About the author: Dinesh Bareja, CISA, CISM, ITIL, is an information security consultant specializing in strategic and customized IS solutions, MSS, SOCs, PCI, ISMS, ITSM and more. He is involved in training and conducts regular online mentoring sessions. Bareja also maintains thefaqproject.com for InfoSec certifications. You can connect with him on firstname.lastname@example.org.
This was first published in February 2011