Certified information systems security professional explained

CISSP (Certified Information Systems Security Professional) is an independent information security certification granted by the International Information System Security Certification Consortium, also known as ISC2.

As of July 2022, there were 156,054 ISC2 members holding the CISSP certification worldwide.

In June 2004, the CISSP designation was accredited under the ANSI .[1] [2] It is also formally approved by the U.S. Department of Defense (DoD) in their Information Assurance Technical (IAT), Managerial (IAM), and System Architect and Engineer (IASAE) categories for their DoDD 8570 certification requirement.[3]

In May 2020, The UK National Academic Recognition Information Centre assessed the CISSP qualification as a Level 7 award, the same level as a Masters degree.[4] [5] The change enables cyber security professionals to use the CISSP certification towards further higher education course credits and also opens up opportunities for roles that require or recognize master's degrees.

History

In the mid-1980s, a need arose for a standardized, vendor-neutral certification program that provided structure and demonstrated competence. In November 1988, the Special Interest Group for Computer Security (SIG-CS), a member of the Data Processing Management Association (DPMA), brought together several organizations interested in this goal. The International Information Systems Security Certification Consortium or "ISC2" formed in mid-1989 as a non-profit organization.[6]

By 1990, the first working committee to establish a Common Body of Knowledge (CBK) had been formed. The first version of the CBK was finalized by 1992, and the CISSP credential was launched by 1994.[7]

In 2003 the CISSP was adopted as a baseline for the U.S. National Security Agency's ISSEP program.[8]

Certification subject matter

The CISSP curriculum breaks the subject matter down into a variety of Information Security topics referred to as domains.[9] The CISSP examination is based on what ISC2 terms the Common Body of Knowledge (or CBK). According to ISC2, "the CISSP CBK is a taxonomy – a collection of topics relevant to information security professionals around the world. The CISSP CBK establishes a common framework of information security terms and principles that allow information security professionals worldwide to discuss, debate and resolve matters pertaining to the profession with a common understanding."[10]

On April 15, 2024, a refreshed exam outline applies. The updates are the result of the Job Task Analysis (JTA), which is an analysis of the current content of the credential evaluated by ISC2 members on a triennial cycle.[11] The impact of the change is limited to the weighting of the domains; the domains themselves did not change.[12]

On 1st May 2021 there was a domain refresh that impacted the weighting of the domains; the domains themselves did not change.[13]

From 15 April 2018, the eight domains covered are :[14]

  1. Security and risk management
  2. Asset security
  3. Security architecture and engineering
  4. Communication and network security
  5. Identity and access management (IAM)
  6. Security assessment and testing
  7. Security operations
  8. Software development security

From 2015 to early 2018, the CISSP curriculum was divided into eight domains similar to the latest curriculum above. The only domain to have changed its name was "Security Engineering," which in the 2018 revision was expanded to "Security Architecture and Engineering."[15]

Before 2015, it covered ten domains:[16]

  1. Operations security
  2. Telecommunications and network security
  3. Information security governance and risk management
  4. Software development security
  5. Cryptography
  6. Security architecture and design
  7. Access control
  8. Business continuity and disaster recovery planning
  9. Legal, regulations, investigations and compliance
  10. Physical (environmental) security

Requirements

Member counts

Number of CISSP members as of July, 2022 is 156,054.[22]

#! scope="col" style="width: 120px;"
Country (Top 15)Count
align=center 1United Statesalign=right 95,243
align=center 2United Kingdomalign=right 8,486
align=center 3Canadaalign=right 6,842
align=center 4Chinaalign=right 4,136
align=center 5Japanalign=right 3,699
align=center 6Indiaalign=right 3,364
align=center 7Australiaalign=right 3,305
align=center 8The Netherlandsalign=right 2,983
align=center 9Singaporealign=right 2,963
align=center 10Germanyalign=right 2,856
align=center 11Koreaalign=right 2,090
align=center 12Hong Kongalign=right 1,968
align=center 13Francealign=right 1,277
align=center 14Switzerlandalign=right 1,127
align=center 15Spainalign=right 847

Concentrations

Holders of CISSP certifications can earn additional certifications in areas of speciality. There are three possibilities of the concentrations as listed below.[23]

Information Systems Security Architecture Professional (CISSP-ISSAP)

It is an advanced information security certification issued by (ISC)² that focuses on the architecture aspects of information security. The certification exam consists of 125 questions covering six domain areas:

  1. Identity and Access Management Architecture
  2. Security Operations Architecture
  3. Infrastructure Security
  4. Architect for Governance, Compliance, and Risk Management
  5. Security Architecture Modeling
  6. Architect for Application Security

As of July, 2022, there were 2,307 ISC2 members holding the CISSP-ISSAP certification worldwide.[22]

Information Systems Security Engineering Professional (CISSP-ISSEP)

It is an advanced information security certification issued by (ISC)² that focuses on the engineering aspects of information security across the systems development life cycle.[24] In October 2014 it was announced that some of its curricula would be made available to the public by the United States Department of Homeland Security through its National Initiative for Cybersecurity Careers and Studies program.[25] Both ZDNet and Network World have named ISSEP one of tech’s most valuable certifications.[26] [27] The certification exam consists of 125 questions covering 5 domain area:

  1. Security Engineering Principles
  2. Risk Management
  3. Security Planning, Design, and Implementation
  4. Secure Operations, Maintenance, and Disposal
  5. Secure Engineering Technical Management

As of July, 2022, there were 1,382 ISC2 members holding the CISSP-ISSEP certification worldwide.

Information Systems Security Management Professional (CISSP-ISSMP)

It is an advanced information security certification issued by (ISC)²[28] that focuses on the management aspects of information security.[24] In September 2014, Computerworld rated ISSMP one of the top ten most valuable certifications in all of tech.[29] The certification exam consists of 125 questions covering 6 domain areas:

  1. Leadership and Business Management
  2. Systems Lifecycle Management
  3. Risk Management
  4. Threat Intelligence and Incident Management
  5. Contingency Management
  6. Law, Ethics, and Security Compliance Management

As of July, 2022, there were 1,458 ISC2 members holding the CISSP-ISSMP certification worldwide. [22]

Fees and ongoing certification

The standard exam costs $749 US as of 2021.[30] On completion of the exam, to gain certification you need to complete an endorsement process to evidence at least five years experience within a mix of the domains. A dispensation can be claimed for one year with the relevant academic qualification. The final step is payment of the annual maintenance fee of $135 (as of 2024).

The CISSP credential is valid for three years; holders renew either by submitting 40 Continuing Professional Education (CPE) credits per year over three years or re-taking the exam.

CPE credits are gained by completing relevant professional education.

Value

In 2005, Certification Magazine surveyed 35,167 IT professionals in 170 countries on compensation and found that CISSPs led their list of certificates ranked by salary. A 2006 Certification Magazine salary survey also ranked the CISSP credential highly, and ranked CISSP concentration certifications as the top best-paid credentials in IT.[31] [32]

In 2008, another study came to the conclusion that IT professionals in the Americas holding the CISSP (or other major security certifications) and at least 5 years of experience had salaries of up to 26% higher than IT professionals with similar experience levels who did not have such certificates.[33] Note that any actual cause-and-effect relationship between the certificate and salaries remains unproven.

As of 2017, a study by CyberSecurityDegrees.com surveyed some 10,000 current and historical cyber security job listings that preferred candidates holding CISSP certifications. CyberSecurityDegrees found that these job openings offered an average salary of more than the average cyber security salary.[34]

ANSI certifies that CISSP meets the requirements of ANSI/ISO/IEC Standard 17024, a personnel certification accreditation program.[1]

See also

Notes and References

  1. https://www.ansica.org/wwwversion2/outside/ALLdirectoryDetails.asp?menuID=2&prgID=201&orgID=97&status=4 ANSI Accreditation Services - International Information Systems Security Certification Consortium, Inc. (ISC)2
  2. (ISC)² CISSP Security Credential Earns ISO/IEC 17024 Re-accreditation from ANSI . September 26, 2005 . Palm Harbor, FL . November 23, 2009 . . dead . https://web.archive.org/web/20100302041719/http://www.isc2.org/PressReleaseDetails.aspx?id=2796 . March 2, 2010 .
  3. Web site: DoD 8570.01-M Information Assurance Workforce Improvement Program . https://web.archive.org/web/20070710035709/http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf . dead . July 10, 2007 . January 24, 2012 . . April 12, 2012.
  4. Web site: Coker. James. 2020-05-12. CISSP Qualification Given Cert Status Equivalent to Master's Degree Level. 2020-11-15. Infosecurity Magazine.
  5. Web site: GmbH. finanzen net. (ISC)2 CISSP Certification Now Comparable to Masters Degree Standard Markets Insider. 2020-07-15. markets.businessinsider.com. en-us.
  6. Book: Harris, Shon. All-In-One CISSP Exam Guide. 5. 2010. McGraw-Hill. New York. 978-0-07-160217-4. 7–8.
  7. https://www.isc2.org/isc2-history.aspx History of (ISC)²
  8. Web site: NSA Partners With (ISC)² To Create New InfoSec Certification . February 27, 2003 . December 3, 2008 . dead . https://web.archive.org/web/20110929122624/https://www.isc2.org/PressReleaseDetails.aspx?id=3334 . September 29, 2011 .
  9. Book: Conrad . Misenar . Feldman . 11th Hour CISSP . 7 November 2013 . Syngress . 978-0-12-417142-8.
  10. Book: Tipton . Henry . Official (ISC)² Guide to the CISSP CBK . Auerbach Publications . 0-8493-8231-9 . 2006-11-14 . registration .
  11. Web site: CISSP Exam Refresh FAQ . 2024-01-31 . www.isc2.org . en.
  12. Web site: Changes to the CISSP Exam Weighting – What You Need to Know. 2024-01-31. www.isc2.org.
  13. Web site: Cybersecurity Certification CISSP - Domain Refresh FAQ (ISC)². 2020-11-15. www.isc2.org.
  14. Web site: CISSP Certification Exam Outline. 6 Mar 2023.
  15. Web site: (ISC)² CISSP and SSCP Domain Refresh FAQ. (ISC)². 15 May 2015. 16 March 2016. https://web.archive.org/web/20160316210721/https://www.isc2.org/cissp-sscp-domains-faq/default.aspx. dead.
  16. Web site: 2014-10-15. CISSP Training (On-Demand). 2020-12-30. https://web.archive.org/web/20141015074424/http://logicalsecurity.com/cissp-training-on-demand-1/. 2014-10-15.
  17. Web site: CISSP Professional Experience Requirement . 2009 . . December 3, 2008 . March 21, 2016 . https://web.archive.org/web/20160321065911/https://www.isc2.org/cissp-professional-experience.aspx . dead .
  18. Web site: How to Become an Associate . 2009 . . November 23, 2009 . February 4, 2017 . https://web.archive.org/web/20170204142737/https://www.isc2.org/how-to-become-an-associate.aspx . dead .
  19. Web site: (ISC)² Code of Ethics . 2009 . . December 3, 2008 . June 6, 2017 . https://web.archive.org/web/20170606171451/https://www.isc2.org/ethics/default.aspx . dead .
  20. Web site: How To Certify . 2009 . . December 3, 2008.
  21. Web site: Endorsement . 2009 . . August 2, 2015.
  22. Web site: Member Counts How Many (ISC)² Members Are There Per Certification (ISC)². www.isc2.org. 2023-03-16. https://web.archive.org/web/20230316191559/https://www.isc2.org/About/Member-Counts. 2023-03-16.
  23. Web site: CISSP® Concentrations. (ISC)². 17 January 2015. dead. https://web.archive.org/web/20141211001816/https://www.isc2.org/concentrations/default.aspx. 11 December 2014.
  24. Web site: Finding your way: An overview of information security industry qualifications and associations. 23 September 2009. Infosecurity Magazine. 29 March 2023.
  25. Web site: (ISC)² Offers Certification Via DHS. Tara. Seals. 10 October 2014. Infosecurity Magazine. 29 March 2023.
  26. Web site: 20 technology certifications that are paying off. ZDNET. 29 March 2023.
  27. Web site: Network World (Dec 2013): 18 Hot IT Certifications for 2014. 29 March 2023. 19 September 2018. https://web.archive.org/web/20180919173539/https://www.networkworld.com/article/2289934/data-center/130807-18-Hot-IT-Certifications-for-2014.html. dead.
  28. Web site: GCN: DOD approves new credentials for security professionals. 29 March 2023. 24 October 2020. https://web.archive.org/web/20201024005709/https://gcn.com/articles/2009/11/04/dod-approves-new-security-certification.aspx. dead.
  29. Web site: IT skills that are in demand, and those that will be. Patrick. Thibodeau. 29 September 2014. Computerworld. 29 March 2023.
  30. Web site: exam prices . (ISP)^2 . 10 November 2021.
  31. Top Certifications by Salary in 2007 . Certification Magazine . 2007-04-11 . https://web.archive.org/web/20070329054214/http://www.certmag.com/images/CM1206_salSurveyFig1.jpg . 2007-03-29 . 2007-10-14 . Certification Magazine.
  32. CertMag's 2005 Salary Survey: Monitoring Your Net Worth . dead . Certification Magazine . CertMag . December 2005 . Tim . Sosbe . Emily. Hollis . Brian . Summerfield . Cari . McLean . https://web.archive.org/web/20070607155757/http://www.certmag.com/articles/templates/CM_gen_Article_template.asp?articleid=1524&zoneid=224 . 2007-06-07 . 2007-04-27.
  33. Brodkin, Jon (2008-06-11). Salary boost for getting CISSP, related certs. Network World, IDG, 11 June 2008. Retrieved from https://www.networkworld.com/article/807166/lan-wan-salary-boost-for-getting-cissp-related-certs.html.
  34. CyberSecurityDegrees.com's Study of the Most Lucrative Cyber Security Certifications. Cyber Security Degrees. Retrieved from https://cybersecuritydegrees.com/faq/most-popular-cyber-security-professional-certifications/.