About ISC CISSP Certification
The Certified Information Systems Security Professional certification is intended for the information security specialists who want to demonstrate their knowledge of the cybersecurity strategy and practical implementation. It confirms that they have an advanced understanding of designing, developing, and managing the organization’s security condition. To get (ISC)2 CISSP, the potential candidates should pass the corresponding exam. It will be easier for you if you possess at least five years of working experience in a minimum of two domains presented in the CISSP CBK content.
Please note that the CISSP certification exam can be delivered as the CISSP Computerized Adaptive Testing (CAT) or the linear exam. With CISSP CAT, the applicants will have 180 minutes to cover about 150 questions that can be expected in the multiple-choice and advanced innovative formats. The students have to achieve the passing score of a minimum of 700 points to get the associated certificate. This test is available in English only and you can register for it through Pearson VUE. Taking CISSP as the linear exam, the professionals need to answer about 250 questions within the allocated time of 360 minutes. The question formats as well as the pass mark are the same as for CISSP CAT, and the scheduling process is done through the Pearson VUE platform. But in this case, the learners can opt for different languages, such as French, Brazilian Portuguese, Japanese, Korean, German, Spanish, and Simplified Chinese.
To pass the (ISC)2 CISSP exam with flying colors, the individuals need to prepare for it thoroughly. For this purpose, many official training providers are created to help you get ready for this test by reviewing the related topics and subtopics. First of all, the students can start with the Official (ISC)2 CBK Training Seminar for CISSP. It is intended for those professionals in information security who possess a deep understanding of designing, engineering & managing the security condition of the organization. This course also provides a comprehensive study of the information systems security concepts and industry best practices, including the information about all the exam subject areas. Besides that, the candidates can choose other prep resources that are listed below:
- Classroom-based training;
- Instructor-led training;
- Self-paced training;
- Official (ISC)2 CISSP CBK Reference;
- Official (ISC)2 CISSP Study Guide;
- Official (ISC)2 CISSP Practice Tests;
- CISSP for Dummies.
Moreover, the students can download the official CISSP study & practice tests apps or join the CISSP study group.
The CISSP exam validates the applicants’ knowledge of the subject areas in the field of information systems security. All in all, the potential candidates are expected to have expertise in 8 domains highlighted as the following:
Risk Management and Security (15%)
- Understanding, adhering to, and promoting the (ISC)2 code of the Professional Ethics as well as their organizational code;
- Understanding and using the security concepts, including integrity, confidentiality, availability, nonrepudiation & authenticity;
- Evaluating and applying the governance principles of security;
- Determining compliance as well as legal, contractual, industry standards, privacy, and regulatory requirements;
- Understanding the regulatory and legal issues that concern the information security in a holistic context;
- Understanding the requirements for the investigation types;
- Developing, describing, and applying the security standards, policy, guidelines, and procedures;
- Identifying, analyzing, and prioritizing the Business Continuity requirements;
- Understanding and applying the risk management concepts as well as threat modeling methodologies & concepts;
- Applying the Supply Chain Risk Management concepts;
- Determining and maintaining the security training program, awareness, and education.
Asset Security (10%)
- Identifying and classifying information & assets;
- Establishing the information and asset handling requirements;
- Securely providing information and asset ownership, management & inventory;
- Managing the data lifecycle, including its roles, location, collection, retention, maintenance, destruction, and remanence;
- Defining the compliance requirements and data security controls;
- Ensuring the appropriate asset retention (EOS & EOL).
Security Engineering and Architecture (13%)
- Researching, applying, and managing the engineering processes with the usage of the secure design principles;
- Understanding the fundamental concepts of security models;
- Choosing controls based on the systems security requirements;
- Understanding the security capabilities of information systems;
- Assessing and mitigating the vulnerabilities of security solution elements, designs, and architectures;
- Defining and selecting the cryptographic solutions;
- Understanding the methods of cryptanalytic attacks;
- Applying the security principles to facility and site design;
- Designing facility and site security controls.
Network Security and Communication (13%)
- Implementing and assessing the secure design principles in network architectures;
- Securing the network components, including operation of hardware, endpoint security, Network Access Control (NAC) devices, and transmission media;
- Implementing the secure communication ways based on the design.
Access and Identity Management (13%)
- Controlling the logical and physical access to assets, such as systems, information, applications, facilities, and devices;
- Managing the authentication and identification of people, services, and devices;
- Federated identifying with a third-party service;
- Managing the access and identity of the provisioning lifecycle;
- Implementing and managing the authorization mechanisms (RBAC, ABAC, DAC, MAC, as well as rule & risk-based access control);
- Implementing authentication systems.
Security Testing and Assessment (12%)
- Designing and verifying audit, test, and assessment strategies;
- Conducting testing of security control;
- Collecting security process data;
- Facilitating or conducting security audits;
- Analyzing the generate report and test output.
Security Operations (13%)
- Understanding and complying with the investigations;
- Conducting monitoring and logging activities;
- Performing configuration management;
- Applying the foundational security operations concepts and resource protection;
- Conducting incident management;
- Implementing and supporting vulnerability & patch management;
- Maintaining and operating the detective & preventative measures;
- Understanding and participating in the change management processes;
- Implementing the recovery strategies and Disaster Recovery processes;
- Testing the Disaster Recovery Plans;
- Participating in the Business Continuity planning and exercises;
- Addressing the security concerns and personnel safety;
- Implementing and managing physical security.
Software Development Security (11%)
- Understanding and integrating the security within the Software Development Life Cycle;
- Identifying and applying security controls in the software development ecosystems;
- Assessing the effectiveness of software security as well as security impact of the acquired software;
- Defining and applying the secure coding guidelines & standards.
The Certified Information Systems Security Professional certification allows you to get your career to the next level. Thus, the certified specialists will be able to take one of the prestigious positions, including a Network Architect, a Chief Information Officer, a Security Analyst, an IT Director/Manager, a Security Auditor, a Security Manager, a Chief Information Security Officer, a Security Architect, a Security Systems Engineer, a Security Consultant, and a Director of Security, among others. As for the salary, the certificate holders can earn about $130,000 per year, depending on their job title, related tasks, as well as working experience.