About ISC CISSP Exam
(ISC)2 Certified Information Systems Security Professional (CISSP) is one of the most recognized certifications in the cybersecurity domain. It validates that the information security specialists possess the in-depth technical and managerial expertise needed to effectively perform the design, engineering, as well as management of the general security posture of a particular organization.
The target candidates for the CISSP certification exam must have at least 5 years of paid working experience covering 2 or more of 8 CISSP Common Body of Knowledge domains. The applicants can satisfy 1 year of the required experience by earning a four-year college degree or its regional equivalent. There is also an alternative to get an additional certificate from the (ISC)2 approved list to meet this requisite. The individuals who do not possess the relevant experience to qualify for the CISSP certification can become an Associate of (ISC)2 by completing the associated test. After that, they will have 6 years to earn 5 years of the required experience.
The qualifying exam for the (ISC)2 CISSP certification is available in multiple languages, including French, Brazilian Portuguese, German, Spanish, Simplified Chinese, Japanese, and Korean. The English version of the test has the duration of 3 hours and contains from 100 to 150 questions. The exam delivered in other languages lasts for 6 hours and consists of 250 items. The questions are presented in the multiple-choice and advanced innovative formats. To qualify for the CISSP certificate, the students are required to score a minimum of 700 points out of 1000. They can sit for the test at the (ISC)2 Authorized PPC or at one of the Pearson VUE centers.
The vendor’s website offers a variety of training tools to help the candidates prepare for the certification exam. The applicants can opt for the instructor-led course or take advantage of self-study resources. The instructor-led course is provided both online and in the classroom. It is designed to equip the learners with a thorough understanding of the CISSP Common Body of Knowledge. The self-study options offered on the (ISC)2 platform include textbooks & study guides as well as practice tests. The students are recommended to use several prep materials in combo to enhance their chances of passing their exam at the first attempt.
The (ISC)2 CISSP certification exam covers a wide range of knowledge and skills that the candidates are required to develop before attempting the test. The abilities measured in the exam are combined into 9 topics that are outlined below:
- Security & Risk Management – 15%
The applicants must demonstrate that they have an understanding of professional ethics and are able to adhere to and promote it. They should also have a comprehension of security concepts and know how to apply the same. Moreover, this subject area covers such competencies of the test takers as the evaluation & application of security governance principles; identification of compliance & other requirements; understanding of legal & regulatory issues pertaining to cybersecurity within a holistic context; comprehension of the investigation type requirements (for example, administrative, industry, civil, criminal, regulatory, standards). Apart from that, the learners should prove that they are capable of developing, documenting, as well as applying security policy, procedures, standards, and guidelines; determining, assessing, and prioritizing the Business Continuity requisites; contributing to and improving personnel security policies & procedures. They also need to possess expertise in the risk management concepts as well as modeling concepts & methodologies and know how to apply them. Their ability to implement the Supply Chain Risk Management concepts is required as well. Lastly, the candidates must have the capability to establish & maintain security education and awareness.
- Asset Security – 10%
The aim of this topic is to measure the capacity of the examinees to determine and classify assets & information; set asset & information management requirements; provide resources in a secure may; handle data lifecycle; guarantee proper asset retention (for instance, End-of-Life or End-of-Support); identify data security controls & compliance requisites.
- Security Engineering & Architecture – 13%
To answer the questions related to this domain, the individuals must be proficient in researching, implementing, and handling an engineering procedure with the use of secure design principles; choosing controls in accordance with systems security requirements; choosing and identifying cryptographic solutions; choosing the appropriate methods of cryptanalytic attacks. In addition, they must be able to design facility & site security controls; apply the security principles to facility & site design; evaluate and mitigate the vulnerabilities of security designs, architectures, as well as solution components. They also need to possess familiarity with the basic concepts of security models (such as Biba, Bell-LaPadula, Star Model) as well as the security capacity of Information Systems (including memory protection, encryption/decryption, and Trusted Platform Module).
- Network & Communication Security – 13%
Within this objective, the examinees are evaluated based on their ability to evaluate and apply the secure design principles in the framework of network architectures; implement secure communication channels depending on the design; secure network elements.
- Identity & Access Management (IAM) – 13%
This section requires that the students develop their skills in controlling logical & physical access to assets; handling identification & authentication of services, devices, and people; implementing and managing authorization mechanisms; implementing authentication systems; managing the identity & access provisioning lifecycle.
- Security Evaluation & Testing – 12%
The following abilities are evaluated within this exam part: design and validation of test, assessment, and audit strategies; performance of security control testing; collection of security procedure data (for instance, technical and administrative); analysis of test output and generation of the report; performance or facilitation of security audits.
- Security Operations – 13%
This module encompasses your understanding of investigations as well as your ability to comply with them; perform the logging and monitoring activities; execute configuration management (such as baselining, provisioning, automation); apply the basic security operations concepts; implement resource protection; perform incident management. Moreover, the learners should have the skills related to the operation and maintenance of detective & preventative measures; implementation and support of vulnerability & patch management; implementation of recovery strategies; implementation of the Disaster Recovery processes; testing of the Disaster Recovery Plans. Their understanding of the change management procedure and participation in them is also required.
- Software Development Security – 11%
The test takers must know how to integrate security in the Software Development Life Cycle. They should also be able to determine and implement security controls within software development ecosystems; evaluate the efficiency of software security; determine and implement secure coding guidelines & standards; evaluate the security effect of purchased software.
Earning the (ISC)2 Certified Information Systems Security Professional certification proves the foundation for taking up a variety of job roles in the cybersecurity field. The titles, such as a Security Analyst, a Security Manager, a Security Architect, a Security Consultant, a Security Auditor, a Security Systems Engineer, a Chief Information Officer, and many others, are among the options that the certified specialists can consider. As per PayScale.com, the average salary associated with this certificate is $112,234 per annum.