What is a CISSP Computer Security Certification?

CISSP CertificateThe CISSP or Certified Information Systems Security Professional is a computer security certification ran by the non-profit (ISC) 2, International Information Systems Security Certification Consortium.  This is an advanced certification requiring more experience and money than entry-level certifications, such as the CompTIA Security+.

Approximately 63,358 IT security professionals hold the CISSP certification in 134 countries.

The requirements to obtain a CISSP certification are:

  • Must subscribe to the (ISC)² code of ethics.
  • Must pass the CISSP exam.
  • Must have five years (or 4 years with a college degree) of direct work experience in two or more of the ten test domains of the CISSP Common Body of Knowledge (CBK).
  • Receive a recommendation by another (ISC)² certified professional in good standing.

The CISSP CBK is based on the CIA triangle of confidentiality, integrity and availability and attempts to balance the three across ten areas of interest, which are also called domains. The ten CBK domains are:

  1. Access Control
  2. Application Security
  3. Business Continuity
  4. Cryptography
  5. Security Management
  6. Legal Compliance
  7. Operations Security
  8. Physical Security
  9. Security Architecture
  10. 10. Telecommunications and Network Security

The exam lasts up to six hours, and includes 250 multiple-choice questions.  A passing score is 700 or greater.

The CISSP exam costs $450. Last minute registration costs another $100. In addition, an annual fee $85 is required.

Every three years recertification is required. In order to recertify you must retake the exam or earn 120 Continuing Professional Education (CPE) credits.

CPEs can be earned in several ways, including taking classes, attending conferences and seminars, teaching others, undertaking volunteer work, professional writing, etc., all in areas covered by the CBK.

Experienced CISSP certified information security professionals may earn advanced IT security certifications in specific areas.  The concentrations currently offered by (ISC)2 are:

  • (ISSAP), Information Systems Security Architecture Professional
  • (ISSEP), Information Systems Security Engineering Professional
  • (ISSMP), Information Systems Security Management Professional

Each concentration is accompanied by it own prerequisite exam.

So what can an IT security profession expect to get in return for obtaining a CISSP certification?  Several surveys of certification holders have reported an average salary of near or greater than $100,000 U.S. annually, making this one of the most lucrative IT security certifications.

The CISSP was the first credential in the field of information security, accredited by the ANSI (American National Standards Institute) and ISO (International Standards Organization) Standard.

Other computer security certifications offered by (ISC)2 include:

  • (CSSP), Certified Secure Software Lifecycle Professional
  • (SSCP), Systems Security Certified Practitioner

Sources:

1.  http://en.wikipedia.org/wiki/Certified_Information_Systems_Security_Professional

2. http://certification.about.com/od/certifications/p/cissp.htm

3. http://www.cissp.com/index.asp

4. http://www.isc2.org/

Bookmark and Share

This entry was posted on Thursday, February 25th, 2010 at 2:50 pm and is filed under Certifications, Computer Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply