 |
 |
 |
 |
CISSP
The CISSP curriculum covers subject matter in a variety of Information Security topics. The CISSP examination is based on what the International Information Systems Security Certification Consortium (ISC) terms the Common Body of Knowledge (or CBK). According to (ISC), "the CISSP CBK is a taxonomy -- a collection of topics relevant to information security professionals around the world. The CISSP CBK establishes a common framework of information security terms and principles that allow information security professionals worldwide to discuss, debate and resolve matters pertaining to the profession with a common understanding."
The CISSP CBK is fundamentally based on the CIA triad, the core information security and assurance tenets: confidentiality, integrity and availability, and attempts to balance the three across ten areas of interest, which are also called domains. The ten CBK domains are:
Access Control
- Categories and Controls
- Control Threats and countermeasures
Application Development Security
- Software Based Controls
- Software Development Lifecycle and Principles
Business Continuity and Disaster Recovery Planning
- Response and Recovery Plans
- Restoration Activities
Cryptography
- Basic Concepts and Algorithms
- Signatures and Certification
- Cryptanalysis
Information Security Governance and Risk Management
- Policies, Standards, Guidelines and Procedures
- Risk Management Tools and Practices
- Planning and Organization
Legal, Regulations, Investigations and Compliance
- Major Legal Systems
- Common and Civil Law
- Regulations, Laws and Information Security
Operations Security
- Media, Backups and Change Control Management
- Controls Categories
Physical (Environmental) Security
- Layered Physical Defense and Entry Points
- Site Location Principles
Security Architecture and Design
- Principles and Benefits
- Trusted Systems and Computing Base
- System and Enterprise Architecture
Telecommunications and Network Security
- Network Security Concepts and Risks
- Business Goals and Network Security
Candidates for the CISSP must meet several requirements:
Possess a minimum of five years of direct full-time security work experience in two or more of the ten (ISC) information security domains (CBK). One year may be waived for having either a four-year college degree, a Master's degree in Information Security, or for possessing one of a number of other certifications from other organizations. A candidate not possessing the necessary five years of experience may earn the Associate of (ISC) designation by passing the required CISSP examination. The Associate of (ISC)² for CISSP designation is valid for a maximum of six years from the date (ISC) notifies the candidate of having passed the exam. During those six years a candidate will need to obtain the required experience and submit the required endorsement form for certification as a CISSP. Upon completion of the professional experience requirements the certification will be converted to CISSP status.
Attest to the truth of their assertions regarding professional experience and accept the CISSP Code of Ethics.
Answer four questions regarding criminal history and related background.
Pass the CISSP exam with a scaled score of 700 points or greater out of 1000 possible points. The exam is multiple choice, consisting of 250 questions with four options each, to be answered over a period of six hours. 25 of the questions are experimental questions which are not graded.
Have their qualifications endorsed by another CISSP in good standing. The endorser attests that the candidate's assertions regarding professional experience are true to the best of their knowledge, and that the candidate is in good standing within the information security industry.