top of page
Search

CISSP Exam: What are the prerequisites?

Writer's picture: Katy MorganKaty Morgan
Feb 28, 20195 min read


Introduction

For every information security professional, one of the aims should be to continually upgrade the knowledge that they have. The learning strategy can be 70:30 rule, 70 percent knowledge from experience and rest from formal education and continuous learning. Since the field of information security is very dynamic, we need to be always on our toes for what is new and what we need to learn. On the job, learning is one thing while conventional learning is the other. Certification training is a mix of both and plays a vital role in learning. They give a guided approach and platform for the aspirants to learn and progress in the field.


Information security has many certifications, but there are a few that have gained the elite status out of them. One such certification is CISSP. In this article, we will be considering what CISSP is, what are the benefits of being a CISSP certified professional, exam related details and what you reap out of it.


What is CISSP?

CISSP stands for Certified Information System Security Professional. This is one of the certifications that is provided by (ISC)2 Certification Consortium which is a non-profit organization and specializes in certification for cybersecurity experts. Unlike some of the other certifications, this is a vendor-neutral certification that deals with adjusting on the concept and its practicality to the real world scenarios. This encourages the candidate to not only get the knowledge but also assures that the knowledge is used to create and design robust systems and processes for the companies. There are a couple of reasons why CISSP Certification is over and above other certifications.

  • It covers all the major aspects of information security when it comes to the exam scope.

  • Not anyone can get CISSP; you need to have appropriate experience to get the letters after your name.

  • Getting a CISSP Certificate is not the final goal. You need to work and gain the credits to ensure that the certification is valid.

  • A candidate has to show technical skills and deep managerial to get through the exam. This is necessary since they will be dealing with real-world attacks and defenses.

Why should you get CISSP Certification?

A few pointers:

  • The certification is globally recognized and sought by many companies.

  • The certification has proven its worth with its age, with updated content keeping up with the new technology and methods.

  • Salary: A CISSP candidate will be paid more than other counterparts who do not have CISSP Certification.

  • Roles: CISSP has multiple domains and holding the certification proves that you know. This opens an opportunity to work across domains.

  • Many job requirements have documented in the JD that CISSP will be a big Plus or will have an added advantage. This makes your resume one notch up during selection.

  • You get to become a member of the ISC2 community and hence have access to the updated material and community.

Purpose of the CISSP Exam:

The purpose of the exam is simple, to assure that the candidates possess a sound knowledge of the Information Security concepts. This is not just limited to the domains that they study but also on how these will be very helpful in industrial application. A CISSP candidate should be able to audit the current setup and identify the loopholes. The role is not only restricted to auditing but also to suggest and remediate the issues. This also covers the operations task that a security team or a manager may have to perform. CISSP exam will just take your knowledge and skills one level up and will strengthen you to deliver in a more professional and positive way.


Domains of CISSP

CISSP has divided the course into eight different domains that cover a lot of stuff. Some domains are technical, and some are not. This assures that the candidate is sound in both technical and operational aspects of the field. Below are the eight domains for the CISSP exam.


  • Domain 1. Security and Risk Management

  • Domain 2. Asset Security

  • Domain 3. Security Architecture and Engineering

  • Domain 4. Communication and Network Security

  • Domain 5. Identity and Access Management (IAM)

  • Domain 6. Security Assessment and Testing

  • Domain 7. Security Operations

  • Domain 8. Software Development Security

Previously CISSP had ten domains that have been reduced to 8. This does not mean that the applicants have less to their plate, but this is just a shuffling of the topics. Some domains have just been removed, and the topics have been covered in other domains. Below are the older ten domains.

  • Access Control

  • Telecommunications and Network Security

  • Information Security Governance and Risk Management

  • Software Development Security

  • Cryptography

  • Security Architecture and Design

  • Security Operations

  • Business Continuity and Disaster Recovery Planning

  • Legal, Regulations, Investigations and Compliance

  • Physical Security

What is the Eligibility criteria for CISSP certification?

No one can merely signup and get the CISSP certification. The CISSP candidate must have five years of cumulative paid work experience and should have worked in two of the eight domains of CISSP.


Experience waiver for CISSP

The five-year work experience can be reduced to 4 if the candidate has a four-year can degree or equivalent. This will substitute for one year waived off from the work experience requirements. The one-year wave off can also be granted if the applicant holds CISSP certifications that are approved by the ISC2 list.


About the CISSP Exam

The registration of the CISSP exam is something which has to be done correctly and after planning.


  • The candidate can make an account with the global ISC2 exam administrators: Pearson VUE.

  • Select the certification you plan to go for. In your case, the CISSP Exam has to be selected.

  • Select the training center and test location. DONE! You have just registered for CISSP in 3 steps.

Cost of CISSP:

$599 (USD)


Duration and Scoring:

The exam is a 6-hour long exam, and you will be required to score 700/1000 to pass the exam. The exam will have a multiple choice question as well as scenario-based CISSP questions. There can be other innovative question patterns like mix and match so be prepared.


CPE Requirements

As discussed earlier, it takes an effort to assure that the CISSP credentials remain intact with your name. To do that you need to ensure that you obtain and submit sufficient CPE credits in 3 years cycle. CISSP has a 3-year cycle to obtain and submit the CPE, but Associates have an annual cycle to submit the CPE credits. There are many ways through which CPE’s can be earned.

  • publishing a book, whitepaper or article.

  • Attending conferences and seminars

  • Classroom training and higher certifications

  • Voluntary services for Government etc.

  • Teaching work related to information security

Rescheduling and Cancellations and :

Rescheduling Exam: 50USD/35£/40€

Canceling Exam: 100USD/70£/80€


Taking a retest:

What if you fail in the CISSP exam? The point to remember is: plan and then schedule the test. Make sure that you are fully prepared to take the exam. You only have 3 chances in a year to attempt the test. If you fail you're I first attempt, you have to wait for 30 days to take a test. If you fail ur exam again, the waiting period will be 90 days and 180 days on a 3rd attempt failed attempt.

Perspective career requirements

CISSP is perfect for experienced security professionals at all levels. The Certifications will help you demonstrate your credibility. You may not have the work experience, but then an Associate of ISC2 will be handy. For those who are at higher designations, CISSP Certification will help ensure that their practice is in line with the industry best practices and what they can develop upon. The CISSP certification will help you irrespective of your role in the organization: from CISO to analyst.


Salary expectations

With a lot of demand and very few skilled security professionals in the market, the wage has no bar if the candidate has the right skill set and attitude. The credentials will set the salary bar high for the correct candidate. I will not be considering the trends in salary since they will anyway become obsolete in some time. The point is that CISSP Certification is powerful enough to get you a bounce which may not be possible otherwise. You may expect a 50 percent rise in the jump if you are in the starting years of your career. Good luck with that.

82 views0 comments

Comments

bottom of page