CISSP Certification

CISSP certification history
The need for professionalism was a serious topic among computer security practitioners for many years. Professionalism was viewed as the way to upgrade this often ill-defined and poorly understood craft to that of a recognized and disciplined profession. By the mid-1980s, a number of professional societies in North America concluded that a certification process attesting to the qualifications of information security personnel, would enhance the credibility of the computer security profession. Through the societies' cooperative efforts, the International Information Systems Security Certification Consortium, or (ISC)2, was established in mid-1989 as an independent, nonprofit corporation whose sole charter is to develop and administer a certification program for information security practitioners. Now firmly established in North America, the program is quickly gaining international acceptance. read more..

The CISSP Examination
The eligibility requirements to sit for the CISSP examination are completely separate from the eligibility requirements necessary to be certified as a CISSP.

CISSP Exam Structure
The CISSP Certification examination consists of 250 multiple-choice questions. Candidates have up to 6 hours to complete the examination. Ten CISSP information systems security test domains are covered in the examination pertaining to the Common Body of Knowledge:

Access Control Systems & Methodology
Applications & Systems Development
Business Continuity Planning
Law, Investigation & Ethics
Operations Security
Physical Security
Security Architecture & Models
Security Management Practices
Telecommunications, Network & Internet Security

To sit for the CISSP examination, a candidate must:

Submit the examination application with the required $500 fee.
Assert that he or she possesses a minimum of four years of professional experience in the information security field or three years plus a college degree.
Complete the Candidate Agreement, attesting to the truth of his or her assertions regarding professional experience and legally commit to adhere to the CISSP Code of Ethics.
Successfully answer four questions regarding criminal history and related background.

To be issued a certificate, a candidate must:

Pass the CISSP exam with a scaled score of 700 points or greater. Submit a properly completed and executed Endorsement Form. If the candidate is selected for audit, they must successfully pass that audit of their assertions regarding professional experience.

Once a candidate has been notified of passing the CISSP examination, he or she will be required to have his or her application endorsed by a CISSP before the credential can be awarded. If no CISSP can be found, another qualified professional with knowledge of information systems or an officer of the candidates corporation can be used to validate the candidate's professional experience.

The endorser will attest that the candidate's assertions regarding professional experience are true to the best of their knowledge, and that the candidate is in good standing within the information security industry.

Upon receipt of the Endorsement Form and barring a random audit of the candidate's professional experience, the CISSP credential should be awarded within one business day, with a formal notification sent via e-mail.

A percentage of the candidates who pass the CISSP examination and submit endorsements will be randomly subjected to audit and required to submit a resume for formal review and investigation.

If audited (subject to results), the credential will be awarded within seven business days and notification sent via e-mail. Naturally, there may be some delays due to mail service or the number of forms received. Also, audits may require additional time for verifying information and/or contacting references.

Post Certification
Once an individual has successfully passed an (ISC)2 credentialing examination, continuing education is required to maintain their certification in good standing.

Continuing Professional Education Credits:
In addition to paying an annual maintenance fee and subscribing to the Code of Ethics, a CISSP or SSCP must earn continuing professional education credits every three years - or retake their certification examinations. CPE credits are earned by performing activities largely related to the information systems security profession including, but not limited to, the following:

Educational courses or seminar attendance
Security conference attendance
Association chapter membership and meeting attendance
Vendor presentations
University/college course completion
Providing security training
Publishing security articles or books
Serving on industry boards
Volunteer work, including serving on (ISC)2 volunteer committees

Note: This page is updated weekly.