Gateway To Training & Certification> Main Info Page >>> CISSP (Certified Information Systems Security Professional)
CISSP (Certified Information Systems Security Professional)
Official (ISC)² CISSP Guide | Official (ISC)² CISSP Passport | CISSP Campus | CISSP Training Courses
What is on this page?
- What is CISSP
- CISSP Courses
- Studying For Your CISSP Certificate
- The 10 Domains of the CISSP CBK
- CISSP Professional Experience Requirements
What is CISSP?
The CISSP (Certified Information Systems Security Professional ) certification has become a pre-requisite for anyone looking to make a career in information security. The CISSP certification provides information security professionals with an objective measure of competence and a globally recognised standard of achievement. The CISSP credential suits mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers.
The CISSP is developed and maintained by (ISC)² - the International Information Systems Security Certification Consortium - which is a not-for-profit organisation that developed the information security common body of knowledge (“CBK”), which is divided into 10 domains (described below) and a certification programme for information systems security professionals. There are pre-qualification requirements (described on this page) in terms of professional experience.
CISSP Courses
Book your next training course through IT Governance and let our outstanding training service team take care of you from start to finish.
Making your booking couldn’t be easier - chose your training course by selecting a date on the grid below. Please note all courses are subject to availability at the time of booking.
| Course
|
Location | Duration | Price Excl vat | Feb | Mar | Apr | May | Jun | Later Dates |
|---|---|---|---|---|---|---|---|---|---|
| CISSP | London | 5 days | £1795 | 30-4 | Further Dates |
CISSP CAMPUS - all the books, tools and courses that help you achieve your CISSP certification - or just keep up-to-date!
Studying for your CISSP Certificate
CISSP certification is achieved by passing the official CISSP exam, which are run in the UK and elsewhere (see below).
The most common method of preparing for CISSP certification is to attend a classroom training course. IT Governance offers courses throughout the year on its Fast Track classroom training course.
Classroom training is not, however, mandatory and, provided that you meet the registration requirements described below, anyone can sit the CISSP exam. There are a number of training aids - books and online e-learning - specifically designed to help you pass the exam:
- Official (ISC)2 Guide to the CISSP CBK (book)
- The Shon Harris All-in-One Exam Guide, Fourth Edition (book)
- The Official CISSP CBK Self Study & Review Package (online access)
- Official (ISC)2 CISSP Passport (Web based, with books)
The CISSP Examination
(ISC)2 is responsible for all CISSP exams. Identify your nearest exam centre, and register online for the exam.
The 10 Domains of the CISSP CBK
CISSP is divided into 10 areas or domains, known collectively as the 'Common Body of Knowledge CBK'. These domains are:
Access Control – a collection of mechanisms that work together to create security architecture to protect the assets of the information system.
- Concepts/methodologies/techniques
- Effectiveness
- Attacks
Telecommunications and Network Security – discusses network structures, transmission methods, transport formats and security measures used to provide availability, integrity and confidentiality.
- Network architecture and design
- Communication channels
- Network components
- Network attacks
Information Security Governance and Risk Management – the identification of an organization’s information assets and the development, documentation and implementation of policies, standards, procedures and guidelines.
· Security governance and policy
· Information classification/ownership
· Contractual agreements and procurement processes
· Risk management concepts
· Personnel security
· Security education, training and awareness
· Certification and accreditation
Software Development Security – refers to the controls that are included within systems and applications software and the steps used in their development.
· Systems development life cycle (SDLC)
· Application environment and security controls
· Effectiveness of application security
Cryptography – the principles, means and methods of disguising information to ensure its integrity, confidentiality and authenticity.
- Encryption concepts
- Digital signatures
- Cryptanalytic attacks
- Public Key Infrastructure (PKI)
- Information hiding alternatives
Security Architecture and Design – contains the concepts, principles, structures and standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity and availability.
- Fundamental concepts of security models
- Capabilities of information systems (e.g. memory protection, virtualization)
- Countermeasure principles
- Vulnerabilities and threats (e.g. cloud computing, aggregation, data flow control)
Operations Security – used to identify the controls over hardware, media and the operators with access privileges to any of these resources.
- Resource protection
- Incident response
- Attack prevention and response
- Patch and vulnerability management
Business Continuity and Disaster Recovery Planning – addresses the preservation of the business in the face of major disruptions to normal business operations.
- Business impact analysis
- Recovery strategy
- Disaster recovery process
- Provide training
Legal, Regulations, Investigations and Compliance – addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed and methods to gather evidence.
- Legal issues
- Investigations
- Forensic procedures
- Compliance requirements/procedures
Physical (Environmental) Security – addresses the threats, vulnerabilities and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information.
- Site/facility design considerations
- Perimeter security
- Internal security
- Facilities security
CISSP Professional Experience Requirements
With effect from 1 October 2007, Applicants must have a minimum of five years of direct full-time security professional work experience in two or more of the ten domains of the (ISC)² CISSP CBK, and will have to have their qualifications endorsed by another (ISC)² credential holder.
CISSP professional experience includes:
- Work requiring special education or intellectual attainment, usually including a liberal education or college degree.
- Work requiring habitual memory of a body of knowledge shared with others doing similar work.
- Management of projects and/or other employees.
- Supervision of the work of others while working with a minimum of supervision of one's self.
- Work requiring the exercise of judgment, management decision-making, and discretion.
- Work requiring the exercise of ethical judgment (as opposed to ethical behavior).
- Creative writing and oral communication.
- Teaching, instructing, training and the mentoring of others.
- Research and development.
- The specification and selection of controls and mechanisms (i.e. identification and authentication technology) (does not include the mere operation of these controls).
- Applicable titles such as officer, director, manager, leader, supervisor, analyst, designer, cryptologist, cryptographer, cryptanalyst, architect, engineer, instructor, professor, investigator, consultant, salesman, representative, etc. Title may include programmer. It may include administrator, except where it applies to one who simply operates controls under the authority and supervision of others. Titles with the words "coder" or "operator" are likely excluded.
The applicant must meet the following requirements to qualify to sit for the examination:
- A. Subscribe to the (ISC)² Code of Ethics; and
- B. Have a minimum five years of direct full-time security professional work experience in two or more of the ten domains of the information systems security CBK® as described above.
Waiver of Experience
Note that if certain circumstances apply and with appropriate documentation, candidates are eligible to waive one year of professional experience:
One year waiver of the professional experience requirement based on a candidate’s education. Candidates can substitute a maximum of one year of direct full-time security professional work experience described above if they have a four-year college degree OR Advanced Degree in information security from a U.S. National Center of Academic Excellence in information Security (CAEIAE) or regional equivalent.
OR
One-year waiver of the professional experience requirement for holding an additional credential on the (ISC)² approved list
Valid experience includes information systems security-related work performed as a practitioner, auditor, consultant, investigator or instructor, that requires Information Security knowledge and involves the direct application of that knowledge. The five years of experience must be the equivalent of actual fulltime Information Security work (not just Information Security responsibilities for a five year period); this requirement is cumulative, however, and may have been accrued over a much longer period of time.
Maintenance Requirements
Recertification is required every three years, with ongoing requirements to maintain the credentials in good standing. This is primarily accomplished through continuing professional education [CPE], 120 credits of which are required every three years. A minimum of 20 CPEs must be posted during each year of the three-year certification cycle. CISSPs must also pay (ISC)2 an annual maintenance fee of $85 per year.
To assist you in your CISSP Maintenance and CPE requirements, we can suggest you consider the following:
