What is CISSP?
The CISSP (Certified Information Systems Security Professional ) certification has become a pre-requisite for anyone looking to make a career in information security. The CISSP certification provides information security professionals with an objective measure of competence and a globally recognised standard of achievement. The CISSP credential suits mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers.
The CISSP is developed and maintained by (ISC)² - the International Information Systems Security Certification Consortium - which is a not-for-profit organisation that developed the information security common body of knowledge (“CBK”), which is divided into 10 domains (described below) and a certification programme for information systems security professionals. There are pre-qualification requirements (described on this page) in terms of professional experience.
CISSP Courses
Book your next training course through IT Governance and let our outstanding training service team take care of you from start to finish.
Making your booking couldn’t be easier, click on the course below and then select your location and dates from those listed.
CISSP - Accelerated Training Programme
Find books, tools and courses to help you achieve certification at our CISSP CAMPUS
Studying for your CISSP Certificate
CISSP certification is achieved by passing the official CISSP exam, which are run in the UK and elsewhere (see below).
The most common method of preparing for CISSP certification is to attend a classroom training course. IT Governance offers courses throughout the year on its Fast Track classroom training course.
Classroom training is not, however, mandatory and, provided that you meet the registration requirements described below, anyone can sit the CISSP exam. There are a number of training aids - books and online e-learning - specifically designed to help you pass the exam:
The CISSP Examination
(ISC)2 is responsible for all CISSP exams. Identify your nearest exam centre, and register online for the exam.
The 10 Domains of the CISSP CBK
CISSP is divided into 10 areas or domains, known collectively as the 'Common Body of Knowledge CBK'. These domains are:
-
CISSP Domain 1) Security Management Practices
-
Types of Security Controls
-
Security Policies, Standards, Procedures, and Guidelines
-
Risk Management and Analysis
-
CISSP Domain 2) Access Control Systems
-
Identification, Authentication, and Authorization Technologies
-
Discretionary versus Mandatory Access Control Models
-
Rule-based and Role-based Access Control
-
CISSP Domain 3) Telecommunications and Network Security
-
TCP\IP Suite
-
LAN, MAN, and WAN Topologies and Technologies
-
Firewall Types and Architectures
-
CISSP Domain 4) Cryptography
-
Block and Stream Ciphers
-
Explanation and Uses of Symmetric Key Algorithms
-
Explanation and Uses of Asymmetric Key Algorithms
-
CISSP Domain 5) Security Architecture and Models
-
Critical Components of Every Computer
-
Access Control Models
-
Certification and Accreditation
-
CISSP Domain 6) Operations Security
-
Operations Department Responsibilities
-
Personnel and Roles
-
Media Library and Resource Protection
-
CISSP Domain 7) Application and System Development
-
Software Development Models
-
Database Models
-
Relational Database Components
-
CISSP Domain 8) Business Continuity and Disaster Recovery
-
Planning
-
Roles and Responsibilities
-
Liability and Due Care Issues
-
Business Impact Analysis
-
CISSP Domain 9) Law, Investigation and Ethics
-
Privacy Laws and Concerns
-
Complications of Computer Crime Investigation
-
Types of Evidence and How to Collect It
-
CISSP Domain 10) Physical Security
-
Facility Location and Construction Issues
-
Physical Vulnerabilities and Threats
-
Fencing, Lighting, and Perimeter Protection
CISSP Professional Experience Requirements
With effect from 1 October 2007, Applicants must have a minimum of five years of direct full-time security professional work experience in two or more of the ten domains of the (ISC)² CISSP CBK, and will have to have their qualifications endorsed by another (ISC)² credential holder.
CISSP professional experience includes:
-
Work requiring special education or intellectual attainment, usually including a liberal education or college degree.
-
Work requiring habitual memory of a body of knowledge shared with others doing similar work.
-
Management of projects and/or other employees.
-
Supervision of the work of others while working with a minimum of supervision of one's self.
-
Work requiring the exercise of judgment, management decision-making, and discretion.
-
Work requiring the exercise of ethical judgment (as opposed to ethical behavior).
-
Creative writing and oral communication.
-
Teaching, instructing, training and the mentoring of others.
-
Research and development.
-
The specification and selection of controls and mechanisms (i.e. identification and authentication technology) (does not include the mere operation of these controls).
-
Applicable titles such as officer, director, manager, leader, supervisor, analyst, designer, cryptologist, cryptographer, cryptanalyst, architect, engineer, instructor, professor, investigator, consultant, salesman, representative, etc. Title may include programmer. It may include administrator, except where it applies to one who simply operates controls under the authority and supervision of others. Titles with the words "coder" or "operator" are likely excluded.
The applicant must meet the following requirements to qualify to sit for the examination:
-
A. Subscribe to the (ISC)² Code of Ethics; and
-
B. Have a minimum five years of direct full-time security professional work experience in two or more of the ten domains of the information systems security CBK® as described above.
Waiver of Experience: If certain circumstances apply and with appropriate documentation, candidates are eligible to waive a maximum of two years of professional experience* as follows:
-
One year waiver of the professional experience requirement for education.
Candidates can substitute a maximum of one year of direct full-time security professional work experience described above if they have a four-year college degree OR Master’s Degree in information security from a U.S. National Center of Academic Excellence in information Security (CAEIAE) or regional equivalent. If you hold both a four-year degree and a Master’s degree, you may only apply for a one year waiver of experience.
-
One-year waiver of the professional experience requirement for holding an additional credential on the (ISC)² approved list.
Valid experience includes information systems (IS) security-related work performed as a practitioner, auditor, consultant, investigator or instructor, that requires IS security knowledge and involves the direct application of that knowledge. The five years of experience must be the equivalent of actual full-time IS security work (not just IS security responsibilities for a five year period); this requirement is cumulative, however, and may have been accrued over a much longer period of time.
Continuing Professional Education (CPE)
All CISSPs are required to keep their knowledge current. There are a number of methods of doing this, including