This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

CISSP® (Certified Information Systems Security Professional)

What is CISSP?

The CISSP (Certified Information Systems Security Professional) certification has become a pre-requisite for anyone developing a senior career in information security. The CISSP certification provides information security professionals with an objective measure of competence and a globally recognised standard of achievement. The CISSP credential suits mid- and senior-level managers who are working towards, or have already attained positions as, CISOs, CSOs or senior security engineers.

CISSP was developed and is maintained by (ISC)², the International Information Systems Security Certification Consortium. At the heart of CISSP is an information security common body of knowledge (CBK), which is divided into eight domains.

To qualify for CISSP certification, delegates must:

  1. Have a minimum of five years’ experience in two or more of the eight CBK domains.
  2. Study for and pass the CISSP examination.
  3. Complete the endorsement process and subscribe to the (ISC)² Code of Ethics.
  4. Maintain certification through continuing professional education (CPE) credits.

Please see the (ISC)² guidance on how to get your CISSP certification.

1.2 Exam preparation: CISSP Online Training Course

The CISSP Online Training Course gives you 12 months’ access to expert, instructor-led training that will not only help you to pass the examination, but also to understand how to design, manage, assess and oversee an enterprise’s information security infrastructure.

Provided the registration requirements are met, anyone can sit the CISSP exam without undertaking online training. The Official (ISC)² Guide to the CISSP CBK has been specifically developed to help you pass the exam.


The eight domains of the CISSP CBK

On 15 April 2015, the Official (ISC)² CISSP CBK was revised to reflect the significant updates in the technical and managerial competence required to effectively design, engineer, implement and manage an information security programme.

  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communications and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security