CISSP Exam Requirements and Preparation

Along with the increasing dependence on information technology organizations and awareness of the importance of data in information systems, the need for experts in the field of information system security with international qualifications is also increasing.

CISSP or Certified Information Systems Security Professional is a certificate in the field of information system security independently issued by (ISC)² aka the International Information Systems Security Certification Consortium.

The meaning of independent here is that certification does not depend on a particular vendor such as Microsoft, Cisco, Oracle, etc.

The need for professionals in the field of information systems continues to increase. Many companies want to find competent professionals.

One of the things that makes it easier for companies to find qualified professionals is the certificate they have. Because the CISSP Certification differentiates one candidate from another.

Requirements to become a CISSP:

  • Pass the CISSP Exam
  • Have direct work experience for 5 years in two different CBK domains.
  • Agree to follow the CISSP Code of Conduct.
  • Received a recommendation from another CISSP which aims to ensure the CV and good behavior of the CISSP candidate.

CISSP (Certified Information Systems Security Professional): A Closer Look

Is a certification in the field of information system security independently issued by (ISC)² aka the International Information Systems Security Certification Consortium?

The meaning of independent here is that certification does not depend on a particular vendor such as Microsoft, Cisco, Oracle, etc.

CISSP Is the only professional certification in the field of information system security. It does not refer to a specific product (vendor-neutral).

It covers all security aspects ranging from information security management and physical security to highly technical elements such as network protocols and asynchronous encryption algorithms.

Broad and in-depth knowledge in various fields (domains) of information security is urgently needed.

CISSP is intended to be in a middle management position which requires it to be able to work with Top Management, Users, and IT Engineers who each have different points of view, approaches and “language”.

CISSP Experience Requirements

To become a Certified Information Systems Security Professional (CISSP), applicants must meet one of the following requirements:

  • Have a minimum of five years of direct, full-time security professional work experience in two or more of the ten domains of the (ISC)² CISSP Common Body of Knowledge (CBK)
  • Have four years of direct, full-time security professional work experience in two or more of the ten domains of the CISSP CBK, and a four-year college degree or a credential from the (ISC)²-approved list
  • If you do not meet the above requirements, you can become an Associate of (ISC)² by passing the CISSP exam, and then have six years to earn the necessary experience to become a CISSP.

It is worth noting that there is only a one-year experience exemption for education and a one-year waiver of the professional experience requirement for holding an additional credential on the (ISC)² approved list.

To be considered valid, the experience must be information systems security-related work, such as a practitioner, auditor, consultant, investigator, or instructor, that requires Information Security knowledge and involves the direct application of that knowledge.

The five years of experience must be the equivalent of actual full-time Information Security work, and this requirement is cumulative, meaning it may have been accrued over a longer period of time.

CISSP Professional Experience Requirements

CISSP professional experience includes but not limited to:

  • Work requiring special education or intellectual attainment, usually including a liberal education or college degree.
  • Work requiring habitual memory of a body of knowledge shared with others doing similar work.
  • Management of projects and/or other employees.
  • Supervision of the work of others while working with a minimum of supervision of one’s self.
  • Work requiring the exercise of judgment, management decision-making, and discretion.
  • Work requiring the exercise of ethical judgment (as opposed to ethical behavior).
  • Creative writing and oral communication.
  • Teaching, instructing, training and the mentoring of others.
  • Research and development.
  • The specification and selection of controls and mechanisms (i.e. identification and authentication technology) (does not include the mere operation of these controls).
  • Applicable job title examples are CISO, Director, Manager, Supervisor, Analyst, Cryptographer, Cyber Architect, Information Assurance Engineer, Instructor, Professor, Lecturer, Investigator, Computer Scientist, Program Manager, Lead, etc.

Ten domains of CISSP CBK

CISSP is divided into 8 areas or domains, known collectively as the ‘Common Body of Knowledge CBK’. These domains are:

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering
  • Communication and Network Security
  • Identity and Access Management
  • Security Assesment and Testing
  • Security Operations
  • Software Development Security

CISSP Cost

CISSP costs $549 if you register in advance for the complete six-hour exam. $50 rescheduling fee and $100 cancelling fee. You can also choose to apply for a CITREP grant to get help with funding.

Depending on where you took your test, you may have to pay an additional $50 processing fee when submitting your application. You will also have to pay an annual $85 CISSP maintenance fee.

This fee does not include tuition fees or CISSP books, which do not come with the exam.

Exam Preparation

Studying for the CISSP exam is essential, even if you are already experienced in your field. The (ISC)² offers some gratuitous training material, but most options are not free.

CISSP training options include offerings from (ISC)² and accredited third-party instructor and preparation programs. The CISSP book is available with practice questions, exams, and detailed answers.

The Official (ISC)² Guide to CISSP is available in hardcover and as an e-book for easy-access learning. You can also download a practice test app, which charges for each short 25-question practice test.

If you are not good with studying independently, then CISSP third-party preparation courses are another option.

These usually include CISSP books, practice exams, quiz banks, and sometimes instructor or teacher assistance. It (ISC)² offers several e-learning opportunities, including a ‘Whole E-Learning Course’.

The pricing is for $599 or individual course modules for $99 each, which you can choose based on whether you have to brush up on one domain or all of them.

There are 17 authorized CISSP training providers outside the US., as well as several third-party providers with more in-depth e-learning and teacher courses.