Over the last decade we’ve seen an increased awareness in of information security in organizations.  This has been accelerated by stories about everything from viruses to hackers hitting the news.  This, of course does not account for those stories which do not make it to the front page.  If you aren’t familiar with information security, you may not be familiar with the CISSP certification. The CISSP certification is issued by theInformation Systems Security Certification Consortium, Inc which is also known as (ISC)2. While they offer a number of certifications, the Certified Information Systems Security Professional or CISSP certification is one of the most popular among information security practitioners.

Ready to learn more about what it takes to earn the CISSP Certification?

CISSP Certification Requirements

Of course, there is an exam which must be passed (more on that soon), but beyond that, the CISSP has additional requirements. Candidates need to have at least five years of commutative experience in two or more of the CISSP Common Body of Knowledge domains. Candidates who do not have this experience may take and pass the exam, and then have up to six years to gain this experience to become a full fledged CISSP.

After passing the exam, successful candidates will need to agree to the code of ethics and be endorsed by a current CISSP before gaining their certification.

Understanding the CISSP Domains

If you’re reading about the CISSP certification, you will see quite a bit of talk about “domains”. These domains are part of what is called the Common Body of Knowledge also known as CBK. The domains are as follows:

  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communications and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

As you can see, the content is spread across a large number of subject areas. For those who aren’t familiar with information security practices it may seem daunting. For those with practical information security knowledge, it makes sense. Information security is increasingly becoming a part of daily life for many technology professionals, and the information security experts need to know enough about each infrastructure area to protect them against vulnerabilities and threats.

These domains are weighted across the exam, with Security and Risk Management and Security Operations sharing the highest weights at 16% each. The lowest weighted topics are Asset Security and Software Development Security at 10% each.  While (ISC)2 does publish this breakdown of domain weighting, it is important to ensure you have a good understanding of all eight domains as a CISSP candidate.

The CISSP Exam

The CISSP exam consists of 250 questions over a six hour period, with a passing score of 700 out of 1000. Besides learning all of the material required for the exam, the exam itself requires time management skills to ensure all questions are answered. Six hours may seem like a great deal of time, but it provides just 1.4 minutes per question. This is one of the reasons why preparation is key for obtaining this certification. The exam is offered through PearsonVUE testing centers.

Is the CISSP Exam For Me?

The answer to this question is my favorite of all time, “It depends.” If you are an information security professional looking for a relevant certification, this is it. If you are looking to enter the world of information security, exploring the domains is a great way to get a better understanding of the field.

To learn more about the CISSP certification, be sure to check out the official website, which also lists a number of study resources. These resources are great for those looking to learn more about a specific area of information security in addition to those seeking the certification.