Certified Information Systems Security Professional – well that’s exactly what I’ll be showing you in this article. A certified information systems security professional (CISSP) is a self-governing information security certification established by the International Information System Security Certification Consortium, also known as (ISC)².
On December 31, 2018, there are 131,180 (ISC)² members holding the CISSP certification globally, in about 171 countries with the United States having the highest member count at 84,557 members.
In June 2004, the CISSP designation was attributed under the ANSI ISO/IEC Standard 17024:2003. It is also officially ratified by the U.S. Department of Defense (DoD) in both their Information Assurance Technical (IAT) and Managerial (IAM) categories for their DoDD 8570 certification requirement.
The CISSP has been adopted as a baseline for the U.S. National Security Agency’s ISSEP program. CISSP is a globally recognized certification in the field of IT security.
How to Become a Certified Information Systems Security Professional (CISSP)
1. Obtain Five Years of Security Work Experience — one important requirement to become a certified information security professionals that You must be able to present evidence of five paid full-time years of work experience in at least two of the eight CISSP CBK (Common Body of Knowledge) domains, which are Security and Risk Management, Asset Security, Communications and Network Security, Security Engineering, Identity, and Access Management, Security Assessment and Testing, and Security Operations Software Development Security. On-the-job experience is crucial for both the exam and the certification process.
2 Prepare For and Pass the CISSP Exam — finish the CISSP exam with at least a score of 700 out of 1,000. The exam is six hours long and comprises of a mix of multiple-choice and advanced innovative questions.
The cost charge is $699. The (ISC)2 CISSP webpage offers a download of the exam summary as well as a link to a Study App (available through the App Store and Google Play for about $10).
You can also get the formal textbook and test your knowledge with CISSP Flash Cards. If perhaps you need more than self-study materials, (ISC)2 and lots of third parties offer CISSP in-class and online training.
Training costs vary widely, but the online self-paced course costs $2,750 through (ISC)2. In-class training will cost appreciably more. Before scheduling your exam with Pearson VUE, go over the background qualifications, which might exclude you from sitting for the exam.
3 Get Endorsed to Become a CISSP — Once you’ve finished the CISSP exam, you’ll have to subscribe to the (ISC)2 Code of Ethics and complete an endorsement form to become a CISSP.
The authorization form must be signed by another (ISC)2 certified professional who is able to verify your professional work experience.
You must submit the completed form within nine months of passing your exam to become fully certified because passing the exam doesn’t automatically grant you certification status.
After you become fully certified, you’ll have to maintain your credentials by recertifying every three years. CISSPs are required to pay an $85 maintenance fee during the three-year cycle ($255 total).
They must also submit 40 continuing professional education (CPE) credits each year, for a total of 120 CPEs.
How To Prepare for the CISSP
Security professionals who study for the CISSP should be able to explain issues such as architecture and access control for protecting information system assets.
In being able to explain these issues to clients and other stakeholders, the analyst must know how to assess the business or organization’s current operations policies for incident response and make recommendations to those concerned for improvements to business or organization security.
Knowing how to explain the importance of disaster recovery policies and demonstrate multiple and effective strategies to clients and stakeholders is a key skill tested in the CISSP.
As part of the communication process, security analysts must compare and contrast different cryptographic protocols and be able to make recommendations based on this analysis of security needs.
Creating systems of policies, standards, procedures, and guidelines with clients and stakeholders in mind should be the end goal of a CISSP analyst who earns certification.
In terms of technical knowledge, CISSP analysts must demonstrate proficiency in a number of areas. Proficiency in network architecture and design, being able to implement network architecture to anticipate threats and best use given sometimes limited resources.
This includes demonstrating a clear understanding of the software security application’s life cycle effectiveness. CISSP analysts also should have the ability to collect digital forensic evidence while maintaining the integrity of the evidence gathered.
They also must demonstrate knowledge of physical security systems and how they add value to network security systems.
Reasons you Should Consider Adding a CISSP Certification to Your Accomplishments
1. Universally Recognized
The CISSP credential is a valued certification for most professionals and is highly respected by a majority of large, global majors like Google, P&G, IBM, etc.
These organizations attest to the fact that the CISSP certification demonstrates an individual’s working knowledge of information security and commitment to their profession.
The US ISSEP has adopted this certification as a baseline for the NSA. And multiple sources have confirmed the CISSP certification as being one of the most recognized certifications in the IT industry.
Bank Info Security is one such – according to BIS, CISSP continues to remain the most sought-after certification in the information security domain.
2. Immense Popularity
(ISC)2 reports from May 2014, indicate that over 93,391 individuals have attained the CISSP credential in over 149 countries worldwide.
Since its inception in 1989, the CISSP has been the most-popular IT security certification for over two and half decades, which speaks volumes about the worth certified professionals derive from acquiring a CISSP and its relevance in a changing world.
As the oldest IT security certification in the world, the CISSP certification is considered the grand-daddy of certifications and has had almost three decades to develop, resulting in a vast body of know-how and expertise.
According to the Global Information Security and Workforce study, CISSP professionals earn a worldwide average salary that is 25% more than that of their non-certified counterparts.
Most surveys such as the Tech Republic survey ranked jobs for CISSP professionals at number 4 in the top 15 highest paying jobs.
The InfoSec Institute also notes that the average salary for a female CISSP falls between $73,627 and $111,638, while the average salary for male CISSP professionals is between $78,788 and $119,184, making this the highest paying credential in the IT industry.
Surveys by professional organizations and market research firms also indicate CISSP employees earn more with a certification in hand (IDC, SANS).
In addition, surveys note that the salary-gap between members of the ISC2 and non-members continues to widen.