Certified Information Systems Security Professional

CISSP logo

Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the International Information System Security Certification Consortium, also known as (ISC)².

As of June 1, 2015, there are 100,102 (ISC)² members holding the CISSP certification worldwide, in 160 countries.[1] In June 2004, the CISSP obtained accreditation by ANSI ISO/IEC Standard 17024:2003 accreditation.[2][3] It is also formally approved by the U.S. Department of Defense (DoD) in both their Information Assurance Technical (IAT) and Managerial (IAM) categories for their DoDD 8570 certification requirement.[4] The CISSP has been adopted as a baseline for the U.S. National Security Agency's ISSEP program. CISSP is a globally recognized certification in the field of IT security.[5]

History

In the mid-1980s a need arose for a standardized, vendor-neutral certification program that provided structure and demonstrated competence. In November 1988, the Special Interest Group for Computer Security (SIG-CS), a member of the Data Processing Management Association (DPMA), brought together several organizations interested in this goal. The International Information Systems Security Certification Consortium or "(ISC)²" formed in mid-1989 as a non-profit organization.[6]

By 1990, the first working committee to establish a Common Body of Knowledge (CBK) had been formed. The first version of the CBK was finalized by 1992, and the CISSP credential was launched by 1994.[7]

Certification subject matter

The CISSP curriculum covers subject matter in a variety of Information Security topics.[8] The CISSP examination is based on what (ISC)² terms the Common Body of Knowledge (or CBK). According to (ISC)², "the CISSP CBK is a taxonomy – a collection of topics relevant to information security professionals around the world. The CISSP CBK establishes a common framework of information security terms and principles that allow information security professionals worldwide to discuss, debate and resolve matters pertaining to the profession with a common understanding."[9]

From 2015, the CISSP curriculum is divided into eight domains:[10]

Before 2015, it covered ten similar domains.

Requirements

Concentrations

Holders of CISSP certifications can earn additional certifications in areas of specialty. There are three possibilities:[17]

  1. Information Systems Security Architecture Professional (CISSP-ISSAP)
  2. Information Systems Security Engineering Professional (CISSP-ISSEP), an advanced information security certification issued by (ISC)2 that focuses on the engineering aspects of information security.[18] In October 2014 it was announced that some of the ISSEP curriculum would be made available to the public by the United States Department of Homeland Security through its National Initiative for Cybersecurity Careers and Studies program.[19] Both ZDNet and Network World have named ISSEP one of tech’s most valuable certifications.[20][21]
  3. Information Systems Security Management Professional (CISSP-ISSMP), an advanced information security certification issued by (ISC)2[22] that focuses on the management aspects of information security.[23] In September 2014, Computerworld rated ISSMP one of the top ten most valuable certifications in all of tech.[24]

Ongoing certification

The CISSP credential is valid for three years. It can be renewed by re-taking the exam, but most holders renew by submitting Continuing Professional Education (CPE) credits. To maintain the CISSP certification, a certificate holder is required to earn and submit a minimum of 40 CPEs each year and 120 CPEs by the end of their three-year certification cycle.

For those holding one or more concentrations, CPEs submitted for those concentrations count toward the CPEs required for the CISSP.[25]

CPEs can be earned in several ways, including taking classes, attending conferences and seminars (online and in person), teaching others, undertaking volunteer work, and professional writing. Most activities earn 1 CPE for each hour of time spent, but preparing (but not delivering) training for others is weighted at 4 CPEs/hour, published articles are worth 10 CPEs, and published books 40 CPEs.[25]

Value

In 2005, Certification Magazine surveyed 35,167 IT professionals in 170 countries on compensation and found that CISSPs led their list of certificates ranked by salary. A 2006 Certification Magazine salary survey also ranked the CISSP credential highly, and ranked CISSP concentration certifications as the top best-paid credentials in IT.[26][27]

In 2008, another study came to the conclusion that IT professionals with CISSP (or other major security certifications) tend to have salaries $21,000 higher than IT professionals without such certificates.[28] However, there's no proof that there's any cause-and-effect between the certificate and salaries.

ANSI certifies that CISSP meets the requirements of ANSI/ISO/IEC Standard 17024, a personnel certification accreditation program.[2]

References

  1. "Member Counts". (ISC)². Retrieved May 5, 2014.
  2. 1 2 ANSI Accreditation Services - International Information Systems Security Certification Consortium, Inc. (ISC)2. ANSI
  3. "(ISC)² CISSP Security Credential Earns ISO/IEC 17024 Re-accreditation from ANSI" (Press release). Palm Harbor, FL: (ISC)². September 26, 2005. Retrieved November 23, 2009.
  4. "DoD 8570.01-M Information Assurance Workforce Improvement Program" (PDF). United States Department of Defense. January 24, 2012. Retrieved April 12, 2012.
  5. "NSA Partners With (ISC)² To Create New InfoSec Certification". February 27, 2003. Retrieved December 3, 2008.
  6. Harris, Shon (2010). All-In-One CISSP Exam Guide (5 ed.). New York: McGraw-Hill. pp. 7–8. ISBN 0-07-160217-8.
  7. History of (ISC)². (ISC)²
  8. Conrad; Misenar; Feldman. 11th Hour CISSP. Syngress. ISBN 978-0-12-417142-8.
  9. Tipton; Henry. Official (ISC)² Guide to the CISSP CBK. Auerbach Publications. ISBN 0-8493-8231-9.
  10. "(ISC)² CISSP and SSCP Domain Refresh FAQ". (ISC)². Retrieved 15 May 2015.
  11. "Forensics and Incident Response". www.peerlyst.com. Retrieved 3 April 2016.
  12. "CISSP Professional Experience Requirement". (ISC)². 2009. Retrieved December 3, 2008.
  13. "How to Become an Associate". (ISC)². 2009. Retrieved November 23, 2009.
  14. "(ISC)² Code of Ethics". (ISC)². 2009. Retrieved December 3, 2008.
  15. 1 2 "How To Certify". (ISC)². 2009. Retrieved December 3, 2008.
  16. "Endorsement". (ISC)². 2009. Retrieved August 2, 2015.
  17. "CISSP® Concentrations". (ISC)². Retrieved 17 January 2015.
  18. InfoSecurity Magazine (Sep 2009): Finding your way: An overview of information security industry qualifications and associations
  19. (ISC)² Offers Certification Via DHS
  20. ZDNet (Feb 2014): 20 technology certifications that are paying off
  21. Network World (Dec 2013): 18 Hot IT Certifications for 2014
  22. GCN: DOD approves new credentials for security professionals
  23. InfoSecurity Magazine (Sep 2009): Finding your way: An overview of information security industry qualifications and associations
  24. ComperWorld: IT skills that are in demand, and those that will be
  25. 1 2 "Maintaining Your Credential". (ISC)². 2009. Retrieved December 3, 2008.
  26. "Top Certifications by Salary in 2007". Certification Magazine. April 11, 2007. Archived from the original on March 29, 2007. Retrieved October 14, 2007.
  27. Sosbe, Tim; Hollis, Emily; Summerfield, Brian; McLean, Cari (December 2005). "CertMag’s 2005 Salary Survey: Monitoring Your Net Worth". Certification Magazine (CertMag). Archived from the original on June 6, 2007. Retrieved April 27, 2007.
  28. Salary boost for getting CISSP, related certs. NetworkWorld

External links

This article is issued from Wikipedia - version of the Thursday, May 05, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.