March 05, 2013
As an IT professional with information security experience, there are a number of certification options to pursue. One of the most common and one of the most debated (from what I’ve read) is the Certified Information Systems Security Professional (CISSP) which is offered by the International Information Systems Security Certification Consortium or (ISC)2. So if you’re considering getting your CISSP certification, here is some helpful information to consider.
The Application
The certification process isn’t exactly easy and it never really ends. First, you must submit an application to take the exam along with the fee to take the exam. The cost of the exam is $549 if you register more than 16 days in advance. If you choose to register less than 16 days in advance (which may not be wise because you need to study!) the cost of the exam is $599. In order to take the exam, you must assert that you have at least 5 years of professional experience in the information security field or you must have a college degree in addition to four years of professional experience.
Included in the application, you must sign the Candidate Agreement which attests to the truth of your experience and legally binds you to adhere to the CISSP Code of Ethics. You will then complete four questions regarding your criminal history and background.
The Exam
The exam consists of 250 multiple-choice questions and you have 6 hours to complete the test. You must score 700 points or greater to pass the exam. The exam tests on the 10 CISSP domains pertaining to the Common Body of Knowledge which include:
- Access Control Systems and Methodology
- Business Continuity Planning
- Cryptography
- Applications and Systems Development
- Law, Investigation, and Ethics
- Physical Security
- Operations Security
- Telecommunications, Network, and Internet Security
- Security Architecture and Models
- Security Management Practices
Assuming you pass the exam, you must now submit an endorsement form from another (ISC)2certified professional. This person must be able to attest to your professional experience and they must also be in good standing with the (ISC)2.
If you are unable to find an endorser, the (ISC)2 will act as your endorser and submit you to an audit in which you will be required to submit your resume for a formal review and investigation. Your resume will be verified and references checked. Please note that there is a percentage of people who will be audited even if they have submitted an outside endorsement.
You’re Certified, Now What?
The CISSP certification must be renewed every 3 years, you must adhere to the CISSP Code of Ethics, and an annual maintenance fee of $85 is due each year in between. You can renew your certification through Continuing Professional Education Credits or by retaking the test. CPE credits can be earned in many ways including, but not limited to, attending educational courses or seminars, providing security training, publishing security articles or books, and attending security conferences. If you choose to go the route of earning CPE credits you must earn 120 throughout the 3 years in between renewals. You must also earn at least 20 CPE credits each year before your annual membership fee is due.
Benefits of the CISSP Certification
The CISSP was the first in the field of information security to obtain accreditation by the ANSI ISO/IEC Standard 17024:2003 in June 2004. With that being said, the CISSP certification is often the most sought after credential in the field of security. Earning this credential is also required for many government, military, and civilian security positions.
The Debate
While the CISSP may have the first certification of its kind to receive accreditation, the value of earning and maintaining one is often debated. It is true that the cost of maintain the certification is quite steep and it is not something you can forget about once you take the exam. Also, there is often a misconception that people who obtain the CISSP are experts in the field, while the exam is actually meant to test a broad range of general knowledge.
There is also a debate about whether or not the CISSP will increase your salary. It is has been featured on many top 5 lists of certifications that will increase your salary. The truth is it might help. There are many other factors that play a role in determining one’s salary including location, industry, and experience. I have seen various salary averages for individuals with this certification ranging from $80,000 to $103,299.
Some Interesting CISSP Exam Facts
- There are no country-specific questions on the exam as the test is based on internationally accepted information security standards and practices
- Less than 8% of those who take the exam score higher than an 85%
- The most difficult domains on the test are often cryptography, system architecture, and physical security as they are not commonly used in everyday security management
- Between 100 and 150 new questions are added to the pool of questions in order to incorporate new security technologies, practices and standards.
In the end, your choice to obtain the CISSP is completely up to you. It is a lot of work to maintain the certification, but it will by no means hinder your career if you choose to do so. It may, in some cases, help you get farther ahead.
Have you had experience with the CISSP exam and certification? If you have, has it helped you in your career? Please share your thoughts and experiences below!