fbpx
Wikipedia

Certified information systems security professional

November 28, 2023

CISSP (Certified Information Systems Security Professional) is an independent information security certification granted by the International Information System Security Certification Consortium, also known as ISC2.

CISSP logo

As of July, 2022, there were 156,054 ISC2 members holding the CISSP certification worldwide.[1]

In June 2004, the CISSP designation was accredited under the ANSI ISO/IEC Standard 17024:2003.[2][3] It is also formally approved by the U.S. Department of Defense (DoD) in their Information Assurance Technical (IAT), Managerial (IAM), and System Architect and Engineer (IASAE) categories for their certification requirement.[4]

In May 2020, The UK National Academic Recognition Information Centre assessed the CISSP qualification as a Level 7 award, the same level as a Masters degree.[5][6] The change enables cyber security professionals to use the CISSP certification towards further higher education course credits and also opens up opportunities for roles that require or recognize master’s degrees.[7]

History edit

In the mid-1980s, a need arose for a standardized, vendor-neutral certification program that provided structure and demonstrated competence. In November 1988, the Special Interest Group for Computer Security (SIG-CS), a member of the Data Processing Management Association (DPMA), brought together several organizations interested in this goal. The International Information Systems Security Certification Consortium or "ISC2" formed in mid-1989 as a non-profit organization.[8]

By 1990, the first working committee to establish a Common Body of Knowledge (CBK) had been formed. The first version of the CBK was finalized by 1992, and the CISSP credential was launched by 1994.[9]

In 2003 the CISSP was adopted as a baseline for the U.S. National Security Agency's ISSEP program.[10]

Certification subject matter edit

The CISSP curriculum breaks the subject matter down into a variety of Information Security topics referred to as domains.[11] The CISSP examination is based on what ISC2 terms the Common Body of Knowledge (or CBK). According to ISC2, "the CISSP CBK is a taxonomy – a collection of topics relevant to information security professionals around the world. The CISSP CBK establishes a common framework of information security terms and principles that allow information security professionals worldwide to discuss, debate and resolve matters pertaining to the profession with a common understanding."[12]

On 1st May 2021 there was a domain refresh that impacted the weighting of the domains; the domains themselves did not change.[13]

From 15 April 2018, the eight domains covered are :[14]

  1. Security and risk management
  2. Asset security
  3. Security architecture and engineering
  4. Communication and network security
  5. Identity and access management (IAM)
  6. Security assessment and testing
  7. Security operations
  8. Software development security

From 2015 to early 2018, the CISSP curriculum was divided into eight domains similar to the latest curriculum above. The only domain to have changed its name was "Security Engineering," which in the 2018 revision was expanded to "Security Architecture and Engineering."[15]

Before 2015, it covered ten domains:[16]

  1. Operations security
  2. Telecommunications and network security
  3. Information security governance and risk management
  4. Software development security
  5. Cryptography
  6. Security architecture and design
  7. Access control
  8. Business continuity and disaster recovery planning
  9. Legal, regulations, investigations and compliance
  10. Physical (environmental) security

Requirements edit

  • Possess a minimum of five years of direct full-time security work experience in two or more of the ISC2 information security domains (CBK). One year may be waived for having either a four-year college degree, a master's degree in Information Security, or for possessing one of a number of other certifications.[17] A candidate without the five years of experience may earn the Associate of ISC2 designation by passing the required CISSP examination, valid for a maximum of six years. During those six years a candidate will need to obtain the required experience and submit the required endorsement form for certification as a CISSP. Upon completion of the professional experience requirements the certification will be converted to CISSP status.[18]
  • Attest to the truth of their assertions regarding professional experience and accept the CISSP Code of Ethics.[19]
  • Answer questions regarding criminal history and related background.[20]
  • Pass the multiple choice CISSP exam (four hours, up to 175 questions, in an adaptive exam) with a scaled score of 700 points or greater out of 1000 possible points, you must achieve a pass in all eight domains.[20]
  • Have their qualifications endorsed by another ISC2 certification holder in good standing.[21]

Member counts edit

Number of CISSP members as of July, 2022 is 156,054.[1]

Top 15 countries by CISSP Member Counts as at July 2022
# Country (Top 15) Count
1 United States 95,243
2 United Kingdom 8,486
3 Canada 6,842
4 China 4,136
5 Japan 3,699
6 India 3,364
7 Australia 3,305
8 The Netherlands 2,983
9 Singapore 2,963
10 Germany 2,856
11 Korea 2,090
12 Hong Kong 1,968
13 France 1,277
14 Switzerland 1,127
15 Spain 847

Concentrations edit

Holders of CISSP certifications can earn additional certifications in areas of speciality. There are three possibilities of the concentrations as listed below.[22]

Information Systems Security Architecture Professional (CISSP-ISSAP) edit

It is an advanced information security certification issued by (ISC)² that focuses on the architecture aspects of information security. The certification exam consists of 125 questions covering six domain areas:

  1. Identity and Access Management Architecture
  2. Security Operations Architecture
  3. Infrastructure Security
  4. Architect for Governance, Compliance, and Risk Management
  5. Security Architecture Modeling
  6. Architect for Application Security

As of July, 2022, there were 2,307 ISC2 members holding the CISSP-ISSAP certification worldwide.[1]

Information Systems Security Engineering Professional (CISSP-ISSEP) edit

It is an advanced information security certification issued by (ISC)² that focuses on the engineering aspects of information security across the systems development life cycle.[23] In October 2014 it was announced that some of its curricula would be made available to the public by the United States Department of Homeland Security through its National Initiative for Cybersecurity Careers and Studies program.[24] Both ZDNet and Network World have named ISSEP one of tech’s most valuable certifications.[25][26] The certification exam consists of 125 questions covering 5 domain area:

  1. Security Engineering Principles
  2. Risk Management
  3. Security Planning, Design, and Implementation
  4. Secure Operations, Maintenance, and Disposal
  5. Secure Engineering Technical Management

As of July, 2022, there were 1,382 ISC2 members holding the CISSP-ISSEP certification worldwide. [1]

Information Systems Security Management Professional (CISSP-ISSMP) edit

It is an advanced information security certification issued by (ISC)²[27] that focuses on the management aspects of information security.[23] In September 2014, Computerworld rated ISSMP one of the top ten most valuable certifications in all of tech.[28] The certification exam consists of 125 questions covering 6 domain areas:

  1. Leadership and Business Management
  2. Systems Lifecycle Management
  3. Risk Management
  4. Threat Intelligence and Incident Management
  5. Contingency Management
  6. Law, Ethics, and Security Compliance Management

As of July, 2022, there were 1,458 ISC2 members holding the CISSP-ISSMP certification worldwide. [1]

Fees and ongoing certification edit

The standard exam costs $749 US as of 2021.[29] On completion of the exam, to gain certification you need to complete an endorsement process to evidence at least five years experience within a mix of the domains. A dispensation can be claimed for one year with the relevant academic qualification. The final step is payment of the annual maintenance fee of $125 (as of 2020).

The CISSP credential is valid for three years; holders renew either by submitting 40 Continuing Professional Education (CPE) credits per year over three years or re-taking the exam.

CPE credits are gained by completing relevant professional education.

Value edit

In 2005, Certification Magazine surveyed 35,167 IT professionals in 170 countries on compensation and found that CISSPs led their list of certificates ranked by salary. A 2006 Certification Magazine salary survey also ranked the CISSP credential highly, and ranked CISSP concentration certifications as the top best-paid credentials in IT.[30][31]

In 2008, another study came to the conclusion that IT professionals with CISSP (or other major security certifications) and at least 5 years of experience tend to have salaries around US, about US (or 26%) higher than IT professionals with similar experience levels who do not have such certificates.[32] Note that any actual cause-and-effect relationship between the certificate and salaries remains unproven.[citation needed]

As of 2017, a study by CyberSecurityDegrees.com surveyed some 10,000 current and historical cyber security job listings that preferred candidates holding CISSP certifications. CyberSecurityDegrees found that these job openings offered an average salary of more than the average cyber security salary.[33]

ANSI certifies that CISSP meets the requirements of ANSI/ISO/IEC Standard 17024, a personnel certification accreditation program.[2]

See also edit

  • CISM (Certified Information Security Manager)

References edit

  1. ^ a b c d e . www.isc2.org. Archived from the original on 2023-03-16. Retrieved 2023-03-16.
  2. ^ a b ANSI Accreditation Services - International Information Systems Security Certification Consortium, Inc. (ISC)2 July 18, 2012, at the Wayback Machine. ANSI
  3. ^ (Press release). Palm Harbor, FL: (ISC)². September 26, 2005. Archived from the original on March 2, 2010. Retrieved November 23, 2009.
  4. ^ (PDF). United States Department of Defense. January 24, 2012. Archived from the original (PDF) on July 10, 2007. Retrieved April 12, 2012.
  5. ^ Coker, James (2020-05-12). "CISSP Qualification Given Cert Status Equivalent to Master's Degree Level". Infosecurity Magazine. Retrieved 2020-11-15.
  6. ^ GmbH, finanzen net. "(ISC)2 CISSP Certification Now Comparable to Masters Degree Standard | Markets Insider". markets.businessinsider.com. Retrieved 2020-07-15.
  7. ^ Coker, James (2020-05-12). "CISSP Qualification Given Cert Status Equivalent to Master's Degree Level". Infosecurity Magazine. Retrieved 2020-07-15.
  8. ^ Harris, Shon (2010). All-In-One CISSP Exam Guide (5 ed.). New York: McGraw-Hill. pp. 7–8. ISBN 978-0-07-160217-4.
  9. ^ History of (ISC)² 2017-02-04 at the Wayback Machine. (ISC)²
  10. ^ . February 27, 2003. Archived from the original on September 29, 2011. Retrieved December 3, 2008.
  11. ^ Conrad; Misenar; Feldman (7 November 2013). 11th Hour CISSP. Syngress. ISBN 978-0-12-417142-8.
  12. ^ Tipton; Henry (2006-11-14). Official (ISC)² Guide to the CISSP CBK. Auerbach Publications. ISBN 0-8493-8231-9.
  13. ^ "Cybersecurity Certification| CISSP - Domain Refresh FAQ| (ISC)²". www.isc2.org. Retrieved 2020-11-15.
  14. ^ "CISSP Certification Exam Outline". Retrieved 6 Mar 2023.
  15. ^ . (ISC)². Archived from the original on 16 March 2016. Retrieved 15 May 2015.
  16. ^ . 2014-10-15. Archived from the original on 2014-10-15. Retrieved 2020-12-30.
  17. ^ . (ISC)². 2009. Archived from the original on March 21, 2016. Retrieved December 3, 2008.
  18. ^ . (ISC)². 2009. Archived from the original on February 4, 2017. Retrieved November 23, 2009.
  19. ^ . (ISC)². 2009. Archived from the original on June 6, 2017. Retrieved December 3, 2008.
  20. ^ a b "How To Certify". (ISC)². 2009. Retrieved December 3, 2008.
  21. ^ "Endorsement". (ISC)². 2009. Retrieved August 2, 2015.
  22. ^ . (ISC)². Archived from the original on 11 December 2014. Retrieved 17 January 2015.
  23. ^ a b "Finding your way: An overview of information security industry qualifications and associations". Infosecurity Magazine. 23 September 2009. Retrieved 29 March 2023.
  24. ^ Seals, Tara (10 October 2014). "(ISC)² Offers Certification Via DHS". Infosecurity Magazine. Retrieved 29 March 2023.
  25. ^ "20 technology certifications that are paying off". ZDNET. Retrieved 29 March 2023.
  26. ^ . Archived from the original on 19 September 2018. Retrieved 29 March 2023.
  27. ^ . Archived from the original on 24 October 2020. Retrieved 29 March 2023.
  28. ^ Thibodeau, Patrick (29 September 2014). "IT skills that are in demand, and those that will be". Computerworld. Retrieved 29 March 2023.
  29. ^ "exam prices". (ISP)^2. Retrieved 10 November 2021.
  30. ^ Certification Magazine (2007-04-11). . Certification Magazine. Archived from the original on 2007-03-29. Retrieved 2007-10-14.
  31. ^ Sosbe, Tim; Hollis, Emily; Summerfield, Brian; McLean, Cari (December 2005). . Certification Magazine. CertMag. Archived from the original on 2007-06-07. Retrieved 2007-04-27.
  32. ^ Brodkin, Jon (2008-06-11). Salary boost for getting CISSP, related certs. Network World, IDG, 11 June 2008. Retrieved from http://www.networkworld.com/newsletters/2008/060908ed1.html.
  33. ^ CyberSecurityDegrees.com's Study of the Most Lucrative Cyber Security Certifications. Cyber Security Degrees. Retrieved from https://cybersecuritydegrees.com/faq/most-popular-cyber-security-professional-certifications/.

External links edit

  • Official website

November 28, 2023
certified, information, systems, security, professional, cissp, certified, information, systems, security, professional, independent, information, security, certification, granted, international, information, system, security, certification, consortium, also, . CISSP Certified Information Systems Security Professional is an independent information security certification granted by the International Information System Security Certification Consortium also known as ISC2 CISSP logo As of July 2022 there were 156 054 ISC2 members holding the CISSP certification worldwide 1 In June 2004 the CISSP designation was accredited under the ANSI ISO IEC Standard 17024 2003 2 3 It is also formally approved by the U S Department of Defense DoD in their Information Assurance Technical IAT Managerial IAM and System Architect and Engineer IASAE categories for their DoDD 8570 certification requirement 4 In May 2020 The UK National Academic Recognition Information Centre assessed the CISSP qualification as a Level 7 award the same level as a Masters degree 5 6 The change enables cyber security professionals to use the CISSP certification towards further higher education course credits and also opens up opportunities for roles that require or recognize master s degrees 7 Contents 1 History 2 Certification subject matter 3 Requirements 4 Member counts 5 Concentrations 5 1 Information Systems Security Architecture Professional CISSP ISSAP 5 2 Information Systems Security Engineering Professional CISSP ISSEP 5 3 Information Systems Security Management Professional CISSP ISSMP 6 Fees and ongoing certification 7 Value 8 See also 9 References 10 External linksHistory editIn the mid 1980s a need arose for a standardized vendor neutral certification program that provided structure and demonstrated competence In November 1988 the Special Interest Group for Computer Security SIG CS a member of the Data Processing Management Association DPMA brought together several organizations interested in this goal The International Information Systems Security Certification Consortium or ISC2 formed in mid 1989 as a non profit organization 8 By 1990 the first working committee to establish a Common Body of Knowledge CBK had been formed The first version of the CBK was finalized by 1992 and the CISSP credential was launched by 1994 9 In 2003 the CISSP was adopted as a baseline for the U S National Security Agency s ISSEP program 10 Certification subject matter editThe CISSP curriculum breaks the subject matter down into a variety of Information Security topics referred to as domains 11 The CISSP examination is based on what ISC2 terms the Common Body of Knowledge or CBK According to ISC2 the CISSP CBK is a taxonomy a collection of topics relevant to information security professionals around the world The CISSP CBK establishes a common framework of information security terms and principles that allow information security professionals worldwide to discuss debate and resolve matters pertaining to the profession with a common understanding 12 On 1st May 2021 there was a domain refresh that impacted the weighting of the domains the domains themselves did not change 13 From 15 April 2018 the eight domains covered are 14 Security and risk management Asset security Security architecture and engineering Communication and network security Identity and access management IAM Security assessment and testing Security operations Software development securityFrom 2015 to early 2018 the CISSP curriculum was divided into eight domains similar to the latest curriculum above The only domain to have changed its name was Security Engineering which in the 2018 revision was expanded to Security Architecture and Engineering 15 Before 2015 it covered ten domains 16 Operations security Telecommunications and network security Information security governance and risk management Software development security Cryptography Security architecture and design Access control Business continuity and disaster recovery planning Legal regulations investigations and compliance Physical environmental securityRequirements editPossess a minimum of five years of direct full time security work experience in two or more of the ISC2 information security domains CBK One year may be waived for having either a four year college degree a master s degree in Information Security or for possessing one of a number of other certifications 17 A candidate without the five years of experience may earn the Associate of ISC2 designation by passing the required CISSP examination valid for a maximum of six years During those six years a candidate will need to obtain the required experience and submit the required endorsement form for certification as a CISSP Upon completion of the professional experience requirements the certification will be converted to CISSP status 18 Attest to the truth of their assertions regarding professional experience and accept the CISSP Code of Ethics 19 Answer questions regarding criminal history and related background 20 Pass the multiple choice CISSP exam four hours up to 175 questions in an adaptive exam with a scaled score of 700 points or greater out of 1000 possible points you must achieve a pass in all eight domains 20 Have their qualifications endorsed by another ISC2 certification holder in good standing 21 Member counts editNumber of CISSP members as of July 2022 is 156 054 1 Top 15 countries by CISSP Member Counts as at July 2022 Country Top 15 Count1 United States 95 2432 United Kingdom 8 4863 Canada 6 8424 China 4 1365 Japan 3 6996 India 3 3647 Australia 3 3058 The Netherlands 2 9839 Singapore 2 96310 Germany 2 85611 Korea 2 09012 Hong Kong 1 96813 France 1 27714 Switzerland 1 12715 Spain 847Concentrations editHolders of CISSP certifications can earn additional certifications in areas of speciality There are three possibilities of the concentrations as listed below 22 Information Systems Security Architecture Professional CISSP ISSAP edit It is an advanced information security certification issued by ISC that focuses on the architecture aspects of information security The certification exam consists of 125 questions covering six domain areas Identity and Access Management Architecture Security Operations Architecture Infrastructure Security Architect for Governance Compliance and Risk Management Security Architecture Modeling Architect for Application SecurityAs of July 2022 there were 2 307 ISC2 members holding the CISSP ISSAP certification worldwide 1 Information Systems Security Engineering Professional CISSP ISSEP edit It is an advanced information security certification issued by ISC that focuses on the engineering aspects of information security across the systems development life cycle 23 In October 2014 it was announced that some of its curricula would be made available to the public by the United States Department of Homeland Security through its National Initiative for Cybersecurity Careers and Studies program 24 Both ZDNet and Network World have named ISSEP one of tech s most valuable certifications 25 26 The certification exam consists of 125 questions covering 5 domain area Security Engineering Principles Risk Management Security Planning Design and Implementation Secure Operations Maintenance and Disposal Secure Engineering Technical ManagementAs of July 2022 there were 1 382 ISC2 members holding the CISSP ISSEP certification worldwide 1 Information Systems Security Management Professional CISSP ISSMP edit It is an advanced information security certification issued by ISC 27 that focuses on the management aspects of information security 23 In September 2014 Computerworld rated ISSMP one of the top ten most valuable certifications in all of tech 28 The certification exam consists of 125 questions covering 6 domain areas Leadership and Business Management Systems Lifecycle Management Risk Management Threat Intelligence and Incident Management Contingency Management Law Ethics and Security Compliance ManagementAs of July 2022 there were 1 458 ISC2 members holding the CISSP ISSMP certification worldwide 1 Fees and ongoing certification editThe standard exam costs 749 US as of 2021 29 On completion of the exam to gain certification you need to complete an endorsement process to evidence at least five years experience within a mix of the domains A dispensation can be claimed for one year with the relevant academic qualification The final step is payment of the annual maintenance fee of 125 as of 2020 The CISSP credential is valid for three years holders renew either by submitting 40 Continuing Professional Education CPE credits per year over three years or re taking the exam CPE credits are gained by completing relevant professional education Value editIn 2005 Certification Magazine surveyed 35 167 IT professionals in 170 countries on compensation and found that CISSPs led their list of certificates ranked by salary A 2006 Certification Magazine salary survey also ranked the CISSP credential highly and ranked CISSP concentration certifications as the top best paid credentials in IT 30 31 In 2008 another study came to the conclusion that IT professionals with CISSP or other major security certifications and at least 5 years of experience tend to have salaries around US about US or 26 higher than IT professionals with similar experience levels who do not have such certificates 32 Note that any actual cause and effect relationship between the certificate and salaries remains unproven citation needed As of 2017 a study by CyberSecurityDegrees com surveyed some 10 000 current and historical cyber security job listings that preferred candidates holding CISSP certifications CyberSecurityDegrees found that these job openings offered an average salary of more than the average cyber security salary 33 ANSI certifies that CISSP meets the requirements of ANSI ISO IEC Standard 17024 a personnel certification accreditation program 2 See also editCISM Certified Information Security Manager References edit a b c d e Member Counts How Many ISC Members Are There Per Certification ISC www isc2 org Archived from the original on 2023 03 16 Retrieved 2023 03 16 a b ANSI Accreditation Services International Information Systems Security Certification Consortium Inc ISC 2 Archived July 18 2012 at the Wayback Machine ANSI ISC CISSP Security Credential Earns ISO IEC 17024 Re accreditation from ANSI Press release Palm Harbor FL ISC September 26 2005 Archived from the original on March 2 2010 Retrieved November 23 2009 DoD 8570 01 M Information Assurance Workforce Improvement Program PDF United States Department of Defense January 24 2012 Archived from the original PDF on July 10 2007 Retrieved April 12 2012 Coker James 2020 05 12 CISSP Qualification Given Cert Status Equivalent to Master s Degree Level Infosecurity Magazine Retrieved 2020 11 15 GmbH finanzen net ISC 2 CISSP Certification Now Comparable to Masters Degree Standard Markets Insider markets businessinsider com Retrieved 2020 07 15 Coker James 2020 05 12 CISSP Qualification Given Cert Status Equivalent to Master s Degree Level Infosecurity Magazine Retrieved 2020 07 15 Harris Shon 2010 All In One CISSP Exam Guide 5 ed New York McGraw Hill pp 7 8 ISBN 978 0 07 160217 4 History of ISC Archived 2017 02 04 at the Wayback Machine ISC NSA Partners With ISC To Create New InfoSec Certification February 27 2003 Archived from the original on September 29 2011 Retrieved December 3 2008 Conrad Misenar Feldman 7 November 2013 11th Hour CISSP Syngress ISBN 978 0 12 417142 8 Tipton Henry 2006 11 14 Official ISC Guide to the CISSP CBK Auerbach Publications ISBN 0 8493 8231 9 Cybersecurity Certification CISSP Domain Refresh FAQ ISC www isc2 org Retrieved 2020 11 15 CISSP Certification Exam Outline Retrieved 6 Mar 2023 ISC CISSP and SSCP Domain Refresh FAQ ISC Archived from the original on 16 March 2016 Retrieved 15 May 2015 CISSP Training On Demand 2014 10 15 Archived from the original on 2014 10 15 Retrieved 2020 12 30 CISSP Professional Experience Requirement ISC 2009 Archived from the original on March 21 2016 Retrieved December 3 2008 How to Become an Associate ISC 2009 Archived from the original on February 4 2017 Retrieved November 23 2009 ISC Code of Ethics ISC 2009 Archived from the original on June 6 2017 Retrieved December 3 2008 a b How To Certify ISC 2009 Retrieved December 3 2008 Endorsement ISC 2009 Retrieved August 2 2015 CISSP Concentrations ISC Archived from the original on 11 December 2014 Retrieved 17 January 2015 a b Finding your way An overview of information security industry qualifications and associations Infosecurity Magazine 23 September 2009 Retrieved 29 March 2023 Seals Tara 10 October 2014 ISC Offers Certification Via DHS Infosecurity Magazine Retrieved 29 March 2023 20 technology certifications that are paying off ZDNET Retrieved 29 March 2023 Network World Dec 2013 18 Hot IT Certifications for 2014 Archived from the original on 19 September 2018 Retrieved 29 March 2023 GCN DOD approves new credentials for security professionals Archived from the original on 24 October 2020 Retrieved 29 March 2023 Thibodeau Patrick 29 September 2014 IT skills that are in demand and those that will be Computerworld Retrieved 29 March 2023 exam prices ISP 2 Retrieved 10 November 2021 Certification Magazine 2007 04 11 Top Certifications by Salary in 2007 Certification Magazine Archived from the original on 2007 03 29 Retrieved 2007 10 14 Sosbe Tim Hollis Emily Summerfield Brian McLean Cari December 2005 CertMag s 2005 Salary Survey Monitoring Your Net Worth Certification Magazine CertMag Archived from the original on 2007 06 07 Retrieved 2007 04 27 Brodkin Jon 2008 06 11 Salary boost for getting CISSP related certs Network World IDG 11 June 2008 Retrieved from http www networkworld com newsletters 2008 060908ed1 html CyberSecurityDegrees com s Study of the Most Lucrative Cyber Security Certifications Cyber Security Degrees Retrieved from https cybersecuritydegrees com faq most popular cyber security professional certifications External links editOfficial website Retrieved from https en wikipedia org w index php title Certified information systems security professional amp oldid 1186512636, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.