CISSP – A Certified Information Systems Security Professional is a certification in data security driven by the International Information Systems Security Certification Consortium (ISC)2. The CISSP offers security professional’s technical skills and hands-on experience in implementing and managing a security program.
Organizations often look for candidates who have cleared the CISSP exam because they hold sufficient knowledge about cybersecurity and have hands-on experience and formal CISSP training.
How to get a CISSP certification:
First and foremost, candidates must attain a minimum of five years of full-time, hands-on experience in at least two of the eight cybersecurity knowledge domains.
The (ISC)² recommends CISSP certification for those who are experienced cybersecurity practitioners, listing a number of positions for which the CISSP would be appropriate, including chief information security officer, IT manager, chief information officer, director of security, security systems engineer, security analyst, security auditor, security manager, security architect, security consultant, and network architect.
Secondly, prepare and register for the certification exam. Material for preparation can be CISSP practice books and study guides, as well as online practice exams. There are also CISSP training courses to prepare for the exam.
Training:
The CISSP certification exam is for those who have extensive hands-on experience in the field; candidates should not rely on formal CISSP training to gain the skills and knowledge they need to pass the certification exam.
Rather, CISSP coaching ought to specialize in reviewing the Common Body of knowledge — the excellent framework for organizing the areas of experience expected from cybersecurity professionals. It should also validate that the candidate is familiar with the test material and identify blind spots in the candidate’s experience and knowledge.
CISSP concentrations:
Cybersecurity professionals who hold the CISSP credential can also qualify by adding one of three CISSP concentrations:
- Architecture (CISSP-ISSAP)
- Engineering (CISSP-ISSEP)
- Management (CISSP-ISSMP)
The ISSAP domains embrace access management systems and methodology, communications and network security, cryptography, security architecture analysis, technology-related business continuity planning and disaster recovery planning, and physical security considerations.
The ISSEP domains embrace systems security engineering, certification and accreditation/risk management framework, technical management, and U.S. government information assurance-related policies and issuances.
The ISSMP domains embrace security leadership and management; security lifecycle management; security compliance management; contingency management; and law, ethics and incident management.
After passing their chosen exam, candidates must go through an endorsement process as with CISSP.
For more great content like this, subscribe to our monthly newsletter:
[newsletter]