CISSP (Certified Information Systems Security Professional) is an independent information security certification granted by the International Information System Security Certification Consortium, also known as ISC2.
As of July 2022, there were 156,054 ISC2 members holding the CISSP certification worldwide. [1]
In June 2004, the CISSP designation was accredited under the ANSI ISO/IEC Standard 17024:2003. [2] [3] It is also formally approved by the U.S. Department of Defense (DoD) in their Information Assurance Technical (IAT), Managerial (IAM), and System Architect and Engineer (IASAE) categories for their DoDD 8570 certification requirement. [4]
In May 2020, The UK National Academic Recognition Information Centre assessed the CISSP qualification as a Level 7 award, the same level as a Masters degree. [5] [6] The change enables cyber security professionals to use the CISSP certification towards further higher education course credits and also opens up opportunities for roles that require or recognize master's degrees. [5]
In the mid-1980s, a need arose for a standardized, vendor-neutral certification program that provided structure and demonstrated competence. In November 1988, the Special Interest Group for Computer Security (SIG-CS), a member of the Data Processing Management Association (DPMA), brought together several organizations interested in this goal. The International Information Systems Security Certification Consortium or "ISC2" formed in mid-1989 as a non-profit organization. [7]
By 1990, the first working committee to establish a Common Body of Knowledge (CBK) had been formed. The first version of the CBK was finalized by 1992, and the CISSP credential was launched by 1994. [8]
In 2003 the CISSP was adopted as a baseline for the U.S. National Security Agency's ISSEP program. [9]
The CISSP curriculum breaks the subject matter down into a variety of Information Security topics referred to as domains. [10] The CISSP examination is based on what ISC2 terms the Common Body of Knowledge (or CBK). According to ISC2, "the CISSP CBK is a taxonomy – a collection of topics relevant to information security professionals around the world. The CISSP CBK establishes a common framework of information security terms and principles that allow information security professionals worldwide to discuss, debate and resolve matters pertaining to the profession with a common understanding." [11]
On April 15, 2024, a refreshed exam outline applies. The updates are the result of the Job Task Analysis (JTA), which is an analysis of the current content of the credential evaluated by ISC2 members on a triennial cycle. [12] The impact of the change is limited to the weighting of the domains; the domains themselves did not change. [13]
On 1st May 2021 there was a domain refresh that impacted the weighting of the domains; the domains themselves did not change. [14]
From 15 April 2018, the eight domains covered are : [15]
From 2015 to early 2018, the CISSP curriculum was divided into eight domains similar to the latest curriculum above. The only domain to have changed its name was "Security Engineering", which in the 2018 revision was expanded to "Security Architecture and Engineering". [16]
Before 2015, it covered ten domains: [17]
Number of CISSP members as of July, 2022 is 156,054. [1]
# | Country (Top 15) | Count |
---|---|---|
1 | United States | 95,243 |
2 | United Kingdom | 8,486 |
3 | Canada | 6,842 |
4 | China | 4,136 |
5 | Japan | 3,699 |
6 | India | 3,364 |
7 | Australia | 3,305 |
8 | The Netherlands | 2,983 |
9 | Singapore | 2,963 |
10 | Germany | 2,856 |
11 | Korea | 2,090 |
12 | Hong Kong | 1,968 |
13 | France | 1,277 |
14 | Switzerland | 1,127 |
15 | Spain | 847 |
Holders of CISSP certifications can earn additional certifications in areas of speciality. There are three possibilities of the concentrations as listed below. [23]
It is an advanced information security certification issued by (ISC)² that focuses on the architecture aspects of information security. The certification exam consists of 125 questions covering six domain areas:
As of July, 2022, there were 2,307 ISC2 members holding the CISSP-ISSAP certification worldwide. [1]
It is an advanced information security certification issued by (ISC)² that focuses on the engineering aspects of information security across the systems development life cycle. [24] In October 2014 it was announced that some of its curricula would be made available to the public by the United States Department of Homeland Security through its National Initiative for Cybersecurity Careers and Studies program. [25] Both ZDNet and Network World have named ISSEP one of tech’s most valuable certifications. [26] [27] The certification exam consists of 125 questions covering 5 domain area:
As of July, 2022, there were 1,382 ISC2 members holding the CISSP-ISSEP certification worldwide. [1]
It is an advanced information security certification issued by (ISC)² [28] that focuses on the management aspects of information security. [24] In September 2014, Computerworld rated ISSMP one of the top ten most valuable certifications in all of tech. [29] The certification exam consists of 125 questions covering 6 domain areas:
As of July, 2022, there were 1,458 ISC2 members holding the CISSP-ISSMP certification worldwide. [1]
The standard exam costs $749 US as of 2021. [30] On completion of the exam, to gain certification you need to complete an endorsement process to evidence at least five years experience within a mix of the domains. A dispensation can be claimed for one year with the relevant academic qualification. The final step is payment of the annual maintenance fee of $135 (as of 2024).
The CISSP credential is valid for three years; holders renew either by submitting 40 Continuing Professional Education (CPE) credits per year over three years or re-taking the exam.
CPE credits are gained by completing relevant professional education.
In 2005, Certification Magazine surveyed 35,167 IT professionals in 170 countries on compensation and found that CISSPs led their list of certificates ranked by salary. A 2006 Certification Magazine salary survey also ranked the CISSP credential highly, and ranked CISSP concentration certifications as the top best-paid credentials in IT. [31] [32]
In 2008, another study came to the conclusion that IT professionals in the Americas holding the CISSP (or other major security certifications) and at least 5 years of experience had salaries of up to 26% higher than IT professionals with similar experience levels who did not have such certificates. [33] Note that any actual cause-and-effect relationship between the certificate and salaries remains unproven.[ citation needed ]
As of 2017, a study by CyberSecurityDegrees.com surveyed some 10,000 current and historical cyber security job listings that preferred candidates holding CISSP certifications. CyberSecurityDegrees found that these job openings offered an average salary of more than the average cyber security salary. [34]
ANSI certifies that CISSP meets the requirements of ANSI/ISO/IEC Standard 17024, a personnel certification accreditation program. [2]
Professional certification, trade certification, or professional designation, often called simply certification or qualification, is a designation earned by a person to assure qualification to perform a job or task. Not all certifications that use post-nominal letters are an acknowledgement of educational achievement, or an agency appointed to safeguard the public interest.
The Canadian Securities Institute is a Canadian organization that offers licensing courses, advanced certifications, continuing education and custom training for financial services professionals in Canada and internationally.
Project Management Professional (PMP) is an internationally recognized professional designation offered by the Project Management Institute (PMI). As of 31 July 2020, there are 1,036,368 active PMP-certified individuals and 314 chartered chapters across 214 countries and territories worldwide.
ISACA is an international professional association focused on IT governance. On its IRS filings, it is known as the Information Systems Audit and Control Association, although ISACA now goes by its acronym only. ISACA currently offers 8 certification programs, as well as other micro-certificates.
The International Association of Privacy Professionals (IAPP) is a nonprofit, non-advocacy membership association founded in 2000. It provides a forum for privacy professionals to share best practices, track trends, advance privacy management issues, standardize the designations for privacy professionals, and to provide education and guidance on career opportunities in the field of information privacy. The IAPP offers a full suite of educational and professional development services, including privacy training, certification programs, publications and annual conferences. It is headquartered in Portsmouth, New Hampshire.
Cisco Certifications are the list of the Certifications offered by Cisco Systems. There are four to five levels of certification: Associate (CCNA/CCDA), Professional (CCNP/CCDP), Expert (CCIE/CCDE) and recently, Architect, as well as nine different paths for the specific technical field; Routing & Switching, Design, Industrial Network, Network Security, Service Provider, Service Provider Operations, Storage Networking, Voice, Datacenter and Wireless.
There are also a number of specialist technicians, sales, Business, data center certifications and CCAI certified instructors.
The Ten Commandments of Computer Ethics were created in 1992 by the Washington, D.C. based Computer Ethics Institute. The commandments were introduced in the paper "In Pursuit of a 'Ten Commandments' for Computer Ethics" by Ramon C. Barquin as a means to create "a set of standards to guide and instruct people in the ethical use of computers." They follow the Internet Advisory Board's memo on ethics from 1987. The Ten Commandments of Computer Ethics copies the archaic style of the Ten Commandments from the King James Bible.
Certified safety professional is a certification offered by the Board of Certified Safety Professionals. The accreditation is used in the United States by the National Commission for Certifying Agencies and internationally by the International Organization for Standardization/International Electrotechnical Commission and 193 Countries Consortium.
Howard Anthony Schmidt was a partner with Tom Ridge in Ridge Schmidt Cyber LLC, a consultancy company in the field of cybersecurity. He was the Cyber-Security Coordinator of the Obama Administration, operating in the Executive Office of the President of the United States. He announced his retirement from that position on May 17, 2012, effective at the end of the month.
Corey Schou is University Professor of Informatics and Associate Dean at Idaho State University, director of the National Information Assurance Training and Education Center (NIATEC) and the Simplot Decision Support Center (SDSC), and for ten years the chair of the Colloquium for Information Systems Security Education (CISSE).
Peter Hart Gregory, CISA, CISSP is an American information security advisor, computer security specialist, and writer. He is the author of several books on computer security and information technology.
Robert Michael Slade, also known as Robert M. Slade and Rob Slade, is a Canadian information security consultant, researcher and instructor. He is the author of Robert Slade's Guide to Computer Viruses, Software Forensics, Dictionary of Information Security and co-author of Viruses Revealed. Slade is the author of thousands of technical book reviews, today published on the techbooks mailing list and in the RISKS Digest, and archived in his Internet Review Project. An expert on computer viruses and malware, he is also the Mr. Slade of "Mr. Slade's lists".
Forensic accountants are experienced auditors, accountants, and investigators of legal and financial documents that are hired to look into possible suspicions of fraudulent activity within a company; or are hired by a company who may just want to prevent fraudulent activities from occurring. They also provide services in areas such as accounting, antitrust, damages, analysis, valuation, and general consulting. Forensic accountants have also been used in divorces, bankruptcy, insurance claims, personal injury claims, fraudulent claims, construction, royalty audits, and tracking terrorism by investigating financial records. Many forensic accountants work closely with law enforcement personnel and lawyers during investigations and often appear as expert witnesses during trials.
The Institute for the Certification of Computing Professionals (ICCP) is a non-profit institution for professional certification in the Computer engineering and Information technology industry. It was founded in 1973 by 8 professional computer societies to promote certification and professionalism in the industry, lower the cost of development and administration of certification for all of the societies and act as the central resource for job standards and performance criteria.
The Construction Management Association of America (CMAA) is a non-profit and non-governmental, professional association serving the construction management industry. The Association was formed in 1982. Current membership is more than 14,000, including individual CM/PM practitioners, corporate members, and construction owners in both public and private sectors, along with academic and associate members. CMAA has 29 regional chapters.
The Computing Technology Industry Association, more commonly known as CompTIA, is an American non-profit trade association that issues professional certifications for the information technology (IT) industry. It is considered one of the IT industry's top trade associations.
Boris Loza is the founder of SafePatrol Solutions and Tego Systems, as well as a Certified Information Systems Security Professional (CISSP). He was born in Krasnodar, Russia, where he attained a Master's degree at the age of 22 and a PhD at the age of 26, both in Computer Science and Cybernetics. While still living in the former USSR, Loza published more than 30 scientific articles, as well as secured one patent. Upon relocating to Canada in 1996, his PhD was confirmed by the Higher Attestation Committee of The University of Toronto.
The International Information System Security Certification Consortium, or ISC2, is a non-profit organization which specializes in training and certifications for cybersecurity professionals. It has been described as the "world's largest IT security organization". The most widely known certification offered by ISC2 is the Certified Information Systems Security Professional (CISSP) certification.
Brigadier GeneralGregory (Greg) J. Touhill is Director of the world renowned Carnegie Mellon University Software Engineering Institute’s CERT Division. Previously, he was the president of AppGate Federal Group . He was previously appointed by President Barack Obama as the first Federal Chief Information Security Officer of the United States, stepping down in January, 2017. He was previously the Deputy Assistant Secretary, Office of Cybersecurity and Communications, National Programs and Protection Directorate, Department of Homeland Security. While at DHS he concurrently served as Director of the National Cybersecurity and Communications Integration Center (NCCIC) during 2014–2015.