Certified information systems security professional

Last updated
CISSP logo Certified Information Systems Security Professional logo.png
CISSP logo

CISSP (Certified Information Systems Security Professional) is an independent information security certification granted by the International Information System Security Certification Consortium, also known as ISC2.

Contents

As of July, 2022, there were 156,054 ISC2 members holding the CISSP certification worldwide. [1]

In June 2004, the CISSP designation was accredited under the ANSI ISO/IEC Standard 17024:2003. [2] [3] It is also formally approved by the U.S. Department of Defense (DoD) in their Information Assurance Technical (IAT), Managerial (IAM), and System Architect and Engineer (IASAE) categories for their DoDD 8570 certification requirement. [4]

In May 2020, The UK National Academic Recognition Information Centre assessed the CISSP qualification as a Level 7 award, the same level as a Masters degree. [5] [6] The change enables cyber security professionals to use the CISSP certification towards further higher education course credits and also opens up opportunities for roles that require or recognize master's degrees. [5]

History

In the mid-1980s, a need arose for a standardized, vendor-neutral certification program that provided structure and demonstrated competence. In November 1988, the Special Interest Group for Computer Security (SIG-CS), a member of the Data Processing Management Association (DPMA), brought together several organizations interested in this goal. The International Information Systems Security Certification Consortium or "ISC2" formed in mid-1989 as a non-profit organization. [7]

By 1990, the first working committee to establish a Common Body of Knowledge (CBK) had been formed. The first version of the CBK was finalized by 1992, and the CISSP credential was launched by 1994. [8]

In 2003 the CISSP was adopted as a baseline for the U.S. National Security Agency's ISSEP program. [9]

Certification subject matter

The CISSP curriculum breaks the subject matter down into a variety of Information Security topics referred to as domains. [10] The CISSP examination is based on what ISC2 terms the Common Body of Knowledge (or CBK). According to ISC2, "the CISSP CBK is a taxonomy – a collection of topics relevant to information security professionals around the world. The CISSP CBK establishes a common framework of information security terms and principles that allow information security professionals worldwide to discuss, debate and resolve matters pertaining to the profession with a common understanding." [11]

On April 15, 2024, a refreshed exam outline applies. The updates are the result of the Job Task Analysis (JTA), which is an analysis of the current content of the credential evaluated by ISC2 members on a triennial cycle. [12] The impact of the change is limited to the weighting of the domains; the domains themselves did not change. [13]

On 1st May 2021 there was a domain refresh that impacted the weighting of the domains; the domains themselves did not change. [14]

From 15 April 2018, the eight domains covered are : [15]

  1. Security and risk management
  2. Asset security
  3. Security architecture and engineering
  4. Communication and network security
  5. Identity and access management (IAM)
  6. Security assessment and testing
  7. Security operations
  8. Software development security

From 2015 to early 2018, the CISSP curriculum was divided into eight domains similar to the latest curriculum above. The only domain to have changed its name was "Security Engineering," which in the 2018 revision was expanded to "Security Architecture and Engineering." [16]

Before 2015, it covered ten domains: [17]

  1. Operations security
  2. Telecommunications and network security
  3. Information security governance and risk management
  4. Software development security
  5. Cryptography
  6. Security architecture and design
  7. Access control
  8. Business continuity and disaster recovery planning
  9. Legal, regulations, investigations and compliance
  10. Physical (environmental) security

Requirements

Member counts

Number of CISSP members as of July, 2022 is 156,054. [1]

Top 15 countries by CISSP Member Counts as at July 2022
#Country (Top 15)Count
1United States95,243
2United Kingdom8,486
3Canada6,842
4China4,136
5Japan3,699
6India3,364
7Australia3,305
8The Netherlands2,983
9Singapore2,963
10Germany2,856
11Korea2,090
12Hong Kong1,968
13France1,277
14Switzerland1,127
15Spain847

Concentrations

Holders of CISSP certifications can earn additional certifications in areas of speciality. There are three possibilities of the concentrations as listed below. [23]

Information Systems Security Architecture Professional (CISSP-ISSAP)

It is an advanced information security certification issued by (ISC)² that focuses on the architecture aspects of information security. The certification exam consists of 125 questions covering six domain areas:

  1. Identity and Access Management Architecture
  2. Security Operations Architecture
  3. Infrastructure Security
  4. Architect for Governance, Compliance, and Risk Management
  5. Security Architecture Modeling
  6. Architect for Application Security

As of July, 2022, there were 2,307 ISC2 members holding the CISSP-ISSAP certification worldwide. [1]

Information Systems Security Engineering Professional (CISSP-ISSEP)

It is an advanced information security certification issued by (ISC)² that focuses on the engineering aspects of information security across the systems development life cycle. [24] In October 2014 it was announced that some of its curricula would be made available to the public by the United States Department of Homeland Security through its National Initiative for Cybersecurity Careers and Studies program. [25] Both ZDNet and Network World have named ISSEP one of tech’s most valuable certifications. [26] [27] The certification exam consists of 125 questions covering 5 domain area:

  1. Security Engineering Principles
  2. Risk Management
  3. Security Planning, Design, and Implementation
  4. Secure Operations, Maintenance, and Disposal
  5. Secure Engineering Technical Management

As of July, 2022, there were 1,382 ISC2 members holding the CISSP-ISSEP certification worldwide. [1]

Information Systems Security Management Professional (CISSP-ISSMP)

It is an advanced information security certification issued by (ISC)² [28] that focuses on the management aspects of information security. [24] In September 2014, Computerworld rated ISSMP one of the top ten most valuable certifications in all of tech. [29] The certification exam consists of 125 questions covering 6 domain areas:

  1. Leadership and Business Management
  2. Systems Lifecycle Management
  3. Risk Management
  4. Threat Intelligence and Incident Management
  5. Contingency Management
  6. Law, Ethics, and Security Compliance Management

As of July, 2022, there were 1,458 ISC2 members holding the CISSP-ISSMP certification worldwide. [1]

Fees and ongoing certification

The standard exam costs $749 US as of 2021. [30] On completion of the exam, to gain certification you need to complete an endorsement process to evidence at least five years experience within a mix of the domains. A dispensation can be claimed for one year with the relevant academic qualification. The final step is payment of the annual maintenance fee of $135 (as of 2024).

The CISSP credential is valid for three years; holders renew either by submitting 40 Continuing Professional Education (CPE) credits per year over three years or re-taking the exam.

CPE credits are gained by completing relevant professional education.

Value

In 2005, Certification Magazine surveyed 35,167 IT professionals in 170 countries on compensation and found that CISSPs led their list of certificates ranked by salary. A 2006 Certification Magazine salary survey also ranked the CISSP credential highly, and ranked CISSP concentration certifications as the top best-paid credentials in IT. [31] [32]

In 2008, another study came to the conclusion that IT professionals in the Americas holding the CISSP (or other major security certifications) and at least 5 years of experience had salaries of up to 26% higher than IT professionals with similar experience levels who did not have such certificates. [33] Note that any actual cause-and-effect relationship between the certificate and salaries remains unproven.[ citation needed ]

As of 2017, a study by CyberSecurityDegrees.com surveyed some 10,000 current and historical cyber security job listings that preferred candidates holding CISSP certifications. CyberSecurityDegrees found that these job openings offered an average salary of more than the average cyber security salary. [34]

ANSI certifies that CISSP meets the requirements of ANSI/ISO/IEC Standard 17024, a personnel certification accreditation program. [2]

See also

Related Research Articles

Professional certification, trade certification, or professional designation, often called simply certification or qualification, is a designation earned by a person to assure qualification to perform a job or task. Not all certifications that use post-nominal letters are an acknowledgement of educational achievement, or an agency appointed to safeguard the public interest.

<span class="mw-page-title-main">Canadian Securities Institute</span> Canadian organization

The Canadian Securities Institute is a Canadian organization that offers licensing courses, advanced certifications, continuing education and custom training for financial services professionals in Canada and internationally.

Project Management Professional (PMP) is an internationally recognized professional designation offered by the Project Management Institute (PMI). As of 31 July 2020, there are 1,036,368 active PMP-certified individuals and 314 chartered chapters across 214 countries and territories worldwide.

ISACA is an international professional association focused on IT governance. On its IRS filings, it is known as the Information Systems Audit and Control Association, although ISACA now goes by its acronym only. ISACA currently offers 8 certification programs, as well as other micro-certificates.

<span class="mw-page-title-main">International Association of Privacy Professionals</span> Nonprofit membership association

The International Association of Privacy Professionals (IAPP) is a nonprofit, non-advocacy membership association founded in 2000. It provides a forum for privacy professionals to share best practices, track trends, advance privacy management issues, standardize the designations for privacy professionals, and to provide education and guidance on career opportunities in the field of information privacy. The IAPP offers a full suite of educational and professional development services, including privacy training, certification programs, publications and annual conferences. It is headquartered in Portsmouth, New Hampshire.

Cisco Certifications are the list of the Certifications offered by Cisco Systems. There are four to five levels of certification: Associate (CCNA/CCDA), Professional (CCNP/CCDP), Expert (CCIE/CCDE) and recently, Architect, as well as nine different paths for the specific technical field; Routing & Switching, Design, Industrial Network, Network Security, Service Provider, Service Provider Operations, Storage Networking, Voice, Datacenter and Wireless.
There are also a number of specialist technicians, sales, Business, data center certifications and CCAI certified instructors.

The Ten Commandments of Computer Ethics were created in 1992 by the Washington, D.C. based Computer Ethics Institute. The commandments were introduced in the paper "In Pursuit of a 'Ten Commandments' for Computer Ethics" by Ramon C. Barquin as a means to create "a set of standards to guide and instruct people in the ethical use of computers." They follow the Internet Advisory Board's memo on ethics from 1987. The Ten Commandments of Computer Ethics copies the archaic style of the Ten Commandments from the King James Bible.

Certified safety professional is a certification offered by the Board of Certified Safety Professionals. The accreditation is used in the United States by the National Commission for Certifying Agencies and internationally by the International Organization for Standardization/International Electrotechnical Commission and 193 Countries Consortium.

<span class="mw-page-title-main">Howard Schmidt</span> American computer security expert (1949 - 2017)

Howard Anthony Schmidt was a partner with Tom Ridge in Ridge Schmidt Cyber LLC, a consultancy company in the field of cybersecurity. He was the Cyber-Security Coordinator of the Obama Administration, operating in the Executive Office of the President of the United States. He announced his retirement from that position on May 17, 2012, effective at the end of the month.

Corey Schou is University Professor of Informatics and Associate Dean at Idaho State University, director of the National Information Assurance Training and Education Center (NIATEC) and the Simplot Decision Support Center (SDSC), and for ten years the chair of the Colloquium for Information Systems Security Education (CISSE).

<span class="mw-page-title-main">Peter H. Gregory</span>

Peter Hart Gregory, CISA, CISSP is an American information security advisor, computer security specialist, and writer. He is the author of several books on computer security and information technology.

<span class="mw-page-title-main">Robert Slade</span> Canadian information scientist

Robert Michael Slade, also known as Robert M. Slade and Rob Slade, is a Canadian information security consultant, researcher and instructor. He is the author of Robert Slade's Guide to Computer Viruses, Software Forensics, Dictionary of Information Security and co-author of Viruses Revealed. Slade is the author of thousands of technical book reviews, today published on the techbooks mailing list and in the RISKS Digest, and archived in his Internet Review Project. An expert on computer viruses and malware, he is also the Mr. Slade of "Mr. Slade's lists".

Forensic accountants are experienced auditors, accountants, and investigators of legal and financial documents that are hired to look into possible suspicions of fraudulent activity within a company; or are hired by a company who may just want to prevent fraudulent activities from occurring. They also provide services in areas such as accounting, antitrust, damages, analysis, valuation, and general consulting. Forensic accountants have also been used in divorces, bankruptcy, insurance claims, personal injury claims, fraudulent claims, construction, royalty audits, and tracking terrorism by investigating financial records. Many forensic accountants work closely with law enforcement personnel and lawyers during investigations and often appear as expert witnesses during trials.

The Institute for the Certification of Computing Professionals (ICCP) is a non-profit institution for professional certification in the Computer engineering and Information technology industry. It was founded in 1973 by 8 professional computer societies to promote certification and professionalism in the industry, lower the cost of development and administration of certification for all of the societies and act as the central resource for job standards and performance criteria.

The Construction Management Association of America (CMAA) is a non-profit and non-governmental, professional association serving the construction management industry. The Association was formed in 1982. Current membership is more than 14,000, including individual CM/PM practitioners, corporate members, and construction owners in both public and private sectors, along with academic and associate members. CMAA has 29 regional chapters.

The Computing Technology Industry Association, more commonly known as CompTIA, is an American non-profit trade association that issues professional certifications for the information technology (IT) industry. It is considered one of the IT industry's top trade associations.

<span class="mw-page-title-main">Boris Loza</span> International computer security expert (born 1960)

Boris Loza is the founder of SafePatrol Solutions and Tego Systems, as well as a Certified Information Systems Security Professional (CISSP). He was born in Krasnodar, Russia, where he attained a Master's degree at the age of 22 and a PhD at the age of 26, both in Computer Science and Cybernetics. While still living in the former USSR, Loza published more than 30 scientific articles, as well as secured one patent. Upon relocating to Canada in 1996, his PhD was confirmed by the Higher Attestation Committee of The University of Toronto.

ISC2 Non-profit IT cybersecurity organization

The International Information System Security Certification Consortium, or ISC2, is a non-profit organization which specializes in training and certifications for cybersecurity professionals. It has been described as the "world's largest IT security organization". The most widely known certification offered by ISC2 is the Certified Information Systems Security Professional (CISSP) certification.

<span class="mw-page-title-main">Gregory Touhill</span> American general

Brigadier GeneralGregory (Greg) J. Touhill is Director of the world renowned Carnegie Mellon University Software Engineering Institute’s CERT Division. Previously, he was the president of AppGate Federal Group . He was previously appointed by President Barack Obama as the first Federal Chief Information Security Officer of the United States, stepping down in January, 2017. He was previously the Deputy Assistant Secretary, Office of Cybersecurity and Communications, National Programs and Protection Directorate, Department of Homeland Security. While at DHS he concurrently served as Director of the National Cybersecurity and Communications Integration Center (NCCIC) during 2014–2015.

References

  1. 1 2 3 4 5 "Member Counts | How Many (ISC)² Members Are There Per Certification | (ISC)²". www.isc2.org. Archived from the original on 2023-03-16. Retrieved 2023-03-16.
  2. 1 2 ANSI Accreditation Services - International Information Systems Security Certification Consortium, Inc. (ISC)2 Archived July 18, 2012, at the Wayback Machine . ANSI
  3. "(ISC)² CISSP Security Credential Earns ISO/IEC 17024 Re-accreditation from ANSI" (Press release). Palm Harbor, FL: (ISC)². September 26, 2005. Archived from the original on March 2, 2010. Retrieved November 23, 2009.
  4. "DoD 8570.01-M Information Assurance Workforce Improvement Program" (PDF). United States Department of Defense. January 24, 2012. Archived from the original (PDF) on July 10, 2007. Retrieved April 12, 2012.
  5. 1 2 Coker, James (2020-05-12). "CISSP Qualification Given Cert Status Equivalent to Master's Degree Level". Infosecurity Magazine. Retrieved 2020-11-15.
  6. GmbH, finanzen net. "(ISC)2 CISSP Certification Now Comparable to Masters Degree Standard | Markets Insider". markets.businessinsider.com. Retrieved 2020-07-15.
  7. Harris, Shon (2010). All-In-One CISSP Exam Guide (5 ed.). New York: McGraw-Hill. pp. 7–8. ISBN   978-0-07-160217-4.
  8. History of (ISC)² Archived 2017-02-04 at the Wayback Machine . (ISC)²
  9. "NSA Partners With (ISC)² To Create New InfoSec Certification". February 27, 2003. Archived from the original on September 29, 2011. Retrieved December 3, 2008.
  10. Conrad; Misenar; Feldman (7 November 2013). 11th Hour CISSP. Syngress. ISBN   978-0-12-417142-8.
  11. Tipton; Henry (2006-11-14). Official (ISC)² Guide to the CISSP CBK . Auerbach Publications. ISBN   0-8493-8231-9.
  12. "CISSP Exam Refresh FAQ". www.isc2.org. Retrieved 2024-01-31.
  13. "Changes to the CISSP Exam Weighting – What You Need to Know". www.isc2.org. Retrieved 2024-01-31.
  14. "Cybersecurity Certification| CISSP - Domain Refresh FAQ| (ISC)²". www.isc2.org. Retrieved 2020-11-15.
  15. "CISSP Certification Exam Outline" . Retrieved 6 Mar 2023.
  16. "(ISC)² CISSP and SSCP Domain Refresh FAQ". (ISC)². Archived from the original on 16 March 2016. Retrieved 15 May 2015.
  17. "CISSP Training (On-Demand)". 2014-10-15. Archived from the original on 2014-10-15. Retrieved 2020-12-30.
  18. "CISSP Professional Experience Requirement". (ISC)². 2009. Archived from the original on March 21, 2016. Retrieved December 3, 2008.
  19. "How to Become an Associate". (ISC)². 2009. Archived from the original on February 4, 2017. Retrieved November 23, 2009.
  20. "(ISC)² Code of Ethics". (ISC)². 2009. Archived from the original on June 6, 2017. Retrieved December 3, 2008.
  21. 1 2 "How To Certify". (ISC)². 2009. Retrieved December 3, 2008.
  22. "Endorsement". (ISC)². 2009. Retrieved August 2, 2015.
  23. "CISSP® Concentrations". (ISC)². Archived from the original on 11 December 2014. Retrieved 17 January 2015.
  24. 1 2 "Finding your way: An overview of information security industry qualifications and associations". Infosecurity Magazine. 23 September 2009. Retrieved 29 March 2023.
  25. Seals, Tara (10 October 2014). "(ISC)² Offers Certification Via DHS". Infosecurity Magazine. Retrieved 29 March 2023.
  26. "20 technology certifications that are paying off". ZDNET. Retrieved 29 March 2023.
  27. "Network World (Dec 2013): 18 Hot IT Certifications for 2014". Archived from the original on 19 September 2018. Retrieved 29 March 2023.
  28. "GCN: DOD approves new credentials for security professionals". Archived from the original on 24 October 2020. Retrieved 29 March 2023.
  29. Thibodeau, Patrick (29 September 2014). "IT skills that are in demand, and those that will be". Computerworld. Retrieved 29 March 2023.
  30. "exam prices". (ISP)^2. Retrieved 10 November 2021.
  31. Certification Magazine (2007-04-11). "Top Certifications by Salary in 2007". Certification Magazine. Archived from the original on 2007-03-29. Retrieved 2007-10-14.
  32. Sosbe, Tim; Hollis, Emily; Summerfield, Brian; McLean, Cari (December 2005). "CertMag's 2005 Salary Survey: Monitoring Your Net Worth". Certification Magazine. CertMag. Archived from the original on 2007-06-07. Retrieved 2007-04-27.
  33. Brodkin, Jon (2008-06-11). Salary boost for getting CISSP, related certs. Network World, IDG, 11 June 2008. Retrieved from https://www.networkworld.com/article/807166/lan-wan-salary-boost-for-getting-cissp-related-certs.html.
  34. CyberSecurityDegrees.com's Study of the Most Lucrative Cyber Security Certifications. Cyber Security Degrees. Retrieved from https://cybersecuritydegrees.com/faq/most-popular-cyber-security-professional-certifications/.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.