CISSP certification validates the ability to expertly design, engineer and manage an organization's information security posture.
A Certified Information Systems Security Professional (CISSP) plans and manages the controls that keep IT and business systems secure. CISSPs are policy-makers and leaders in today's hottest security domains, including cloud security, software development security, cryptography, security architecture and risk management.
CISSPs are in high demand in a range of government and private organizations, including Fortune enterprises, martial agencies, healthcare practices, military contractors and the Department of Defense (DoD). If you want to advance your IT security career and you have at least five years of relevant experience, then CISSP certification should be a strong consideration in your learning plan.
Skills Measured by CISSP Certification
The CISSP certification exam measures your skills and expertise in 8 sought-after security domains:
Security & Risk Management
This part of the CISSP certification exam covers the key principles of information security and risk management. It includes topics such as information security governance, ethical considerations, policies, procedures and regulations.
Asset Security
The asset security domain focuses on protecting organizational data by ensuring its confidentiality, integrity and availability (a.k.a. the "CIA triad"). It includes topics such as asset classification and ownership, data privacy, secure data handling and asset disposal.
Security Architecture and Engineering
Security architecture and engineering covers the design, implementation and maintenance of secure systems and IT infrastructure. This section of the CISSP cert includes subjects like security models, security controls, secure design principles and cryptography.
Communication and Network Security
This domain pertains to the protection of vital network infrastructure and communications channels. It includes topics like network protocols, secure communication channels, network security architectures and securing and managing virtual private networks (VPN).
Identity and Access Management (IAM)
IAM highlights the importance of controlling access to information resources based on user roles and responsibilities. This CISSP exam domain includes topics such as authentication, authorization, access control and identity management.
Security Assessment and Testing
Security assessment and testing is all about evaluating the effectiveness of security controls and identifying vulnerabilities in an organization's security posture. This section includes topics such as vulnerability assessments, security audits and penetration testing.
Security Operations
This CISSP certification domain involves the day-to-day management of security operations, including incident management, disaster recovery, business continuity planning and managing a security operations center (SOC).
Software Development Security
This CISSP domain covers the range of cyber security considerations in the software development lifecycle, including secure coding practices, application testing and software vulnerability management.
CISSP Eligibility Requirements
You must meet the following criteria to sit for the CISSP certification exam:
- Five (5) or more years of paid full-time work experience in two or more of the 8 CISSP security domains listed above
- Four (4) years of the aforementioned work experience, plus a relevant bachelor's degree OR an advanced information security degree from a National Center of Academic Excellence (the degree can count for one year towards the five-year experience requirement). The accredited security degrees below can help you satisfy the CISSP eligibility requirements.
CISSP recertification requirements:
Once achieved, CISSPs must recertify every 3 years to remain in good standing. This is accomplished by earning Continuing Professional Education (CPE) credits. Credits can be earned through attending online courses, webinars and other events in the latest information security trends. 120 CPEs are required every 3 years to maintain the CISSP certification.
CISSP Certification Exam
Candidates must pass one exam to become CISSP certified:
- (ISC)2 CISSP Certification Exam
Here are the details for the CISSP certification exam:
Time Limit: 4 hours
CISSP Length: 125 - 175 items
Format: Multiple choice questions + Advanced innovative items
Passing Score: 700 out of a possible 1000 points
CISSP Exam Cost: $749
Where to Test: (ISC)2 Authorized Partners + Select Pearson Vue Testing Centers
Related: Compare CISSP Certification Bootcamps.
CISSP Certification Cost
The CISSP certification exam costs $749. This price is for the examination only; if you need additional training to pass the test, that will cost more. CISSP training costs range from less expensive online programs like this CISSP bootcamp, to pricier IT security degrees with a longer timeline and deep info-sec curriculum.
CISSP Certification Salary
Average salaries for CISSP-certified professionals and related IT security certification holders:
- CRISC: Certified in Risk and Information Systems Control: $167,145
- CISM: Certified Information Security Manager: $162,347
- CISSP: Certified Information Systems Security Professional: $158,190
- AWS Certified Security – Specialty: $149,740
- CISA: Certified Information Systems Auditor: $142,336
- CEH: Certified Ethical Hacker: $139,539
Salary by information security certification.
Source: Skillsoft 2022 Salary Survey
Related Certifications
- CompTIA - Security+
- CompTIA - Network+
- CompTIA Advanced Security Practitioner (CASP)
- PMI - Project Management Professional (PMP)
- Cisco Certified Network Associate (CCNA)
- EC-Council - Certified Ethical Hacker (CEH)
- EC-Council - Computer Hacking Forensic Investigator (CHFI)
- ISACA Certifications
