Certified Information Systems Security Professional
Want to become a CISSP? Here’s everything you need to know, such as how difficult the exam is, tips for studying, what’s needed to obtain a passing score and more.
Everything you’ve heard about what it takes to pass the CISSP exam is true. It’s both disarmingly easy and bewilderingly difficult; at once incredibly rewarding and pull-out-your-hair aggravating. This article aims to demystify the process and help you prepare.
What is the CISSP?
CISSP stands for Certified Information Systems Security Professional. The credential was created in 1991 by the International Information Systems Security Certification Consortium (ISC)2, a nonprofit that is the caretaker and credentialing body for the CISSP.
According to (ISC)2, the certification is “an elite way to demonstrate your knowledge, advance your career and become a member of a community of cybersecurity leaders. It shows you have all it takes to design, engineer, implement and run an information security program.”
What are the requirements for obtaining and maintaining a CISSP?
To qualify, you need at least five cumulative years of paid, full-time professional experience, including at least two years of work in the exam’s eight Common Body of Knowledge (CBK) domains.
Alternatively, you can have four years of experience, plus either a four-year college degree or an approved credential from the CISSP Prerequisite Pathway. You also have to agree to the (ISC)2 Code of Ethics and provide background information on things like felony convictions and involvement with hackers.
The second step is to pass the CISSP exam. If you fail the first time, you can retake it, though you have to pay each time. If you pass, you must obtain a written endorsement within nine months from someone who can attest to your professional experience and who is an active (ISC)2 credential holder in good standing.
The certification is valid for three years. Each year, you must earn and post at least 40 continuing professional education credits through educational activities, such as attending live events, online seminars and other learning opportunities. There is also an annual maintenance fee.
Why get a CISSP?
Most current and would-be CISSPs say the primary reason they want a CISSP is to increase their marketability. Other motivations include filling in knowledge gaps, earning peer recognition, expanding one’s professional network and contributing to the development and maturation of the profession.
One benefit of CISSP certification is that, in preparing for the exam, you’re going to learn a lot about subjects you didn’t know about before. Sure, some of this material is boring and impractical, but studying for the exam will give you a very strong knowledge base, no matter how hard it seems at the time.
What’s the exam like?
The English-language exam is 100 to 150 questions. These comprise multiple-choice questions, as well as advanced innovative questions.
The English exam uses Computerized Adaptive Testing, using an algorithm to adjust the difficulty of each successive question based on the candidate’s ability level. Candidates are given three hours to complete the exam.
The questions are weighted differently, adding up to 1,000 points. To pass the CISSP exam, you must obtain a minimum passing score of 700. You only receive a score of pass or fail.
If you fail the exam, (ISC)2 reveals some details of your performance. You will receive a ranking of the exam domains according to the percentage of questions you answered correctly.
What subjects does the exam cover?
The exam tests on topics from the eight CBK domains:
- Security and Risk Management
- Asset Security
- Security Engineering
- Communications and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
How hard is it to pass the CISSP exam?
The exam is best characterized as an inch deep and a mile wide. With that in mind, how difficult is the CISSP exam? It is a matter of perspective.
Some domains cover more material — and in greater depth — than others, but this can be deceiving. Many candidates score poorly because they over-prepare for the big domains and under-prepare for the small ones. It’s unlikely that the exam will present you with an equal distribution of questions across all eight domains. To achieve a passing score, the only safe bet is to study each domain thoroughly.
Another common mistake is to adopt a uniform approach to learning the material. Some domains are fact-oriented. You either know the bit size of an MD5 message digest or you don’t. Others are more contextual and interpretative, focusing on standards, principles or best practices.
Chauster CISSP Program:
We design this program using feedback from current CISSPs especially those who have recently passed the exam. The approach we came up with will ensure that you get the best results from time you invest in studying. This approach is best suited for those seeking to only take the CISSP exam once and passing.
- TechEd360 CISSP Training
- Official (ISC)² Guide to the CISSP CBK
- Official (ISC)² CISSP Study Guide
- TechEd360 CISSP Exam Simulator
- CISSP All-in-One
- CISSP MP3
- Sybex CISSP Study Guide
- 500 Practice Questions
- Including 100 Retired Exam Questions