The shortage of information security skills is already impacting Australia’s private and public sectors. In this environment, demand often outweighs the supply of experienced candidates with well-regarded IT security qualifications. The CISSP (Certified Information Systems Security Professional) is a highly regarded qualification, and could take you to the next level in your IT security career.
What type of certification is CISSP?
The CISSP is a vendor-neutral certification granted by the non-profit International Information System Security Certification Consortium, or (ISC)2. It’s a globally recognised qualification with over 115,000 members in over 164 countries. Over 2,000 members hold an (ISC)2 qualification in Australia compared to over 75,000 in the US.
CISSP is the first information security credential to meet the high requirements of ISO/IEC Standard 17024. It’s designed to demonstrate deep technical knowledge and managerial skill in designing, engineering, implementing, and managing information security programs.
Who should obtain CISSP?
CISSP is designed for those with professional experience in information security, usually with five years or more of experience on the job. Security consultants, security managers, and IT directors or chief information officers are ideal candidates for the CISSP. CISSP can also be advantageous for security auditors, security architects, and security analysts. Security system engineers, directors and security, and network architects are some other roles suitable for the CISSP certification.
Benefits of CISSP
The CISSP is the gold standard in security certification. It has a strong global membership and is a highly valued credential. Holding a CISSP demonstrates to employers you’re an experienced, qualified security professional. Given the strong demand for information security professionals, a CISSP can be highly attractive to prospective employers.
- High standards – Holding a CISSP demonstrates you meet the high standards of the qualification, which includes relevant work experience, passing a rigorous exam, and endorsement by another (ISC)2 IT professional.
- Global recognition – CISSP has a global membership base and is recognised by the US Department of Defense for its high standards.
- Up–to–date deep knowledge – The CISSP is designed to provide detailed, up-to-date knowledge to information security professionals. Covering major areas such as new threats, regulations, standards, and practices, the CISSP is a great way to keep your knowledge and skills relevant.
- Employer demand – According to recruiters, security professionals with CISSP will be in high demand throughout 2017. The CISSP is a way to further differentiate yourself from competitors in the job market, by demonstrating your security knowledge is deep and current.
The CISSP covers the eight Common Body of Knowledge (CBK) domains.
- Security and risk management – This domain covers concepts such as confidentiality, compliance, legal and regulatory issues, professional ethics, and security policies.
- Asset security – The asset security domain is concerned with protecting the security of assets. It encompasses information and asset classification, data and system ownership, data security controls, and handling requirements.
- Security engineering – This domain includes concepts such as engineering and management of security, engineering processes, secure design principles, security evaluation, vulnerabilities, cryptography, and physical security.
- Communication and network security – This domain encompasses designing and protecting network security, including network architecture design, network components, communication channels, and network attacks.
- Identity and access management – This covers access control and identity management concepts such as authentication, identity as a service, third-party identity services, and access control attacks.
- Security assessment and testing – This domain includes security control testing, assessment strategies, and all key facets of security testing.
- Security operations – This domain covers investigations, incident management, and disaster recovery.
- Software development security – This domain encompasses key concepts in software security, such as software security effectiveness and security in the software development cycle.
Requirements for certification
The requirements for CISSP certification include work experience, a six-hour exam, and endorsement from a current (ISC)2 certified professional.
1. Work experience
You need to have at least five years of accumulated full-time work experience in at least two of the CBK domains. The work experience must be paid work, and a four-year university degree (or equivalent) can substitute for one year of the five required years.
If you don’t have the requisite work experience, you can still sit the exam. If you pass, you’ll become an Associate of (ISC)2 until you have sufficient work experience for the CISSP certification.
The CISSP exam runs for six hours and features 250 multiple choice and Drag & Drop and Hotspot questions. You’ll need to obtain 700 out of 1,000 points to pass the exam. You’ll need to complete the exam agreement and commit to the (ISC)2 Code of Ethics before you take the exam. You can find out more about the exam by reviewing the exam outline.
When you pass the exam, you can obtain endorsement for your application. You’ll need to complete the endorsement form and have it signed by an (ISC)2 certified professional who’s currently a member, within nine months of your exam date. The (ISC)2 can act as your endorser if you can’t find someone to endorse your application.
Validity and renewal
Certification is effective for three years, so you’ll need to recertify every three years. Recertification requirements include 40 continuing professional education credits per year (or 120 credits for the three years). You’ll also need to pay the annual fee and continue to abide by the (ISC)2 Code of Ethics.
Obtaining qualifications for a successful IT security career
The CISSP is one of the most highly regarded credentials for experienced IT security professionals. By holding a CISSP, you demonstrate you have current, deep knowledge necessary for design through implementation of security IT systems.
Given the rigorous exam, taking a comprehensive training course can help you succeed in obtaining your CISSP certification. ALC Training is a world-class training provider specialising in information security. To find out more about our intensive CISSP training course, contact us today for more information.