Certified Information Systems Security Professional
Certified Information Systems Security Professional (CISSP) is an independent information security certification granted by the International Information System Security Certification Consortium, also known as (ISC)².
As of May 31, 2019 there are 136,480 (ISC)² members holding the CISSP certification worldwide, in 171 countries with the United States holding the highest member count at 87,343 members.[1] In June 2004, the CISSP designation was accredited under the ANSI ISO/IEC Standard 17024:2003.[2][3] It is also formally approved by the U.S. Department of Defense (DoD) in their Information Assurance Technical (IAT), Managerial (IAM), and System Architect and Engineer (IASAE) categories for their DoDD 8570 certification requirement.[4]
History[edit]
In the mid-1980s, a need arose for a standardized, vendor-neutral certification program that provided structure and demonstrated competence. In November 1988, the Special Interest Group for Computer Security (SIG-CS), a member of the Data Processing Management Association (DPMA), brought together several organizations interested in this goal. The International Information Systems Security Certification Consortium or "(ISC)²" formed in mid-1989 as a non-profit organization.[5]
By 1990, the first working committee to establish a Common Body of Knowledge (CBK) had been formed. The first version of the CBK was finalized by 1992, and the CISSP credential was launched by 1994.[6]
In 2003 the CISSP was adopted as a baseline for the U.S. National Security Agency's ISSEP program.[7]
Certification subject matter[edit]
The CISSP curriculum covers subject matter in a variety of Information Security topics.[8] The CISSP examination is based on what (ISC)² terms the Common Body of Knowledge (or CBK). According to (ISC)², "the CISSP CBK is a taxonomy – a collection of topics relevant to information security professionals around the world. The CISSP CBK establishes a common framework of information security terms and principles that allow information security professionals worldwide to discuss, debate and resolve matters pertaining to the profession with a common understanding."[9]
From 15 April 2018, the CISSP curriculum is updated as follows:[10]
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
From 2015 to early 2018, the CISSP curriculum is divided into eight domains similar to the latest curriculum above. The only domain to have changed its name was "Security Engineering," which in the 2018 revision was expanded to "Security Architecture and Engineering."[11]
Before 2015, it covered ten similar domains.
Requirements[edit]
- Possess a minimum of five years of direct full-time security work experience in two or more of the (ISC)² information security domains (CBK). One year may be waived for having either a four-year college degree, a master's degree in Information Security, or for possessing one of a number of other certifications.[12] A candidate without the five years of experience may earn the Associate of (ISC)² designation by passing the required CISSP examination, valid for a maximum of six years. During those six years a candidate will need to obtain the required experience and submit the required endorsement form for certification as a CISSP. Upon completion of the professional experience requirements the certification will be converted to CISSP status.[13]
- Attest to the truth of their assertions regarding professional experience and accept the CISSP Code of Ethics.[14]
- Answer questions regarding criminal history and related background.[15]
- Pass the multiple choice CISSP exam with a scaled score of 700 points or greater out of 1000 possible points.[15]
- Have their qualifications endorsed by another (ISC)² certification holder in good standing.[16]
Member Counts[edit]
Number of CISSP members as of May 31, 2019.[17]
Country (Top 12) | Count |
---|---|
United States | 87,343 |
United Kingdom | 7,229 |
Canada | 5,649 |
South Korea | 2,733 |
Netherlands | 2,617 |
Australia | 2,539 |
India | 2,370 |
Mainland China | 2,538 |
Japan | 2,401 |
Germany | 2,299 |
Singapore | 2,082 |
Hong Kong | 1,773 |
Concentrations[edit]
Holders of CISSP certifications can earn additional certifications in areas of specialty. There are three possibilities:[18]
- Information Systems Security Architecture Professional (CISSP-ISSAP), an advanced information security certification issued by (ISC)² that focuses on the architecture aspects of information security. The certification exam consists of 125 questions covering six domain areas:
- Identity and Access Management Architecture
- Security Operations Architecture
- Infrastructure Security
- Architect for Governance, Compliance, and Risk Management
- Security Architecture Modeling
- Architect for Application Security
As of May 31, 2019, there were 2,003 (ISC)² members holding the CISSP-ISSAP certification worldwide. [19]
- Information Systems Security Engineering Professional (CISSP-ISSEP), an advanced information security certification issued by (ISC)² that focuses on the engineering aspects of information security across the systems development life cycle.[20] In October 2014 it was announced that some of its curriculum would be made available to the public by the United States Department of Homeland Security through its National Initiative for Cybersecurity Careers and Studies program.[21] Both ZDNet and Network World have named ISSEP one of tech’s most valuable certifications.[22][23] The certification exam consists of 150 questions covering 5 domain area:
- Security Engineering Principles
- Risk Management
- Security Planning, Design, and Implementation
- Secure Operations, Maintenance, and Disposal
- Secure Engineering Technical Management
As of May 31, 2019, there were 1,178 (ISC)² members holding the CISSP-ISSEP certification worldwide. [24]
- Information Systems Security Management Professional (CISSP-ISSMP), an advanced information security certification issued by (ISC)²[25] that focuses on the management aspects of information security.[26] In September 2014, Computerworld rated ISSMP one of the top ten most valuable certifications in all of tech.[27] The certification exam consists of 125 questions covering 6 domain areas:
- Leadership and Business Management
- Systems Lifecycle Management
- Risk Management
- Threat Intelligence and Incident Management
- Contingency Management
- Law, Ethics, and Security Compliance Management
As of May 31, 2019, there were 1,216 (ISC)² members holding the CISSP-ISSMP certification worldwide. [28]
Initial fees and ongoing certification[edit]
The standard exam costs 699 USD or 650 EUR as of 2019.[29] The CISSP credential is valid for three years; most holders renew by submitting Continuing Professional Education (CPE) credits. There is also a yearly membership fee required to maintain certification, this fee was increased by nearly 50% starting in mid-2019.[30][31]
Value[edit]
In 2005, Certification Magazine surveyed 35,167 IT professionals in 170 countries on compensation and found that CISSPs led their list of certificates ranked by salary. A 2006 Certification Magazine salary survey also ranked the CISSP credential highly, and ranked CISSP concentration certifications as the top best-paid credentials in IT.[32][33]
In 2008, another study came to the conclusion that IT professionals with CISSP (or other major security certifications) and at least 5 years of experience tend to have salaries around US, about US (or 26%) higher than IT professionals with similar experience levels who do not have such certificates.[34] Note that any actual cause-and-effect relationship between the certificate and salaries remains unproven.[citation needed]
As of 2017, a study by CyberSecurityDegrees.com surveyed some 10,000 current and historical cyber security job listings that preferred candidates holding CISSP certifications. CyberSecurityDegrees found that these job openings offered an average salary of more than the average cyber security salary.[35]
ANSI certifies that CISSP meets the requirements of ANSI/ISO/IEC Standard 17024, a personnel certification accreditation program.[2]
See also[edit]
- CISM (Certified Information Security Manager)
References[edit]
- ↑ "Member Counts". (ISC)². Retrieved 26 November 2019.
- ↑ 2.0 2.1 ANSI Accreditation Services - International Information Systems Security Certification Consortium, Inc. (ISC)2 Archived July 18, 2012, at the Wayback Machine. ANSI
- ↑ "(ISC)² CISSP Security Credential Earns ISO/IEC 17024 Re-accreditation from ANSI" (Press release). Palm Harbor, FL: (ISC)². September 26, 2005. Archived from the original on March 2, 2010. Retrieved November 23, 2009. Unknown parameter
|url-status=
ignored (help) - ↑ "DoD 8570.01-M Information Assurance Workforce Improvement Program" (PDF). United States Department of Defense. January 24, 2012. Retrieved April 12, 2012.
- ↑ Harris, Shon (2010). All-In-One CISSP Exam Guide (5 ed.). New York: McGraw-Hill. pp. 7–8. ISBN 978-0-07-160217-4. Search this book on
- ↑ History of (ISC)². (ISC)²
- ↑ "NSA Partners With (ISC)² To Create New InfoSec Certification". February 27, 2003. Archived from the original on September 29, 2011. Retrieved December 3, 2008. Unknown parameter
|url-status=
ignored (help) - ↑ Conrad; Misenar; Feldman. 11th Hour CISSP. Syngress. ISBN 978-0-12-417142-8. Search this book on
- ↑ Tipton; Henry (2006-11-14). Official (ISC)² Guide to the CISSP CBK. Auerbach Publications. ISBN 0-8493-8231-9. Search this book on
- ↑ "CISSP-Exam-Outline-121417--Final.ashx". (ISC)². Retrieved 20 Apr 2018.
- ↑ "(ISC)² CISSP and SSCP Domain Refresh FAQ". (ISC)². Retrieved 15 May 2015.
- ↑ "CISSP Professional Experience Requirement". (ISC)². 2009. Retrieved December 3, 2008.
- ↑ "How to Become an Associate". (ISC)². 2009. Retrieved November 23, 2009.
- ↑ "(ISC)² Code of Ethics". (ISC)². 2009. Retrieved December 3, 2008.
- ↑ 15.0 15.1 "How To Certify". (ISC)². 2009. Retrieved December 3, 2008.
- ↑ "Endorsement". (ISC)². 2009. Retrieved August 2, 2015.
- ↑ "Member Counts | How Many (ISC)² Members Are There Per Certification | (ISC)²". www.isc2.org. Retrieved 2018-12-21.
- ↑ "CISSP® Concentrations". (ISC)². Archived from the original on 11 December 2014. Retrieved 17 January 2015. Unknown parameter
|url-status=
ignored (help) - ↑ "Member Counts | How Many (ISC)² Members Are There Per Certification | (ISC)²". www.isc2.org. Retrieved 2019-11-26.
- ↑ InfoSecurity Magazine (Sep 2009): Finding your way: An overview of information security industry qualifications and associations
- ↑ (ISC)² Offers Certification Via DHS
- ↑ ZDNet (Feb 2014): 20 technology certifications that are paying off
- ↑ Network World (Dec 2013): 18 Hot IT Certifications for 2014
- ↑ "Member Counts | How Many (ISC)² Members Are There Per Certification | (ISC)²". www.isc2.org. Retrieved 2019-11-26.
- ↑ GCN: DOD approves new credentials for security professionals
- ↑ InfoSecurity Magazine (Sep 2009): Finding your way: An overview of information security industry qualifications and associations
- ↑ ComperWorld: IT skills that are in demand, and those that will be
- ↑ "Member Counts | How Many (ISC)² Members Are There Per Certification | (ISC)²". www.isc2.org. Retrieved 2019-11-26.
- ↑ "exam prices". (ISP)^2. Retrieved 29 April 2019.
- ↑ "Maintaining Your Credential". (ISC)². 2009. Retrieved December 3, 2008.
- ↑ Annual Maintenance Fee. (ISP)^2 https://www.isc2.org/AMFs-Overview. Retrieved 29 April 2019. Missing or empty
|title=
(help) - ↑ Certification Magazine (2007-04-11). "Top Certifications by Salary in 2007". Certification Magazine. Archived from the original on 2007-03-29. Retrieved 2007-10-14.
- ↑ Sosbe, Tim; Hollis, Emily; Summerfield, Brian; McLean, Cari (December 2005). "CertMag's 2005 Salary Survey: Monitoring Your Net Worth". Certification Magazine. CertMag. Archived from the original on 2007-06-07. Retrieved 2007-04-27. Unknown parameter
|url-status=
ignored (help) - ↑ Brodkin, Jon (2008-06-11). Salary boost for getting CISSP, related certs. Network World, IDG, 11 June 2008. Retrieved from http://www.networkworld.com/newsletters/2008/060908ed1.html.
- ↑ CyberSecurityDegrees.com's Study of the Most Lucrative Cyber Security Certifications. Cyber Security Degrees. Retrieved from https://cybersecuritydegrees.com/faq/most-popular-cyber-security-professional-certifications/.
External links[edit]
This article "Certified Information Systems Security Professional" is from Wikipedia. The list of its authors can be seen in its historical. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.