Get Matched With Information Systems Programs
Have you been fascinated with the Internet since you opened your first browser and visited your first website? If you have been, then as time progressed, you’ve likely become even more interested in how the Internet works and the safeguards put into place to protect those who use it. This might even have led you to major in Information Technology and Security in college. Now you have a shiny degree and have been told by those working in the field that you need to attain certifications and almost all the professionals suggested you start with the CISSP, also known as the Certified Information Systems and Security Professional. Wondering what that is, why you need it, and how to get it? Keep reading to learn about the certification and the CISSP exam.
Why Earn the CISSP?
Attaining the CISSP certification is a foundation on which an IT security career can be built. By attaining an information security certification, an IT professional can join an organization that helps design and execute IT security throughout the world. Although it is possible to work as an IT security professional without the information security certification, a security professionals career will plateau quickly and room for advancement will be limited. Anyone who wants to rise in the ranks of IT security would be wise to attain this certification. If a security professionals went to the trouble of getting a degree in information technology and security, it just makes sense to continue that education and attain certification in the field by passing the CISSP exam.
Compare Popular Online Information Systems Programs
Overview of Who Offers CISSP Certification?
CISSP certification training is offered by the International Information Systems Security Certification Consortium, also known as (ISC)2. The organization was founded in 1989 and is a non-profit membership association for information systems security professionals. The organization has more than 140,000 certified members who work to create and execute information security measures in the United States and other countries.
Along with the CISSP certification, (ISC)2 also provides certification in the following areas:
- Systems Security Certification Practitioner (SSCP)
- Certified Cloud Security Professional (CCSP)
- Certified Authorization Professional (CAP)
- Certified Secure Software Lifecycle Professional (CSSLP)
- Certified Information Systems Security
- Healthcare Information Security and Privacy Practitioner (HISPP)
How to Get Certified
Work Experience/Associate of (ISC)2
In order to qualify to take the CISSP certification exam, an applicant must have a minimum of five years of professional work experience in the information security field. Their work history must include at least two of the 10 CISSP domains in the (ISC)2 CISSP Common Body of Knowledge (CBK).
Find Your Online Information Systems Program
An applicant can qualify for a waiver of one year of work experience if they meet one of the following qualifications:
- Have attained a four-year degree from an accredited college or university
- An advanced degree in Information Security (Information Security Certification) from a US National Center of Academic Excellence in Information Security (CAE-IAE)
- Hold a credential from the (ISC)2 approved list:
- Microsoft Certified Solutions Expert (MCSE)
- CompTIA Security+
- Certified Information Systems Auditor (CISA)
The waiver means that, instead of needing five years of work experience, an applicant only needs four years.
Taking the CISSP Exam
The CISSP exam is given year-round at authorized testing centers around the world. That said, many applicants have to travel to get to the nearest authorized testing location to take the CISSP exam.
The certification exam itself consists of 250 multiple-choice questions, based on the following CISSP examination domains (with some of the required knowledge concepts). There are eight domains total which you need to become familiar with:
- Domain 1. Security and Risk Management - Average Weight 15%
- Understand, adhere to, and promote professional ethics
- Understand and apply security concepts
- Evaluate and apply security governance principles
- Determine compliance and other requirements
- Understand legal and regulatory issues that pertain to information security
- Contribute to and enforce personnel security policies and procedures
- Understand and apply the security and risk management concepts
- Apply Supply Chain Risk Management (SCRM) concepts
- Establish and maintain a security awareness, education, and CISSP training programs
- Domain 2. Asset Security - Average Weight 10%
- Identify and classify information and assets (data classification/asset classification)
- Establish information and asset security handling requirements
- Provision resources securely
- Manage data lifecycles
- Ensure appropriate asset retention
- Determine data security controls and compliance requirements
- Domain 3. Security Architecture and Engineering - Average Weight 13%
- Research, implement and manage security engineering processes using secure design principles
- Understand the fundamental concepts of network security engineering models
- Understand security capabilities of Information Systems (IS)
- Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
- Select and determine cryptographic solutions
- Understand methods of cryptanalytic attacks
- Apply security principles to site and facility design
- Design site and facility security architecture controls
- Domain 4. Communication and Network Security - Average Weight 13%
- Assess and implement secure design principles in network security architecture
- Secure network components
- Implement secure communication channels according to design
- Domain 5. Identity and Access Management (IAM) - Average Weight 13%
- Control physical and logical access to assets
- Manage identification and authentication of people, devices, and services
- Federated identity with a third-party service
- Implement and manage authorization mechanisms
- Manage the network security identity and access provisioning lifecycle
- Implement authentication systems
- Domain 6. Security Assessment and Testing - Average Weight 12%
- Design and validate access management security assessment, test, and audit strategies
- Conduct security control testing
- Collect security process data
- Analyze test output and generate report
- Conduct or facilitate security audits
- Domain 7. Security Operations - Average Weight 13%
- Understand and comply with investigations
- Conduct logging and monitoring activities
- Perform Configuration Management (CM)
- Apply foundational security operations concepts
- Apply resource protections for security operations
- Conduct incident management
- Operate and maintain detective and preventative measures
- Implement recovery strategies
- Implement Disaster Recovery (DR) processes
- Test Disaster Recovery Plans (DRP)
- Implement and manage physical security
- Address personnel safety and security concerns
- Domain 8. Software Development Security - Average Weight 11%
- Understand and integrate security in the Software Development Life Cycle (SDLC)
- Identify and apply security controls in software development security ecosystems
- Assess the effectiveness of software development security
- Assess security impact of acquired software
- Define and apply secure coding guidelines and standards
Test takers have six hours to complete as many questions correctly as possible. To pass, an applicant must score a minimum of 700 points out of a possible 1,000. If an applicant has studied the testing guide provided by the (ISC)2 or another study organization and taken at least one practice test, the questions should at least be familiar.
Find Online Information Systems Schools
You can sign up to take the certification exam on the Pearson VUE website. Applicants will have to create an account and then follow the prompts to register for the exam. The exam costs $549 if you register early or $599 if you miss the early registration deadline. If you take the exam at a testing location there are several network security protocols you must follow such as providing a valid ID; taking nothing with you into the testing location including drinks, cell phones, or books; and only a proctor can let you in or out of the testing facility.
Code of Ethics and Endorsement
After an applicant has taken and passed the CISSP exam, they have to get a written endorsement. The endorsement must come from an active (ISC)2 credential holder who can attest to the applicant’s industry knowledge. Along with this endorsement, applicants must agree to adhere to the code of ethics established by the (ISC)2.
The code is broken down into four canons:
- Protect society, the commonwealth, and the infrastructure
- Act honorably, honestly, justly, responsibly, and legally
- Provide diligent and competent service to principals
- Advance and protect the profession
Basically, (ISC)2 members agree to act and perform their duties at the highest level of ethics and integrity. They are bound to treat fellow members, employers, and the public properly and to act truthfully and with solidly ethical actions.
Annual Maintenance Fees
Annual maintenance fees are used to keep the (ISC)2 organization going. The fees also cover programs that help keep members informed and trained in the latest network security protocols. There are two tiers of membership fees broken down according to membership level.
- Certified (ISC)s member
Annual maintenance fees are a flat $125, due on the anniversary of their certification. Certified members only pay $125 regardless of the number of information security certification they hold with the (ISC)2. - Associate (ISC)2 member
Annual maintenance fees are $50, due on the anniversary of becoming an associate.
How to Prepare for the Test
The best way to prepare for the CISSP examination is to study for it. Both Pearson and the (ISC)2 offer study guides for purchase. You can also take practice tests that are provided with the study materials. As a general rule, an applicant should study a portion of the material each night for several months. Taking a practice test before you start studying will provide a baseline and help reveal the areas where you need to focus your studying efforts. After several weeks of studying, take more practice tests and see where you still need work. Using this method will best help you prepare for the exam. Cramming for the test just weeks or days before the exam is discouraged. It’s also ill-advised to rely on your work experience for a passing score, as your work experience might not sync perfectly with the testing materials. You’ll also want to make sure all your needed paperwork is in order and that you were truthful on your application. This is especially important because a portion of new applicants are audited. If during the audit it is found that you weren’t truthful in your application, membership to the (ISC)2 will possibly be revoked.
Advantages to CISSP Certification
Earning the CISSP certification can benefit a certified information systems security professional in a variety of ways. As with other professions, you are taken more seriously if you have an advanced degree or specialized CISSP training in an area. Attaining the certification shows that you went the extra step to study, sit for, and pass an exam as well as going through the screening process and being accepted for membership with (ISC)2. For many in the information security field, this is an important distinction. Along with making you look more credible, it also makes you more marketable. Companies want its employees to stay in tune with the latest goings-on, so the CISSP certification shows that you’re willing to do so, especially considering the certification has to be renewed every three years. As part of the renewal process, certified professionals have to log 120 continuing education credits focused on security and information technology. Setting yourself up as an expert that stays informed also equates to more money. The certification means you can command a higher salary than a worker who doesn’t hold the certification.
Typical CISSP Certification Responsibilities & Duties
A Certified Information Systems Security Professional duties might vary a bit from one employer to another, but there are some core duties and responsibilities a professional will have regardless of where they’re working.
Some of these duties include:
- Understanding dangers to the security of data and information
- The skills to repair and/or fortify frameworks where breaches occur or could occur
- The ability to work with various sorts of PC systems
- A willingness to follow the code of ethics adopted by CISSP
- Have the expertise to configure, build, and deal with the general security stance of an association or organization.
Search Programs Offering Information Systems Majors
Along with these skills and duties, an information systems security professional needs soft skills such as written communication, verbal skills, the ability to multitask, and the ability to work independently as well as with a group.
Careers and Salaries for CISSP Professionals
CISSP professionals can make a decent salary even at the beginning of their careers. According to the US Bureau of Labor Statistics, the average salary of an IT professional with less than five years of experience is $96,000. Salaries differ according to various factors. An information security expert with more than five to nine years’ experience can earn $87,005 but that increases dramatically after 10 years where the annual salary jumps to an average of $102,591, and general tops out at $117,000 for someone with 20 or more years’ experience. A salary can also be affected by geographic location. Two IT information systems security professionals, one in Atlanta, the other in NYC might have the same education, work experience, and hold the same certifications but the professional in Atlanta earns $96,372, while the NYC IT professional brings in $119,840. Finally, CISSP holders can also determine how much a professional earns. Security Architects earn the highest salaries, coming in at an average of $110,451. Information Security Managers and IT Directors can expect to earn $105,000 on average, while a security engineer earns an average of $92,293.
Demand for CISSP professionals is expected to grow at a rate of 32%, which is much faster than job growth in other industries, according to the BLS. It is anticipated and an additional 35,500 IT professionals will be needed by 2028. Once you are CISSP certified, popular careers that a higher education and a CISSP credential can prepare you for are:
-
Security analyst
Chief information security officer (CISO)
Security manager
Software security engineer
Computer security analyst
Software security analyst
Information security manager
Security architect
Cloud computing engineer
Chief information officer (CIO)
Incident response security professional
Next Steps
Once you have attained the CISSP, you might be wondering “What’s next?” As we mentioned above, the (ISC)2 also offers certification in the following areas:
- Systems Security Certification Practitioner (SSCP)
- Certified Cloud Security Professional (CCSP)
- Certified Authorization Professional (CAP)
- Certified Secure Software Lifecycle Professional (CSSLP)
- Healthcare Information Security and Privacy Practitioner (HISPP)
If you think your focus is going to shift, attaining a certification in those possible areas would be ideal. For example, if you are considering working in the healthcare field, attaining the HISPP certification would make you more marketable in that industry pool. Plus, in the IT field, there is no such thing as too much education. Globally speaking, there are still many people who are just discovering the Internet; their online experience needs to be as safe as possible, and an IT professional’s expertise is needed to ensure that.