What are the Qualifications required for Taking CISSP Exams?
Certification: ISC CISSP - Certified Information Systems Security Professional
CISSP or Certified Information Systems Security Professional is an independent information security certification governed by the (ISC) ². It is a globally recognized standard of achievement that confirms an individual’s knowledge in the field of information security. It is an information assurance professional that define the architecture, management, design or controls that assure the security of business environments. It was the first certification method in the field of information security. The CISSP held examination to certify a candidate who will become a skilled and acknowledgeable professional in the field of information security. Once a person is certified through (ISC)² he or she will gain a tested and verifiable proof of proficiency in their field, promotion potential, higher salary, entrance to the largest communities of information security professionals and have the access to global resource and a wealth of ongoing information security opportunities. To become a CISSP one must go through some necessary steps. A brief note of them is given below:
Basis of CISSP exam:
The CISSP exam tests one’s competence or ability in the ten CISSP domains of the (ISC) ². These cover the critical topics in security including cloud computing, mobile security, risk management, application development security and more. One should have the competence in these following ten domains:
- Access Control Systems and Methodology:a collection of mechanisms which work together to create security to protect the assets of the information system.
- Telecommunications and Network Security:it consists of network structures, security systemthat provides stability, confidence and availability.
- Risk Management and Security Governance:it produces the identification of an organization’s information assets and documentation, development and implementation of standards, guidelines and procedures.
- Security for the Development of Software: it refers to the controls that are included within application software and systems and the steps used in their development.
- Cryptography:it consists of the methods and principles of disguising information to ensure its confidentiality, integrity and authenticity.
- Architecture Security and Design:it contains the principle, ideas, standards and structures used to develop, design, monitor and secure operating systems, networks, equipment, applications and those which controls to enforce various levels of stability, confidentiality and availability.
- Computer Operations Security:it is used to indentify the controls over media, operators and hardware with access to any of these resurces.
- Continuation of Business and Planning for Disaster Recovery:the preservation of business is addressed by this with major disruptions to normal business operations.
- Laws and Regulations, Investigations and Compliance:computer crime laws and regulations are addressed and the investigative measures and techniques can be used to determine whether a crime has been committed and methods to gather evidence.
- Physical (Environmental) Security: it addresses the vulnerabilities, threats and countermeasures that can be utilized to protection of an enterprise’s resource and sensitive information physically.
The exam of CISSP is multiple choice consisting 250 words with four options each. The questions need to be answered over a period of six hours. Among these, 25 questions are experimental which are not graded. Candidates need to pass the CISSP exam with a scale score of 700 points or greater out of 1000 points. The exam is a computer based testing and its availability is worldwide via Pearson Vue Testing Centers. Before appearing the examination, candidate can take part in various seminars held by CISSP. More over, candidates can open an account in the website for the time schedule and sample questions of the examination. It will help the candidate to practice and appear in the exam duely.
Professional work experience:
Candidates need to have minimum five years of direct full-time security professional work experience in two or more of the ten domains of (ISC) ² or four years of direct full-time work experience in one or more of the ten domains with a degree. One year may be waived for having a Master’s degree in Information Security or having a four year college degree. A candidate who does not possess the necessary five years of experience may earn the Associate of (ISC) ² designation by passing the required CISSP examination which is valid for a maximum of six years from the date (ISC) ² notifies the candidate of having passed the exam. During those years a candidate will need to obtain the required experience and submit the endorsement form for the certification. This will be converted to CISSP status. One must also pay an annual maintenance fee of $85 at the end of each certification year. For the renewal and recertification procedure, after every three years candidates must earn 120 Continuing Professional Education credits. But what is most important is that candidate must have professional experience to take participation in the examination. Without working experience, one can take part in CISSP examination test but need to gather experience later to ensure his or her eligibility.
Accept the CISSP code of ethics:
Members of (ISC) ² must accept the CISSP code of ethics to recognize the certification which is a privilege. All members are required to fully support this Code of Ethics. If a member intentionally or knowingly violate any provision of Code will be subject to action. All members are obligated to follow the ethics complaint procedure while observing any action committed by any member of (ISC) ² who breached the Code. There are four mandatory canons in the Code which are as follows:
- Protect society, necessary public trust and confidence, the common good and the infrastructure.
- Provide services to principals.
- Protect the profession
- Act honestly, justly, responsibly, honorably and legally.
Endorsed by (ISC)² professional:
Candidates need to have their qualifications endorsed by another CISSP in good standing. This attests that the candidate’s assertions regarding professional experience are true to the best of their knowledge. And it also certifies that the candidate is in good standing within the information security industry.