Step 1:
Security and risk management
This domain covers the fundamental concepts of information security including governance, compliance, regulations, and how to assess and manage risks. Domain 1 makes up 16% of the CISSP exam.
Click HereAbout the CISSP certificationzzzz
The Certified Information Systems Security Professional (CISSP) certification is one of the most globally recognized certifications in the cybersecurity industry. It validates the skills and knowledge of security professionals in designing, developing and managing a cybersecurity program.
The CISSP Common Body of Knowledge (CBK) includes a broad spectrum of topics that encapsulates all relevant disciplines in the field of cybersecurity. These disciplines are categorized into the following eight domains:
Domain 1: Security and risk management
Domain 2: Asset security
Domain 3: Security architecture and engineering
Domain 4: Communication and network security
Domain 5: Identity and access management (IAM)
Domain 6: Security assessment and testing
Domain 7: Security operations
Domain 8: Software development security
The CISSP exam assesses your knowledge, and even more importantly, your competence as a security professional. We will take a more in-depth look at these 8 domains in the CISSP study guide section below.
Brief History of CISSP
First introduced in 1994, the CISSP certification is a vendor-neutral certification program granted by the International Information Systems Security Certification Consortium ISC2 to qualified security professionals. In 2004, this certification was accredited under the ANSI ISO/IEC Standard 17024:2003, making it the first security certification to be recognized.
It also meets the requirements of the U.S. Department of Defense (DoD) Directive 8570.1, which was replaced by DoD 8140.01 as of October 5, 2020. This means that the CISSP certification is an approved baseline certification for those who are planning to work in the DoD cyber workforce, specifically in the Information Assurance Technical (IAT), Information Assurance Managerial (IAM), and Information Assurance System Architect and Engineer (IASAE) categories.
In 2020, the CISSP security certification was deemed a qualification level comparable to Level 7 of the Regulated Qualifications Framework (RQF) by the U.K National Academic Recognition Information Centre. This means that a CISSP-certified individual has a qualification level equal to a master’s degree, not just in the U.K.
As of January 2023, there are 156,054 ISC2 members who hold the CISSP certification all over the globe.
What is an ISC2 certification?
The International Information Systems Security Certification Consortium ISC2 is a nonprofit membership organization for information security leaders. This organization specializes in training and certifications for cybersecurity professionals and is responsible for providing some of the most recognized certifications in the IT field.
It also created and maintains the Common Body of Knowledge (CBK) on which the ISC2 certifications, such as CISSP, are based. Basically, the CBK is responsible for defining the global industry standards and best practices in cybersecurity.
ISC2 certifications provide employers the proof that a cybersecurity professional has a solid foundation of knowledge needed to protect IT infrastructures including systems and networks. All certificates issued by the ISC2 are accredited and recognized by some of the highest global standards for professional certifications including the American National Standards Institute (ANSI), and the International Accreditation Forum, among others.
Apart from the CISSP certification, the organization also offers other certifications such as the Certified Cloud Security Professional (CCSP), the Systems Security Certified Practitioner (SSCP), the Certified Authorization Professional (CAP), the HealthCare Information Security and Privacy Practitioner (HCISPP) and the Certified Secure Software Lifecycle Professional (CSSLP).
Why Get CISSP Certification?
Beyond the potential salary boost, earning the CISSP certification can offer numerous benefits. It's not just about the financial gain; the certification opens doors to new career opportunities, enriches your professional development, and connects you with a global community of like-minded professionals.
The benefits of achieving CISSP status extend far and wide, providing both immediate and enduring rewards. Here are some of them:
Global Recognition: The CISSP is acknowledged worldwide as the gold standard in information security, certifying your expertise and knowledge to employers everywhere.
Enhanced Job Opportunities: Certification can significantly expand your career options, with many organizations preferring or requiring CISSP credentials for their cybersecurity roles.
Professional Development: Preparing for and passing the CISSP exam deepens your understanding of security concepts and practices, fostering professional growth.
Networking Opportunities: As a CISSP, you join a global network of cybersecurity experts, offering unparalleled opportunities for knowledge sharing and professional support.
Credibility with Employers: The CISSP enhances your professional credibility, demonstrating your dedication to security excellence and commitment to your career.
Meeting Industry Standards: Achieving CISSP certification helps ensure compliance with industry and regulatory standards, a key consideration for many organizations.
Personal Achievement: Earning your CISSP is a significant personal accomplishment, marking your commitment to your career and passion for cybersecurity.
By pursuing CISSP certification, you're not just improving your resume; you're investing in a richer, more rewarding professional journey in cybersecurity.
How does the CISSP CAT exam work?
The CISSP CAT exam uses an algorithm that determines your next questions based on your previous answers. It basically estimates your knowledge and abilities as you go along with the test.
The exam flow looks like this: the first few questions are simple and easy to answer. However, the more correct answers you enter, the harder the subsequent questions will get. While this may seem like a bad thing, the sooner you get through the hard questions, the quicker you can pass the test. If you provide a wrong answer or continually provide wrong answers, you can expect the next questions to be a little bit easier, but you’ll be further away from passing the test.
In other words, the CISSP CAT algorithm follows your response to a question and re-estimates your ability based on your answer and the difficulty of the question provided. As you answer more questions, the algorithm’s estimation will become more precise. This allows the system to gather information about your true ability level more efficiently compared to the previous type of testing.
As a result of this more precise evaluation, the maximum exam administration time is reduced from 6 hours to 4 hours. It also reduces the number of questions from 250 to as little as 125. However, it doesn’t change the difficulty of the exam and you’re still expected to study all of the domains in the CISSP CBK.
A major downside of the CAT exam is you have no ability to mark a question for review, or go back and change your answer to a previous question. You must select an answer to each question before you can move on to the next question.
CISSP certification requirements: How to become a certified information systems security professional
Step 2:
Asset security
This domain deals with data and asset classification, data handling, managing the data lifecycle, data protection methods, and data states. Domain 2 makes up 10% of the CISSP exam.
Click Here
Step 3:
Security architecture and engineering
This domain covers security engineering processes, security models, security principles, and security capabilities of Information Systems (ISS). It also tests your knowledge of designing a site and facility security controls. Domain 3 makes up 13% of the CISSP exam.
Click Here
The CISSP examination guide
The CISSP exam outline
The CISSP CAT exam follows specific exam weights for each domain. You can look at the full breakdown of the domains here. However, it's important to remember that you will never know on the exam which domain a question is drawn from. The weight difference between the different domains is minimal. Essentially all of the domains are important and what you should really focus on is what you specifically need to learn in each domain, not the weighting difference between the domains.