Innovative Learning
Exam Pass Assurance
Expert Instructors
CISSP Certification Overview
CISSP certification is a globally recognized credential offered by the International Information System Security Certification Consortium( ISC2). Beginning the journey to earn your CISSP certification credential is a significant milestone in your career. Although it can be a time-consuming and challenging endeavor, this globally recognized certification from ISC2 is undeniably worth the effort. As a sought-after credential held by over a million professionals worldwide, the CISSP certification is essential for every project manager interested in advancing their career.
A CISSP certification is among the gold standards for IT and cybersecurity professionals. This credential can lead to higher salaries, a competitive advantage in the job market and knowledge of the latest industry advancements.
What is the CISSP Certification and why is it important?
The CISSP Certification proves you have what it takes to effectively design, implement, and manage a best-in-class cybersecurity program.
This prestigious certification is not just about credentials; it’s a benchmark of excellence in the field of information security. The CISSP exam is renowned for its rigor, comprising a six-hour test with 250 questions designed to challenge and certify security professionals across a spectrum of critical areas.
Core Domains Covered:
- Access Control Systems and Methodology: Master the techniques to safeguard data and resources.
- Business Continuity Planning and Disaster Recovery: Prepare for and respond to disruptions effectively.
- Physical Security: Ensure the protection of hardware, software, and data.
- Operations Security: Maintain the integrity of operational processes.
- Security Management Practices: Lead with effective policy and governance.
- Telecommunications and Network Security: Secure data transmission across networks.
Additional Areas of Expertise:
- Cryptography: Understand the science behind data encryption.
- Security Architecture: Design robust security frameworks.
- Application and Systems Development: Build secure software and systems.
- Law, Investigation, and Ethics: Navigate the legal and ethical landscape of cybersecurity.
Achieving CISSP certification signifies your ability to cover these domains with proficiency, positioning you as a leader in the cybersecurity landscape.
Additional Benefits of Getting CISSP Certified include:
Increase Your Earning Potential
Salaries for CISSP-certified professionals vary by job title and location. On average, these workers earn around $128,000 per year in North America, according to Payscale. CISSP-certified professionals are some of the most well-paid IT professionals in the industry. This is because employers understand the rigorous process required to become a CISSP, and the credential is recognized on a global scale.
Become a More Competitive Job Candidate
Adding CISSP certification to your cybersecurity resume signifies to recruiters and employers that you are among the top candidates in the information security industry. This credential also guarantees that you have at least four or five years of hands-on experience. Some professionals plan to earn certification to pursue roles outside of their current organizations. (ISC)²’s 2023 workforce study indicates that 17% of respondents pursue credentials for a position with another company, while 15% considered certification to qualify for promotions.
Build Cybersecurity Expertise
Part of the CISSP certification process is becoming intimately familiar with all relevant information in the world of cybersecurity, both to pass the exam and to maintain certification.
After earning their certification, CISSPs must accumulate a set number of continuing education credits. Continuing education helps build expertise and ensure that CISSPs have current, relevant skills.
Participants in (ISC)²’s workforce study reported that their teams recognize the following benefits of employing cybersecurity professionals with certifications like the CISSP.
These workers have a deeper knowledge of critical cybersecurity topics. Certified workers increase confidence in their teams’ ability to handle security challenges. Hiring professionals with cybersecurity certifications ensures current knowledge and practice of information security trends. Certification allows organizations to hire high-level workers with demonstrated expertise in cybersecurity.
Network with Other CISSPs
All CISSPs must become (ISC)² members, granting access to networking opportunities. More than 168,000 cybersecurity professionals are members of (ISC)².
Get CISSP Certified with Confidence
Expert-Led Training Designed for Exam Success
Why take a CISSP training class?
Our CISSP Boot Camp is specifically designed for seasoned information security professionals who manage, design, and oversee enterprise cybersecurity programs. Self-study,or asynchronous online content may offer flexibility, but attending an in-person CISSP Boot Camp provides a structured, focused environment that maximizes your chances of success. In-person training allows you to engage directly with expert instructors, collaborate with peers, and dive deep into complex topics in real time.
This immersive experience accelerates your learning by combining expert-led instruction, hands-on activities, and real-world examples—all essential for mastering the challenging CISSP exam. Upon enrollment, you’ll gain immediate access to a comprehensive pre-study course, ensuring you’re prepared before the class even begins. Invest in an in-person CISSP Boot Camp to sharpen your skills, network with other professionals, and increase your success on the path to certification.
Who should attend?
CISSP boot camp training is ideal for experienced security practitioners, managers and executives interested in validating their knowledge across a wide array of security practices and principles. Before you can sit for the CISSP exam, you need to meet ISC2’s CISSP Eligibility Requirements. This means you will have to be established enough full-time experience in two or more of the eight domains of the current CISSP Exam Outline. Candidates who want to become certified, in a streamlined, managed approach, while maintaining a work-life balance benefit greatly from a structured training class.
What You’ll Learn:
The CISSP exam outline provides details on the eight domains covered by the examination:
- Domain 1. Security and Risk Management
- Domain 2. Asset Security
- Domain 3. Security Architecture and Engineering
- Domain 4. Communication and Network Security
- Domain 5. Identity and Access Management (IAM)
- Domain 6. Security Assessment and Testing
- Domain 7. Security Operations
- Domain 8. Software Development Security
What’s Included in a Boot Camp?
You want to feel confident on exam day, and confidence comes from knowing you’re prepared. A CISSP Boot Camp is the best way to set yourself up for success.
- Five days of intense CISSP training with a certified instructor
- Comprehensive (ISC)2 review manual
- Interactive exercises, examples and knowledge checks
- Chapter quizzes to assess comprehension
- 180-day access to daily lessons recording and content
- In depth conversation with other learners in the class
- Post course stoplight assessment
- CISSP exam pass guarantee
CISSP Certification Course Syllabus
Certified Information Systems Security Professional Course Outline
Duration: 5 Days
Course Description:
This intensive, fast-paced 5-day bootcamp is designed to help IT professionals prepare for the Certified Information Systems Security Professional (CISSP) examination. The course will delve into the eight domains of knowledge, as outlined by the (ISC)² CISSP Common Body of Knowledge (CBK), providing comprehensive understanding of a wide variety of subjects within the field of Information Security.
Course Objectives:
- Gain a comprehensive understanding of the 8 domains outlined in the CISSP CBK.
- Acquire the knowledge and skills needed to pass the CISSP certification exam.
- Understand the latest security trends and practices in the industry.
- Apply practical insights and strategies for test-taking.
Day 1: Introduction and Security and Risk Management (Domain 1)
– Course Introduction: Overview, expectations, exam format, and study strategies
– Confidentiality, Integrity, and Availability Concepts
– Security Governance Principles
– Compliance
– Legal and Regulatory Issues
– Professional Ethics
– Security Policies, Standards, Procedures and Guidelines
Day 2: Asset Security (Domain 2) and Security Architecture and Engineering (Domain 3)
– Information and Asset Classification
– Privacy Protection
– Appropriate Retention
– Data Security Controls
– Security Engineering Processes
– Security Models Fundamental Concepts
– Security Evaluation Models
Day 3: Communication and Network Security (Domain 4) and Identity and Access Management (Domain 5)
– Secure Network Architecture Design
– Secure Network Components
– Secure Communication Channels
– Physical and Logical Assets Control
– Identification and Authentication of People and Devices
– Identity as a Service
Day 4: Security Assessment and Testing (Domain 6) and Security Operations (Domain 7)
– Assessment and Test Strategies
– Security Process Data
– Security Control Testing
– Test Outputs
– Operational Resiliency
– Resource Protection
– Incident Management
Day 5: Software Development Security (Domain 8) and Review Session
– Security in the Software Development Lifecycle
– Development Environment Security Controls
– Software Security Effectiveness
– Acquired Software Security Impact
– Comprehensive Review: Key Topics and Exam Strategies
– Practice Examination
See What Our Students Have to Say
Larry was a phenomenal instructor. He made sure the class was engaged and added examples and scenarios from his personal experience that made the course much more enjoyable. The CISSP boot camp provided a lot of information in a short amount of time and I was worried I would be overwhelmed. I appreciatve the personal asseement and status review done in class to make sure I was on track. I definitely feel prepared for the exam after this course.
The structure of the course, combined with the official (ISC)² materials, practice exams, and real-world examples, made an enormous difference in how I absorbed the content.Our instructor kept us focused on the most important aspects of the program. He was very adept at helping students work through the more complex techniques and frameworks covered in the CISSP domains. I feel far more confident approaching the CISSP exam, and I’m very pleased that I chose this course to prepare.
Benefits of Attending a CISSP Boot Camp
It doesn’t matter what you’re preparing for; one thing is always true: it’s easier to plan it than to do it. When you spend your days making crucial decisions, your well-laid plans often fall victim to diminished self-discipline by nightfall. Sure, you know you should be studying, but that knowledge doesn’t make it any easier to summon the motivation to do it night after night. An accelerated in-person CISSP Boot Camp takes the temptation to postpone test prep off of the table and, instead, gives you space to immerse yourself in the materials. Our courses are designed to remove the distractions of your everyday life so you can fully focus your time and attention on the coursework and be exam-ready in less time than if you’d studied on your own.
But beyond exam preparation, obtaining the CISSP certification can open doors to a wealth of career benefits. Many employers recognize the CISSP as a gold standard in the field of cybersecurity, increasing your professional standing and marketability. According to Burning Glass Technologies, almost one-fourth of cybersecurity job postings in 2020 sought candidates with a CISSP certification, illustrating its high demand in the industry.
Our CISSP Bootcamp gives you more than mere exposure to the fundamentals and concepts on the test. It provides a focused educational experience with a rigorous schedule. Throughout the course, you’ll talk through the concepts and situations with your instructor and peers so you can ground your learning and recall it when you need it.
Moreover, certified information security professionals typically earn a worldwide average of 25% more than their non-certified peers, highlighting the certification’s potential to boost your earning power. With a CISSP credential, you may find yourself eligible for advanced roles such as network security specialist, senior security engineer, information security manager, or even chief security officer.
Interacting with an expert instructor who can translate concepts into practical terms helps to ensure you grasp the content and lets you test your understanding. Studying with a group of your peers in a classroom environment can also help build and maintain your motivation for the exam. It’s easy to get distracted and lose focus when you’re alone at your desk with a book. Studying with others who share your goals can help keep you accountable and sustain or stimulate determination.
Your years of practical experience are the most valuable thing you bring to your role. Without them, you wouldn’t be qualified to sit for the CISSP exam in the first place. Distilling what you know from doing into the foundations and principles on the CISSP exam, however, can challenge even the most experienced project managers. Your CISSP Certification Training Instructor will help you connect your experience to the exam materials, putting what you’ve learned on the job into context so you can apply it on the exam.
Your CISSP Certified trainer is an expert project manager with in-depth understanding of the training materials but also in exam readiness. Every student who enrolls in and completes the Certification Academy CISSP Boot Camp receives one-on-one guidance from their trainer and an individualized learning plan based on their current proficiency and progress towards their education requirements.
In conclusion, obtaining a CISSP certification not only equips you with essential knowledge and skills but also significantly enhances your career prospects and earning potential. With the right preparation and support, you can achieve your certification goals and unlock new opportunities in the dynamic field of cybersecurity.
Interested in attending CISSP Training Remotely?
We offer a live, instructor led course delivered by a remote trainer. Our live online certification course offers the same curriculum as our face to face classes, but from the comfort and convenience of your location.
Why Choose Us for Your CISSP Boot Camp Training?
When choosing a training provider for your CISSP training, please consider, not all CISSP courses are the same. The quality of instruction in CISSP exam prep courses can vary significantly. Many courses do not fully prepare you for the exam, instead offering you a roadmap of what you need to learn on your own. When investing in your career you should never sacrifice quality for cost. If you review the key decision factors, we believe you will find Certification Academy provides the best value. We blend proven learning concepts with simple memorization techniques to make sure you are able to keep the vast amount of information we cover organized and memorable. Our CISSP Exam Prep Boot Camp is an accelerated, guaranteed path to achieving your CISSP certification.
Here are a few more key reasons to join our class:
Experience
Our team of seasoned instructors is among the largest in the country with notable CISSP experience. They are experienced trainers who employ proven adult learning practices and straightforward internalization techniques to build engagement, motivation, and increase recall.
Thought Leadership
Our Courses have been uniquely developed to ensure a high degree of correlation between the subject matter and the proficiency examinations. Our Courses use problem-based and collaborative approaches to learning. We emphasize more equality and connection between the instructor and learner.
Proven Results
Our CISSP Exam Prep Boot Camp gets you ready Faster, Better and with More Support along the way. Our expert-designed course ensures our students pass the exam the first time they take it.
Rated 4.85/5 based on 1465 reviews
Firm Course Dates
When you register for one of our classes, you can feel confident that it will run as scheduled. We work hard to deliver on our promise to you.
100% Money Back Pass Guarantee
We know your CISSP certification training is an important milestone in your career. We understand the value you place in spending your time and money wisely. That’s why we back up all of our courses with a 100% money-back guarantee. If you’ve looked at even one other CISSP Boot Camp website, you know that a money-back guarantee is a standard fare for courses like this. All guarantees are not created equal, though. We don’t want to hide small print behind big promises: we want you to know, precisely, what our guarantee does and doesn’t cover so you can make an informed decision.
Getting CISSP Certified is tough.
We are with you every step of the way.
No matter what you may read, the truth is that there is no easy path when it comes to CISSP certification exam readiness. Most students need 3-6 weeks of study before they’re ready to sit for the exam. What’s true of most, of course, isn’t true for all: some applicants will fall onto either side of that average, and a full 50% will never sit for the exam at all.
- Application assistance
- Readiness roadmap
- Post Class support
- Complete study resource
Ready to Get Started?
If your work experience and education meet the qualifications and requirements, we’d love to help you get started on your application and on the way to passing your exam by enrolling in one of our public CISSP Boot Camp classes. We offer classes in over 20 cities and online, usually once a month. Our instructor led courses cover all aspects of the examination as well as extremely helpful test taking strategies and exam simulators to make sure you are fully ready.
CISSP Certification Frequently Asked Questions
Frequently Asked Questions About CISSP Certification
What does a CISSP do?
A CISSP professional maintains an organization’s IT security systems, securing data against external threats. Responsibilities may also include running security audits, gathering data on security performance, managing teams of IT security professionals and creating security reports for stakeholders.
Is CISSP a good certification?
Yes, the CISSP credential is one of the most respected certifications in the cybersecurity field. Its rigor and high standards are well-known in the industry, and many organizations place a high value on recruiting CISSPs.
Is CISSP for beginners?
No, CISSP certification requires five years of professional experience in a cybersecurity-related role or a combination of work experience and education.
What is the CISSP experience waiver and how does it work?
If you have a security-related degree from an accredited college or institution or has additional (ISC)2 credentials from their approved list the participant may be able to waive one of the five years of the required experience.
Can You take the CISSP exam without Experience?
You can pass the CISSP exam without having the full five years of required work experience. However, passing the exam without the experience will earn you the title of Associate of ISC2 rather than full CISSP certification. You’ll then have six years to gain the necessary experience to upgrade to full CISSP status.
Does CISSP Expire After 3 Years?
The CISSP certification is valid for three years. To maintain the certification, holders must earn and submit a total of 120 Continuing Professional Education (CPE) credits within these three years and pay the annual maintenance fee. This process, known as recertification, ensures that CISSP professionals keep their skills and knowledge up to date.
Can candidates take the CISSP exam immediately after completing the bootcamp?
Absolutely! Candidates can take the CISSP exam right after finishing the bootcamp at certain specialized training centers. These select centers offer an exclusive opportunity to sit for the exam on site, eliminating the hassle of long queues or scheduling conflicts commonly associated with public testing centers. This streamlined process ensures a seamless certification experience for every participant.
What is the CISSP experience waiver and how does it work?
If you have a security-related degree from an accredited college or institution or has additional (ISC)2 credentials from their approved list the participant may be able to waive one of the five years of the required experience.
What is the Passing Score for the CISSP exam?
To pass the CISSP exam you need a scale score of at least 700 out of a possible 1,000 points.
What is the process for obtaining an endorsement after passing the exam?
Process for Obtaining an Endorsement After Passing the CISSP Exam
Once you’ve conquered the CISSP exam, the journey doesn’t end there. To officially earn your CISSP certification, you must complete the endorsement process, which involves a few critical steps:
- Understanding the Code of Ethics: Familiarize yourself with the (ISC)² Code of Ethics. This is crucial as subscribing to this code is a part of the endorsement process.
- Securing a Professional Endorser: Identify an existing certified (ISC)² professional who can act as your endorser. This person will attest to your professional experience and credentials. They need to verify your:
- Length of Employment: Confirm the duration and nature of your work experience.
- Professional Reputation: Acknowledge your standing and conduct in the field.
- Continuing Education: Validate your ongoing commitment to learning as a security analyst.
- Submitting the Endorsement: Have your endorser complete the necessary endorsement documentation. This step officially validates your professional background and ethical adherence.
- Review and Approval: Once all necessary documents are submitted, the endorsement will be reviewed by (ISC)². Upon approval, you’ll be granted the CISSP certification.
By following these steps, you’ll not only meet the requirements for certification but also solidify your reputation in the cybersecurity community.
How long is the CISSP certification valid, and how can it be maintained?
Understanding the Validity and Maintenance of the CISSP Certification
The CISSP certification holds its value for a period of three years. To keep your certification up-to-date, you’ll need to engage in specific maintenance activities. Here’s how to ensure your CISSP status remains active:
Earning CPE Credits
- Continuing Professional Education (CPE) Credits: Within the three-year cycle, you must accumulate a total of 120 CPE credits.
- Annual Goal: Secure at least 40 CPE credits each year to stay on track.
You can achieve these credits through various avenues:
- Participating in webinars and workshops: These are excellent opportunities to learn and discuss current industry trends and practices.
- Enrolling in professional courses: Many reputable organizations offer courses that contribute to CPE credits.
Paying the Annual Maintenance Fee
- An Annual Maintenance Fee (AMF) is required each year to uphold your certification status.
Alternative: Re-examination
If accumulating CPE credits isn’t feasible, an alternative approach is available. You have the option to renew your certification by retaking and passing the CISSP exam at the end of the three-year period.
Staying proactive with these requirements ensures that you remain a certified and current CISSP professional, ready to tackle today’s cybersecurity challenges.
What other certifications matter for Cybersecurity careers?
When exploring cybersecurity certifications beyond the well-known CISSP, there are several other valuable credentials to consider. These certifications not only help enhance your skill set but also boost your credibility in the cybersecurity field. Here’s a closer look at some options:
-
Certified Ethical Hacker (CEH):
The CEH certification focuses on understanding and using the same knowledge and tools as malicious hackers, but in a lawful and legitimate manner. It equips professionals with the skills to identify vulnerabilities in systems and provide solutions to protect them. -
Certified Information Systems Auditor (CISA):
This certification is ideal for individuals involved in auditing, control, and security of information systems. It emphasizes strategizing for risk management, governance, and compliance. -
CompTIA Security+:
A foundational certification, Security+ is often seen as a stepping stone into the cybersecurity domain, covering basic security topics and practices. It provides a broad understanding that can be applied to various IT security roles. -
CRISC (Certified in Risk and Information Systems Control):
Targeted at professionals tasked with managing enterprise risk, CRISC focuses on designing and implementing strategies to mitigate technology risks.
These certifications cater to various aspects of cybersecurity, from ethical hacking to risk management, offering pathways for professional growth and specialization. Each certification serves a unique purpose, aiding in skill development and career advancement.
One Last Note…
We stand behind our course and methodology. We want you to take the CISSP exam with the confidence and assurance that your investment in our CISSP Boot Camp has paid off. Deciding to enroll in a CISSP Exam Prep class isn’t a decision you should make without having all of the information. If you can’t find the answers to your questions here, send us an email or give us a call. Our team is always happy to answer questions or provide additional information, whether you’re a student of ours or not.
How to Earn CISSP Certification
To earn CISSP certification, you must first meet requirements for work experience, education and professional credentials. Candidates may have five years of relevant work experience or four years if they also hold a related undergraduate degree or an (ISC)²-approved credential.
If you do not meet these requirements but are still interested in taking the CISSP exam, you can work toward becoming an Associate of (ISC)². Associates have passed the exam but cannot become fully certified until they have fulfilled the work experience requirements.
Pass the Certification Exam
Each candidate has four hours to complete the CISSP certification exam, which comprises 125 to 175 questions. You can find ample preparation resources, including practice exams and study materials, on (ISC)²’s website.
When the time comes, you can register online to take the exam, though the exam itself will take place in person at a Pearson VUE testing center. Note that the exam fee is $749.
To pass, you must score at least 700/1,000 or higher. If you do not pass the CISSP exam the first time, you’re in good company—many test-takers attempt the exam multiple times. You can retake the CISSP exam 30 days after your first try and up to four times within a 12-month period.
Get Endorsed
After passing the CISSP exam, you must obtain an endorsement from a current certification-holder before becoming certified yourself.
This endorsement validates that you have completed the necessary work experience to earn CISSP certification. You have nine months to find an endorsement after passing the exam. In the event you are unable to find someone, (ISC)² may act as your endorser.
CISSP Experience Requirements
Candidates must have a minimum of five years cumulative, full-time experience in two or more of the eight domains of the current CISSP Exam Outline. Earning a post-secondary degree (bachelors or masters) in computer science, information technology (IT) or related fields may satisfy up to one year of the required experience or an additional credential from the ISC2 approved list may satisfy up to one year of the required experience. Part-time work and internships may also count towards the experience requirement.
A candidate who doesn’t have the required experience to become a CISSP may become an Associate of ISC2 by successfully passing the CISSP examination. The Associate of ISC2 will then have six years to earn the five years required experience.
Work Experience
Your work experience must fall within two or more of the eight domains of the ISC2 CISSP Exam Outline:
Domain 1. Security and Risk Management
Domain 2. Asset Security
Domain 3. Security Architecture and Engineering
Domain 4. Communication and Network Security
Domain 5. Identity and Access Management (IAM)
Domain 6. Security Assessment and Testing
Domain 7. Security Operations
Domain 8. Software Development Security
Full-Time Experience:
Your work experience is accrued monthly. Thus, you must have worked a minimum of 35 hours/week for four weeks in order to accrue one month of work experience.
Part-Time Experience:
Your part-time experience cannot be less than 20 hours a week and no more than 34 hours a week.
1040 hours of part-time = 6 months of full time experience
2080 hours of part-time = 12 months of full time experience
Internship: Paid or unpaid internship is acceptable. You will need documentation on company/organization letterhead confirming your position as an intern. If you are interning at a school, the document can be on the registrar’s stationery.
Relevant Education or Certifications Held
4 Yr College Degree or Equivalent
You can substitute a maximum of one year of work experience if you hold one of the following:
- A four-year college degree or regional equivalent
- An advanced degree in information security from the U.S. National Center of Academic Excellence in Information Assurance Education (CAE/IAE)
ISC2 Approved Credential
You can satisfy one year work experience if you hold one of the approved credentials on the ISC2 approved list.
ISC2 Approved Credential List
AWS Certified Security – Specialty
Certified in Governance, Risk and Compliance (CGRC)
Certified Cloud Security Professional (CCSP)
Certified Computer Examiner (CCE)
Certified Ethical Hacker v8 or higher
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
Certified Internal Auditor (CIA)
Certified Protection Professional (CPP) from ASIS
Certified in Risk and Information Systems Control (CRISC)
Certified Secure Software Lifecycle Professional (CSSLP)
Certified Wireless Security Professional (CWSP)
Cisco Certified CyberOps Associate/Professional
Cisco Certified Internetwork Expert (CCIE) Security
Cisco Certified Network Associate Security (CCNA Security)
Cisco Certified Network Professional Security (CCNP Security)
CIW Web Security Professional
CIW Web Security Specialist
CompTIA Advanced Security Practitioner (CASP+)
CompTIA CySA+
CompTIA Security+
Computer Hacking Forensic Investigator (CHFI)
CSA Certificate of Cloud Security Knowledge (CCSK)
EC-Council Certified Security Specialist (ECSS)
EC-Council Certified SOC Analyst (CSA)
GIAC Certified Enterprise Defender (GCED)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Intrusion Analyst (GCIA)
GIAC Cyber Threat Intelligence (GCTI)
GIAC Global Industrial Cyber Security Professional (GICSP)
GIAC Information Security Fundamentals (GISF)
GIAC Information Security Professional (GISP)
GIAC Security Essentials Certificate (GSEC)
GIAC Security Leadership Certification (GSLC)
GIAC Strategic Planning, Policy, and Leadership (GSTRT)
GIAC Systems and Network Auditor (GSNA)
HealthCare Information Security and Privacy Practitioner (HCISPP)
Information Security Management Systems Lead Auditor (IRCA)
Information Security Management Systems Principal Auditor (IRCA)
Juniper Networks Certified Internet Expert (JNCIE-SEC)
Microsoft Identity and Access Management
Microsoft Security Operations Analyst
Microsoft Certified Cybersecurity Architect
Offensive Security Certified Professional/Expert (OSCP/E)
Systems Security Certified Practitioner (SSCP)
The CISSP Exam
Each candidate has four hours to complete the CISSP certification exam, which comprises 125 to 175 questions. You can register online to schedule the exam, which will take place in person at a Pearson VUE testing center. The exam fee is $749.
To pass, you must score at least 700. If you do not pass the CISSP exam the first time, you can retake the CISSP exam 30 days after your first try and up to four times within a 12-month period.
CISSP Certification Exam Outline
The CISSP exam uses Computerized Adaptive Testing (CAT) for all English exams.
Length of exam 3 hours
Number of items 125 – 150
Item format Multiple choice and advanced innovative items
Passing grade 700 out of 1000 points
Exam language availability Chinese, English, German, Japanese, Spanish
Testing center ISC2 Authorized PPC and PVTC Select Pearson VUE Testing Centers
Details of the domains are outlined below:
Security and Risk Management – 16%
1.1 – Understand, adhere to, and promote professional ethics
- ISC2 Code of Professional Ethics
- Organizational code of ethics
1.2 – Understand and apply security concepts
- Confidentiality, integrity, and availability, authenticity, and nonrepudiation (5 Pillars of Information Security)
1.3 – Evaluate and apply security governance principles
1.4 – Understand legal, regulatory, and compliance issues that pertain to information security in a holistic context
- Cybercrimes and data breaches
- Licensing and Intellectual Property requirements
- Import/export controls
- Transborder data flow
- Issues related to privacy (e.g., General Data Protection Regulation (GDPR), California Consumer Privacy Act, Personal Information Protection Law, Protection of Personal Information Act)
- Contractual, legal, industry standards, and regulatory requirements
1.5 – Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards)
1.6 – Develop, document, and implement security policy, standards, procedures, and guidelines
- Alignment of the security function to business strategy, goals, mission, and objectives
- Organizational processes (e.g., acquisitions, divestitures, governance committees)
- Organizational roles and responsibilities
- Security control frameworks (e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT), Sherwood Applied Business Security Architecture (SABSA), Payment Card Industry (PCI), Federal Risk and Authorization Management Program (FedRAMP))
- Due care/due diligence
1.7 – Identify, analyze, assess, prioritize, and implement Business Continuity (BC) requirements
- Business impact analysis (BIA)
- External dependencies
1.8 – Contribute to and enforce personnel security policies and procedures
- Candidate screening and hiring
- Employment agreements and policy driven requirements
- Onboarding, transfers, and termination processes
- Vendor, consultant, and contractor agreements and controls
1.9 – Understand and apply risk management concepts
- Threat and vulnerability identification
- Risk analysis, assessment, and scope
- Risk response and treatment (e.g., cybersecurity insurance)
- Applicable types of controls (e.g., preventive, detection, corrective)
- Control assessments (e.g., security and privacy)
- Continuous monitoring and measurement
- Reporting (e.g., internal, external)
- Continuous improvement (e.g., risk maturity modeling)
- Risk frameworks (e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT), Sherwood Applied Business Security Architecture (SABSA), Payment Card Industry (PCI))
1.10 – Understand and apply threat modeling concepts and methodologies
1.11 – Apply Supply Chain Risk Management (SCRM) concepts
- Risks associated with the acquisition of products and services from suppliers and providers (e.g., product tampering, counterfeits, implants)
- Risk mitigations (e.g., third-party assessment and monitoring, minimum security requirements, service level requirements, silicon root of trust, physically unclonable function, software bill of materials)
1.12 – Establish and maintain a security awareness, education, and training program
- Methods and techniques to increase awareness and training (e.g., social engineering, phishing, security champions, gamification)
- Periodic content reviews to include emerging technologies and trends (e.g., cryptocurrency, artificial intelligence (AI), blockchain)
Asset Security – 10%
- Program effectiveness evaluation
2.1 – Identify and classify information and assets
- Data classification
- Asset Classification
2.2 – Establish information and asset handling requirements
2.3 – Provision information and assets securely
- Information and asset ownership
- Asset inventory (e.g., tangible, intangible)
- Asset management
2.4 – Manage data lifecycle
- Data roles (i.e., owners, controllers, custodians, processors, users/subjects)
- Data collection
- Data location
- Data maintenance
- Data retention
- Data remanence
- Data destruction
2.5 – Ensure appropriate asset retention (e.g., End of Life (EOL), End of Support)
2.6 – Determine data security controls and compliance requirements
- Data states (e.g., in use, in transit, at rest)
- Scoping and tailoring
- Standards selection
- Data protection methods (e.g., Digital Rights Management (DRM), Data Loss Prevention (DLP), Cloud Access Security Broker (CASB))
Security Architecture and Engineering – 13%
3.1 – Research, implement and manage engineering processes using secure design principles
- Threat modeling
- Least privilege
- Defense in depth
- Secure defaults
- Fail securely
- Segregation of Duties (SoD)
- Keep it simple and small
- Zero trust or trust but verify
- Privacy by design
- Shared responsibility
- Secure access service edge
3.2 – Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula)
3.3 – Select controls based upon systems security requirements
3.4 – Understand security capabilities of Information Systems (IS) (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)
3.5 – Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
- Client-based systems
- Server-based systems
- Database systems
- Cryptographic systems
- Industrial Control Systems (ICS)
- Cloud-based systems (e.g., Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS))
- Distributed systems
- Internet of Things (IoT)
- Microservices (e.g., application programming interface (API))
- Containerization
- Serverless
- Embedded systems
- High-Performance Computing systems
- Edge computing systems
- Virtualized systems
3.6 – Select and determine cryptographic solutions
- Cryptographic life cycle (e.g., keys, algorithm selection)
- Cryptographic methods (e.g., symmetric, asymmetric, elliptic curves, quantum)
- Public key infrastructure (PKI) (e.g., quantum key distribution
3.7 – Understand methods of cryptanalytic attacks
- Brute force
- Ciphertext only
- Known plaintext
- Frequency analysis
- Chosen ciphertext
- Implementation attacks
- Side-channel
- Fault injection
- Timing
- Man-in-the-Middle (MITM)
- Pass the hash
- Kerberos exploitation
- Ransomware
3.8 – Apply security principles to site and facility design
3.9 – Design site and facility security controls
- Wiring closets/intermediate distribution facilities
- Server rooms/data centers
- Media storage facilities
- Evidence storage
- Restricted and work area security
- Utilities and Heating, Ventilation, and Air Conditioning (HVAC)
- Environmental issues (e.g., natural disasters, man-made)
- Fire prevention, detection, and suppression
- Power (e.g., redundant, backup)
3.10 – Manage the information system lifecycle
- Stakeholders needs and requirements
- Requirements analysis
- Architectural design
- Development /implementation
- Integration
- Verification and validation
- Transition/deployment
- Operations and maintenance/sustainment
- Retirement/disposal
Communication and Network Security – 13%
Identity and Access Management (IAM) – 13%
Security Assessment and Testing – 12%
Security Operations – 13%
Software Development Security – 10%
Steps After Passing the CISSP Exam
Get Endorsed
After passing the CISSP exam, you must obtain an endorsement from a current certification-holder before becoming certified yourself.
This endorsement validates that you have completed the necessary work experience to earn CISSP certification. You have nine months to find an endorsement after passing the exam. In the event you are unable to find someone, (ISC)² may act as your endorser.
Maintain Certification
Like many professional accrediting bodies, (ISC)² requires its members to stay up to date on the latest trends and research in cybersecurity. You must earn at least 120 continuing professional education (CPE) credits every three years to maintain CISSP certification. Many members earn their CPEs by attending courses or conferences, volunteering or teaching
Application Process
Because the ISC2 application is quite an involved process, we recommend that you gather all the relevant information related to your application before you begin. Once the application has begun, it cannot be canceled; however, you can save your application and complete it later. The first thing we recommend is that you register to become a member of the ISC2