resources.infosecinstitute.com
Open in
urlscan Pro
162.159.135.42
Public Scan
Submitted URL: https://click.e.infosecinstitute.com/?qs=a9ce9c92ec2a7ce9f6fe25649e2669878234c8f688ad7ba22e4411a0c1273f4b073cf2bd316f4238520b0dd9d0cb...
Effective URL: https://resources.infosecinstitute.com/overview/cissp/?utm_source=marketing%20cloud&utm_medium=email%20blast&utm_campaign=infosec%20edu...
Submission: On April 27 via api from US — Scanned from DE
Effective URL: https://resources.infosecinstitute.com/overview/cissp/?utm_source=marketing%20cloud&utm_medium=email%20blast&utm_campaign=infosec%20edu...
Submission: On April 27 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
https://resources.infosecinstitute.com
<form class="position-relative" action="https://resources.infosecinstitute.com">
<input type="text" placeholder="Search" name="s">
<button type="submit" class="fas fa-search"></button>
<div class="fas fa-times close-search" id="close-search"></div>
</form>Text Content
* Boot camps & training
* Awareness & anti-phishing
* Community
*
*
* * Topics
* Certification Prep
* Cyber Work
* About us
*
* * Back
* Industry insights
* Phishing
* Hacking
* Capture the flag (CTF)
* Professional development
* Security awareness
* Penetration testing
* Cyber ranges
* General security
* Management & compliance
* Malware analysis
* MITRE ATT&CK™
* News
* Application security
* Digital forensics
* View all
* * Back
*
* * Back
* (ISC)² CISSP
* (ISC)² CCSP
* (ISC)² CSSLP
* Cisco CCNA
* CMMC
* CompTIA A+
* CompTIA Network+
* CompTIA Security+
* CompTIA CySA+
* CompTIA PenTest+
* CompTIA CASP+
* EC-Council CEH
* ISACA CDPSE
* ISACA CGEIT
* ISACA CISA
* ISACA CISM
* ISACA CRISC
* Microsoft Azure
* PMP
* View all
* * Back
* Cyber Work Podcast
* Cyber Work Applied
* Cyber Work Live
* * Back
* Contact us
* Contributors
CISSP — CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL
WHAT IS THE CISSP CERTIFICATION?
The Certified Information Systems Security Professional, or CISSP certification,
is overseen by the non-profit organization (ISC)² and validates your skills
around designing, implementing and maintaining a cybersecurity program. It is
the most requested certification in U.S. cybersecurity job openings. This is due
to the broad range of material the CISSP covers, the on-the-job experience
requirements and the CISSP endorsement requirement. This makes the CISSP an easy
benchmark for hiring managers looking to confirm a certain level of
cybersecurity knowledge and real-world experience in candidates. Get your free
ebook, “CISSP exam tips from students and instructors,” for advice on how to ace
your CISSP exam.
Get Exam Tips
* Domains
* Requirements
* Exam details
* Studying
* Jobs
* Training
* Get Exam Tips
149,174
# OF CISSP HOLDERS
$114,293
AVG. U.S. SALARY
5 YEARS
REQUIRED EXPERIENCE
CISSP DOMAINS
The CISSP exam covers eight knowledge areas, or domains. The current CISSP
domains are listed below:
* SECURITY AND RISK MANAGEMENT (15%)
This domain covers objectives ranging from foundational security concepts to
governance, risk management and privacy. It also covers security policy and
procedures and setting up a security awareness program.
Learn More
* ASSET SECURITY (10%)
This domain covers identifying, classifying, handling and retaining assets.
It also covers the data lifecycle and determining data security controls and
compliance requirements.
Learn More
* SECURITY ARCHITECTURE AND ENGINEERING (13%)
This domain covers engineering processes, and security models and controls.
It includes assessing and mitigating vulnerabilities in security
architectures and determining cryptographic solutions.
Learn More
* COMMUNICATION AND NETWORK SECURITY (13%)
This domain covers assessing and implementing secure design principles in
network architectures, as well as securing network components and
implementing secure communication channels.
Learn More
* IDENTITY AND ACCESS MANAGEMENT (13%)
This domain covers access control, federated identity with a third-party
service, the identity and access provisioning lifecycle, and managing
authorization mechanisms and authentication systems.
Learn More
* SECURITY ASSESSMENT AND TESTING (12%)
This domain covers various aspects of assessing, testing and auditing, from
design and validation to conducting security control testing to collecting
data and analyzing test output.
Learn More
* SECURITY OPERATIONS (13%)
This domain covers complying with investigations, conducting logging and
incident management, operating and maintaining detective and protective
measures, and recovery strategies, and more.
Learn More
* SOFTWARE DEVELOPMENT SECURITY (11%)
This domain covers the software development life cycle (SDLC), applying
security controls in software development ecosystems, assessing software
security and the impact of acquired software, and more.
Learn More
Learn more about the CISSP domains.
CISSP REQUIREMENTS: HOW DO I GET THE CISSP?
There are several CISSP requirements you must meet to earn and maintain your
certification.
CISSP ELIGIBILITY
To earn your CISSP, you must:
* Pass the CISSP exam
* Sign the (ISC)² code of ethics
* Get endorsed by either a fellow CISSP holder or (ISC)² itself
* Have five years of work experience in two or more of the CISSP domains. A
degree or certain approved certifications can be used to satisfy one year of
experience via the CISSP experience waiver.
If you do not have the required work experience upon passing your exam, you will
become an Associate of (ISC)², or CISSP Associate, until you meet the experience
requirements.
THE CISSP EXAM
The CISSP exam is updated every three years, and the most recent update went
into effect in May 2021. The goal of the exam is to test your knowledge in
effectively designing, engineering and managing the overall security posture of
an organization. Read an overview of the CISSP exam to learn more.
* What is the CISSP exam outline and structure?
* In 2017, the English version of the CISSP exam moved to a Computer Adaptive
Test (CAT) format, which changes the difficulty of the questions based on
your previous answers. This allowed (ISC)² to cut the test from six hours
and 250 questions to a much more manageable three hours and 100–150
questions. In addition to multiple-choice questions, the CISSP exam may
include some questions in the drag-and-drop or hotspot format.
Non-English versions of the exam are available in the six-hour linear exam
format. However, both versions of the exam feature the same content, which
is aligned to the CISSP CBK (Common Body of Knowledge).
* How hard is the CISSP exam?
* The CISSP exam has been described as a mile wide and an inch deep, and you
need to score “above proficiency” in each domain to pass. That breadth of
knowledge may make it difficult for those with more specialized knowledge
and experience. Also, the adaptive nature of the CAT exam can make the exam
feel more difficult, as each question is designed to be challenging.
CISSP pass rates vary depending on an individual’s experience, study habits
and test-taking strategies. Those who take an Infosec CISSP Boot Camp
average a 93% pass rate. For more advice on passing the CISSP exam, check
out our 8 tips for CISSP exam success, or download our free ebook, CISSP
exam tips from students and instructors.
* How do you take the CISSP exam?
* Pearson VUE is the global administrator of all (ISC)² exams, and all CISSP
exams must be taken in person at a Pearson Vue test center. To take your
CISSP exam, create a Pearson VUE account, find a test location near you and
schedule your exam. If you have a CISSP voucher or exam payment included
with your CISSP training, you can redeem it during this process.
* How much does the CISSP exam cost?
* The CISSP exam costs $749 in all regions except the U.K. (585 pounds) and
Europe (665 euros). Person VUE charges $50 (35 pounds and 40 euros) to
reschedule your exam and $100 (70 pounds and 80 euros) to cancel your exam.
If you do not take your exam within one year of your initial exam scheduled
date, you will not be refunded for canceling your exam.
* How long does the CISSP certification last?
* CISSP renewal is required or your CISSP certification will expire. This
involves two steps:
* CISSP annual maintenance fee (AMF): A $125 fee must be paid upon
certification and every year after (by the anniversary date of getting
certified). If you hold more than one (ISC)² certification, only one fee
is required to maintain all your (ISC)² certs.
* CISSP CPEs: (ISC)² requires 120 continuing professional education (CPE)
credits over a three-year period, with a recommended goal of 40 CPEs
each year. Of those, at least 30 must be from Group A activities, which
are directly related to the CISSP domains, and up to 10 can be from
Group B activities, which are general professional development
activities.
Learn more about CISSP renewal requirements and earning CISSP CPE credits —
or download the (ISC)² CPE Handbook.
FREE AND SELF-STUDY CISSP MATERIALS
A variety of resources are available to help you prepare for your CISSP exam,
but it’s often best to start is with the CISSP exam outline. The CISSP exam
blueprint provides an outline of all the objectives included in the CISSP common
body of knowledge, and it’s a great launching point for understanding the scope
of knowledge required to successfully pass the exam.
CISSP STUDY GUIDES AND CISSP BOOKS
(ISC)² provides a number of training resources available on Amazon and
elsewhere. These include:
* Official (ISC)² CISSP CBK Reference, Sixth Edition (from Sybex)
* (ISC)² CISSP Certified Information Systems Security Professional Official
Study Guide, 9th Edition (from Sybex)
* CISSP For Dummies, 6th Edition
Other popular CISSP exam prep guides and PDFs include:
* CISSP All-in-One Exam Guide by Shon Harris and Fernando Maymi
* CISSP Study Guide by Eric Conrad
* Eleventh Hour CISSP: Study Guide by Eric Conrad
* Free Sunflower CISSP PDF
You can also download the free CISSP exam tips ebook from Infosec.
CISSP PRACTICE QUESTIONS AND EXAMS
CISSP practice exams are a great way to gauge your exam readiness and understand
the types of questions you’ll be asked. There are even free CISSP dumps that can
be found, although it’s against (ISC)² policy to disclose the actual exam
questions being used. A few of the most popular CISSP practice question options
are listed below:
* (ISC)² CISSP Certified Information Systems Security Professional Official
Practice Tests 3rd Edition (from Sybex)
* (ISC)² Official CISSP Flash Cards
* Boson CISSP practice exam
Most paid CISSP training courses also offer practice questions. For example,
Infosec Skills CISSP training has a customizable practice exam with more than
1,500 CISSP questions.
OTHER FREE CISSP TRAINING RESOURCES
There are a number of other free CISSP training materials being produced and
shared by the community:
* Forums like TechExams and Reddit allow you to connect directly with others
who are studying for or have already taken the CISSP.
* YouTube is another great place to connect with cybersecurity practitioners
and learn about the CISSP exam. Although most CISSP courses cost money, there
are numerous free CISSP videos available to watch, including our CISSP exam
webcast.
* Podcasts may not help you directly study for your CISSP exam, but those like
the Cyber Work Podcast are a great way to hear about the career and training
journeys of fellow IT and cybersecurity professionals.
CISSP JOBS AND CAREERS
The CISSP is requested in more than 106,000 U.S. job openings, making it the
most requested certification in the U.S., according to Cyberseek. Learn more
about the CISSP job outlook.
* What does a CISSP do?
* The CISSP is useful for a variety of mid- and advanced-level roles due to
its broad range of material and five-year experience requirement. Common
CISSP titles and job roles include:
* Chief information security officer (CISO)
* Chief information officer (CIO)
* Director of security
* IT manager or director
* Security systems engineer
* Security manager
* Security analyst
* Security auditor
* Security or network architect
* Security consultant
* Is the CISSP worth it?
* For better or worse, the CISSP is often used by HR and hiring managers as
an easy way to validate a candidate’s knowledge and experience. While the
CISSP can help open doors and land an interview, it’s your knowledge and
skills that will help you land the job. The CISSP also satisfies several
DoD 8570 requirements (IAT Level III, IAM Level II, IAM Level III, IASAE I
and IASAE II) for those working for or contracting with the Department of
Defense (DoD).
* What is the CISSP salary?
* The average CISSP salary in the U.S. is $114,293, but it varies depending
on job role, location, experience and other factors. Those who also hold a
CISSP concentration earn even higher average salaries:
* Average ISSAP salary (U.S): $145,490
* Average ISSEP salary (U.S): $131,720
* Average ISSMP salary (U.S): $140,340
* What are CISSP concentrations?
* After becoming a CISSP, you have the option of building on your
certification by earning a CISSP concentration. These specialized skill
sets and credentials can help you further stand out and advance your
career.
* Information Systems Security Architecture Professional (ISSAP): Earning
your CISSP-ISSAP validates your expertise in how to develop, design and
analyze security solutions.
* Information Systems Security Engineering Professional (ISSEP): Earning
your CISSP-ISSEP validates your expertise in how to apply systems
engineering principles and processes to develop secure systems.
* Information Security System Management Professional (ISSMP): Earning
your CISSP-ISSAP validates your expertise in how to establish, present
and govern information security programs.
* How many people have a CISSP?
* As of July 2021, there are 149,174 CISSP holders worldwide — 92,976 of
which are in the U.S. Only a fraction of those also holds a CISSP
concentration:
* ISSAP: 2,158 worldwide (1,318 in the U.S.)
* ISSEP: 1,272 worldwide (1,233 in the U.S.)
* ISSMP: 1,324 worldwide (972 in the U.S.)
* Where can I find CISSP jobs?
* CISSP is the most requested certification in job listings, and general job
boards like Indeed, Monster, Glassdoor, LinkedIn and CareerBuilder all
allow you to search by keywords like “CISSP” for CISSP jobs. There are also
cybersecurity-specific job boards, such as the CISSP Job Board,
ClearedJobs, infosec-jobs.com and others. Another great way to find CISSP
job openings is by joining local and national cybersecurity groups — such
as ISSA, ISACA or Women in Cybersecurity — joining local meetups or
engaging in other cybersecurity forums and websites.
To prepare for your job interview, download our free ebook of cybersecurity
interview tips, “How to stand out, get hired and advance your career.”
Also, check out the Top 10 CISSP interview questions.
PAID CISSP TRAINING AND EXAM PREP
How long you need to study for the CISSP exam depends on your existing knowledge
and experience — and your method of training.
LIVE CISSP BOOT CAMPS
For those looking to get certified quickly, a live online or in-person CISSP
boot camp may be the best option. For example, the Infosec CISSP Boot Camp
allows you to earn your CISSP in one week — with six days of training plus a day
to schedule and take your CISSP exam. Other boot camp providers include Training
Camp, Learning Tree and Global Knowledge.
The benefits of a live boot camp include:
* Live interaction with your instructor and peers: This can be especially
useful for more advanced certifications where fellow students have years of
real-world experience and situations to share.
* Complete training package: Most boot camps come with everything you need to
succeed — from live instruction to exam vouchers to books and practice exams.
Infosec’s boot camp also comes with extended access to CISSP concentration
training (ISSAP, ISSEP and ISSMP) and other hands-on labs to keep your skills
sharp after you get certified.
* Improved pass rates: Boot camp providers like Infosec stand by their training
with an Exam Pass Guarantee. That means if you fail your exam on your first
attempt, you’ll get a second attempt to pass — for free.
SELF-PACED CISSP TRAINING
For those with more time — and self-discipline — a number of training providers
offer paid CISSP courses you can complete at your own pace, including companies
like Infosec, Cybrary, Udemy and (ISC)².
The benefits of on-demand CISSP training include:
* Train at your own pace: Train when it’s convenient for you — whether that’s
30 minutes over your lunch or a few hours on the weekend. There’s no need to
set aside 40-60 hours for a week of intense, live instruction.
* Build an individual training plan: Since you’ll be training by yourself and
not with a group, target your training around the domains and objectives you
need to learn the most. Consider joining a study group or connecting with
peers if you’d like further insights from your peers.
* Take the exam when you feel ready: With more time to study, you’ll have more
time to get prepared without feeling like you’ll lose the benefits of the
boot camp “exam cram.”
CISSP COMPARISONS AND ALTERNATIVES
Is the CISSP the best certification for you, or would something else be a better
fit? Which certification is easier? Which certification should you take first?
Which one is better for your career? That all depends on you and your career
goals. Check out these articles to learn more:
* CISM vs. CISSP vs. CIPM vs. GSLC
* CASP+ vs. CISSP
* CISSP vs. GSEC
* HCISPP vs. CISSP
* The top 5 highest-paying infosec certifications
* Seven top security certifications you should have in 2021
MOST RECENT CISSP ARTICLES
* WHAT IS THE CISSP-ISSAP? INFORMATION SYSTEMS SECURITY ARCHITECTURE
PROFESSIONAL
Read More
* AVERAGE ISSEP SALARY IN 2021
Read More
* AVERAGE ISSMP SALARY
Read More
* AVERAGE CISSP SALARY
Read More
* CISSP JOB OUTLOOK
Read More
* UNDERSTANDING THE CISSP EXAM SCHEDULE: DURATION, FORMAT, SCHEDULING AND
SCORING
Read More
* CISSP CERTIFICATION - THE ULTIMATE GUIDE
Read More
* WHAT IS THE CISSP-ISSEP? INFORMATION SYSTEMS SECURITY ENGINEERING
PROFESSIONAL
Read More
View More
*
*
*
*
*
Topics
Hacking Penetration testing Cyber ranges Capture the flag Malware analysis
Professional development General security News Security awareness Phishing
Management, compliance & auditing Digital forensics Threat intelligence DoD 8570
View all topics
Certifications
CISSP CCSP CGEIT CEH CCNA CISA CISM CRISC A+ Network+ Security+ CASP+ PMP CySA+
CMMC Microsoft Azure View all certifications
Careers
IT auditor Cybersecurity architect Cybercrime investigator Penetration tester
Cybersecurity consultant Cybersecurity analyst Cybersecurity engineer
Cybersecurity engineer Incident responder Information security auditor
Information security manager View all careers
Company
Contact us About Infosec Work at Infosec Newsroom Partner program
Newsletter
Get the latest news, updates and offers straight to your inbox.
* ©2022 Infosec Institute, Inc.
*
* Trademarks
* Privacy & Cancellation Policies
1:27
34:02
17:51