CISSP certification guide: Requirements, training, and cost



CISSP definition: What is CISSP?  

Certified Information Systems Security Professional, or CISSP, is a certification for advanced IT professionals who want to demonstrate that they can design, implement, and manage a cybersecurity program at the enterprise level. It’s offered by the International Information System Security Certification Consortium, or (ISC)2, a nonprofit organization that focuses on certification and training for cybersecurity professionals. CISSP is (ISC)2‘s most widely known certification.

With more than 20 years of history behind it, CISSP is a respected certification that can help advance your career. To achieve this certification, you need to demonstrate competence across a range of technical areas and well as management, and you also need to build up relevant industry experience.

Who should get a CISSP? Jobs and career path

CISSP has been called the “gold standard” of security certifications. If you’re scanning cybersecurity jobs, you’ll often find that a CISSP is a prerequisite, or at least highly recommended. If you’re interested in a career path in the U.S. federal government, it’s a particular help. Because of the broad technical knowledge required for CISSP certification, it’s the mark of an infosec generalist who would be useful in many roles.

That said, CISSP isn’t for everyone. In particular, the technical depth and work experience it requires means that it isn’t a cert for those in the opening stages of their career, for whom a CompTIA Security+ certification might be more appropriate. The CISSP exam also covers management skills as well as technical know-how—another reason you’ll need some experience under your belt before you embark on your CISSP journey. 


Because CISSP covers some management-related material, you may be wondering about the difference between it and Certified Information Security Manager (CISM), another popular infosec certification. In a nutshell, a CISSP certification demonstrates in-depth technical knowledge over a broad range of security domains, along with an understanding of managerial responsibilities. CISM, on the other hand, is more strongly oriented towards managers, with an emphasis on understanding infosec incentives from a business point of view.

CISSP domains

The subject matter that the CISSP certification covers is broken down into eight areas, called domains. As of December 2020, those domains are as follows:

Copyright © 2021 IDG Communications, Inc.


Source link