The Next Generation of Security Leaders
Certified Information Systems Security Professional (CISSP®) is the most globally recognized
certification in the information security market. Required by some of the world’s most security-
conscious organizations, the CISSP is considered the gold standard credential that assures information
security leaders possess the breadth of knowledge, skills and experience required to credibly build and
manage the security posture of an organization.
Backed by (ISC)2®, the global leader in information security certifications, CISSPs have earned their place
as trusted advisors. Their expertise plays a critical role in helping organizations integrate stronger security
protocols and protect against threats in an increasingly complex cyber security landscape.
CISSP was the first credential in the field of information to meet the stringent requirements of ISO/IEC Standard
17024. Not only is the CISSP an objective measure of excellence, but also a globally recognized standard of achievement.
WHY BECOME A CISSP
CISSP in the News
The CISSP Helps You: “Today’s Most In-Demand Certifications”
• Demonstrate your ability to effectively define the - Certification Magazine
architecture, design, management and controls that assure
the security of business environments. “The top five in-demand IT certifications
for 2013”
• Validate your experience, skills and commitment as an - TechRepublic
information security professional.
“The Most In-Demand Certifications in
• Advance your career with the most globally recognized IT for 2013”
information security certification in the industry. - IT Strategy News
• Affirm your commitment to continued competence in the
most current information security practices through (ISC)2’s
Continuing Professional Education (CPE) requirement.
• Fulfill government and organization requirements for CISSP INSIGHTS
information security certification mandates.
“The CISSP certification I got after attending the official
(ISC)2 [review] seminar greatly added to my competitive
The CISSP Helps Employers: edge and, as a result, I won my current position. I am
• Increase credibility of the organization when working with now making the (ISC)2 certification a requirement for
vendors and contractors. the members of my team, confident in the knowledge
• Position candidates on a level playing field as the CISSP is that their skills are genuine and current.”
internationally recognized. Daniel, CISSP
• Ensure their employees use a universal language, The Netherlands
circumventing ambiguity with industry-accepted terms
and practices. “Obtaining the CISSP certification opened up doors
• Increase confidence that job candidates and employees I thought inviolable. My career - both professional
possess the knowledge and experience to do the job right. and academic - grew dramatically!”
• Increase confidence that information security personnel Claudi, CISSP, CIA, CISA, CISM
are current and capable through CISSP’s CPE credits Italy
requirement.
• Confirm their employee’s commitment and years of
experience gained in the industry.
1
� WHO SHOULD BECOME A CISSP
CISSP® credential holders often hold job functions including:
o Security Consultant o Security Analyst
o Security Manager o Security Systems Engineer
o IT Director/Manager o Chief Information Security Officer
o Security Auditor o Director of Security
o Security Architect o Network Architect
CISSP candidates must have a minimum of five years of cumulative paid full-time professional security work
experience in two or more of the ten domains of the (ISC)2® CISSP CBK®, or four years of cumulative paid full-
time professional security work experience in two or more of the ten domains of the CISSP CBK with a college
degree. Alternatively, there is a one-year waiver of the professional experience requirement for holding an additional
credential on the (ISC)2 approved list.
ENGAGE WHILE OBTAINING EXPERIENCE
Associate of (ISC)2
You don’t have to spend years in the field to demonstrate your competence in information security. Become an Associate
of (ISC)2, and you’re already part of a reputable and credible organization, earning recognition from employers and peers
for the industry knowledge you’ve already gained.
Participation Requirements
Associate of (ISC)2 status is available to those knowledgeable in key areas of industry concepts but lacking the work experience.
As a candidate, you may successfully pass the CISSP examination and subscribe to the (ISC)2 Code of Ethics, however to earn
the CISSP credential you will have to acquire the necessary years of professional experience required, provide proof and be
endorsed by a member of (ISC)2 in good standing. If you are working towards this credential, you will have a maximum of six years
from your exam pass date to acquire the necessary five years of professional experience. An Annual Maintenance Fee (AMF) of
US$35 applies and 20 Continuing Professional Education (CPE) credits must be earned each year to remain in good standing.
For more information on how you can become an Associate of (ISC)2, visit www.isc2.org/associate.
ADVANCE BEYOND THE CISSP
CISSP Concentrations
After the original conception of the CISSP, and the continuous evolution of information security, (ISC)2 discovered a need
to develop credentials which address the specific needs of our members. With this in mind, we produced our CISSP
Concentrations to provide a career path that would open up new opportunities for our CISSP credential holders. Specifically,
these credentials allow for more demanding roles in larger enterprises and recognize the specialized talents of CISSPs.
• Information Systems Security Architecture Professional (CISSP-ISSAP®)
• Information Systems Security Engineering Professional (CISSP-ISSEP®)
• Information Systems Security Management Professional (CISSP-ISSMP®)
To qualify for the CISSP-ISSAP, CISSP-ISSEP or the CISSP-ISSMP, a CISSP must maintain their credential in good standing
and pass the appropriate concentration examination. Each of the three concentrations has its own CBK Domains.
For more information, visit www.isc2.org/concentrations.
2
� THE CISSP CBK
The CISSP® domains are drawn from various information security topics within the (ISC)2® CBK®. Updated
annually, the domains reflect the most up-to-date best practices worldwide, while establishing a common
framework of terms and principles to discuss, debate and resolve matters pertaining to the profession.
The CISSP CBK consists of the following ten domains:
• Access Control – a collection of mechanisms that work together to create a security architecture
to protect the assets of the information system.
• Concepts/methodologies/techniques • Attacks
• Effectiveness
• Telecommunications and Network Security – discusses network structures, transmission
methods, transport formats and security measures used to provide availability, integrity and confidentiality.
• Network architecture and design • Network components
• Communication channels • Network attacks
• Information Security Governance and Risk Management – the identification of an organization’s
information assets and the development, documentation and implementation of policies, standards,
procedures and guidelines.
• Security governance and policy • Risk management concepts
• Information classification/ownership • Personnel security
• Contractual agreements and procurement • Security education, training and awareness
processes • Certification and accreditation
• Software Development Security – refers to the controls that are included within systems and applications
software and the steps used in their development.
• Systems development life cycle (SDLC) • Effectiveness of application security
• Application environment and security controls
• Cryptography – the principles, means and methods of disguising information to ensure its integrity, confidentiality
and authenticity.
• Encryption concepts • Public Key Infrastructure (PKI)
• Digital signatures • Information hiding alternatives
• Cryptanalytic attacks
• Security Architecture and Design – contains the concepts, principles, structures and standards used to design,
implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to
enforce various levels of confidentiality, integrity and availability.
• Fundamental concepts of security models • Countermeasure principles
• Capabilities of information systems (e.g. memory • Vulnerabilities and threats (e.g. cloud computing,
protection, virtualization) aggregation, data flow control)
• Operations Security – used to identify the controls over hardware, media and the operators with access
privileges to any of these resources.
• Resource protection • Attack prevention and response
• Incident response • Patch and vulnerability management
• Business Continuity and Disaster Recovery Planning – addresses the preservation of the business in the face of
major disruptions to normal business operations.
• Business impact analysis • Disaster recovery process
• Recovery strategy • Provide training
• Legal, Regulations, Investigations and Compliance – addresses computer crime laws and regulations; the
investigative measures and techniques which can be used to determine if a crime has been committed and
methods to gather evidence.
• Legal issues • Forensic procedures
• Investigations • Compliance requirements/procedures
• Physical (Environmental) Security – addresses the threats, vulnerabilities and countermeasures that can
be utilized to physically protect an enterprise’s resources and sensitive information.
• Site/facility design considerations • Internal security
• Perimeter security • Facilities security
Download a copy of the CISSP Exam Outline at www.isc2.org/exam-outline.
3
� EDUCATION DELIVERED YOUR WAY
Official (ISC)2® CISSP® CBK® Training Seminar
This official training seminar is the most comprehensive, complete review of “Our training and trainer was excellent.
information systems security concepts and industry best practices, and the All ten domains were covered with exact
only training course endorsed by (ISC)2. As your exclusive way to review and knowledge and experience that conveyed
refresh your knowledge of the domains and sub-domains of the CISSP CBK, understanding. Dennis’ use of difficult
the seminar will help you identify areas you need to study and includes: questions to prepare us for the test made
it possible for me to pass.”
• 100% up-to-date material
• An overview of the information security field
• Contributions from CISSPs, (ISC)2 Authorized Instructors and subject
matter experts Joe, CISSP
• Post-Seminar Self-Assessment Virginia, USA
The Official CISSP CBK Training Seminar is offered in the following formats:
• Classroom Delivered in a multi-day, classroom setting. Course material “I have been CISSP certified since 2005
focuses on covering the ten CISSP domains. Available throughout the and hope to attain CISSP-ISSAP certification
world at (ISC)2 facilities and (ISC)2 Official Training Providers. this year. The benefits of the formalisation
of my domain knowledge have always
• Private On-site Host your own Training Seminar on- or off-site. been clear, CISSP is recognised the world
Available for larger groups, this option often saves employee travel time over, and when colleagues and customers
and expense. Group pricing is also available to organizations with 15 or alike see those letters on your business
more employees planning to sit for the exam. card, it visibly gives them a sense that they
are talking to a domain expert, and more
importantly a person that they can trust.
• Live OnLine Educate yourself from the convenience of your computer.
The (ISC)2 training that I have attended has
Live OnLine brings you the same award winning course content as the
always been run by knowledgeable and
classroom based or private on-site seminars and the benefit of an (ISC)2
personable trainers with a wealth of real
Authorized Instructor.
world experience to share.”
Visit www.isc2.org/cissprevsem for more information or to register.
Rik, CISSP
United Kingdom
OFFICIAL TRAINING PROVIDERS
Official (ISC)2 CBK Training Seminars are available throughout the world at (ISC)2 facilities
and through (ISC)2 Official Training Providers. Official (ISC)2 CBK Training Seminars are
conducted only by (ISC)2 Authorized Instructors who are experts in their field and have
demonstrated their mastery of the covered domains.
Be wary of training providers that are not authorized by (ISC)2. Be certain that your educator
carries the (ISC)2 Official Training Provider logo to ensure that you are experiencing the best
and most current programs available.
2012 SC Magazine Award Winner – Best Professional Certification Program, CISSP
2013 SC Magazine Award Winner – Best Professional Training Program, (ISC)2 Education
4
� STUDY TOOLS
Exam Outline - Free
Your primary resource in your study efforts to become
a CISSP®. The Exam Outline contains an exam blueprint
that outlines major topics and subtopics within the domains,
a suggested reference list for further study, exam information
and registration/administration policies and instructions.
www.isc2.org/exam-outline
Official (ISC)²® Guide to the CISSP CBK®
The textbook is an authoritative information security textbook based
on the CISSP CBK, a global compendium of security best practices. The
textbook is available in hardcover or as an ebook and contains mandatory
information written and compiled by world-class CISSP certified experts
- an absolute essential for those seeking CISSP certification.
www.isc2.org/store
studISCope Self Assessment
% Experience the CISSP certification exam as closely as possible before you take
it. Each 100 question studISCope provides the look and feel of the exam while
identifying key domains to study. You’ll even receive a personalized study plan.
www.isc2.org/studiscope
CBK Domain Previews – Free Webcast Channel
View a series of short webcasts that provide a detailed overview of each domain
of the CISSP, the value of certification and how to study for the exam.
www.isc2.org/previews
eLearning
@
These self-paced dynamic eLearning lectures and exercises are based on
the proven CBK Training Seminars. Offered in 60 or 120-days access in
an Internet-friendly format, these lectures and exercises are broken into
individual domain review modules for focused study. Each eLearning
package features end-of domain and end-of-course review questions
modeled after the certification exam. eLearning also qualifies as
Continuing Professional Education credits (CPEs) for (ISC)2 members.
www.isc2.org/self-paced
5
� CHECKLIST FOR CERTIFICATION
Obtain the Required Experience - For the CISSP® certification, candidates must have five years of of cumulative paid
full-time professional security work experience in two or more of the ten domains of the (ISC)2® CISSP CBK®, or four years
of cumulative paid full-time professional security work experience in two or more of the ten domains of the CISSP CBK with
a college degree. If you do not have the required experience, you may still sit for the exam and become an Associate of (ISC)2
until you have gained the required experience.
Study for the Exam - Utilize these optional educational tools to learn the CISSP CBK.
• Exam Outline
• CBK Domain Preview Webcasts
• Official Textbook MEMBER BENEFITS
• studISCope Self Assessment
• Self-paced eLearning FREE:
• Official Training Seminar (ISC)2 One-Day SecureEvents
Industry Initiatives
Register for the Exam Certification Verification
• Visit www.isc2.org/certification-register-now to schedule Chapter Program
an exam date (ISC)2 Receptions/Networking Opportunities
• Submit the examination fee (ISC)2 Global Awards Program
Online Forum
Pass the Exam - Pass the CISSP examination with a scaled (ISC)2 e-Symposium Webinars
score of 700 points or greater. Read the Exam Scoring FAQs ThinkTANK
at www.isc2.org/exam-scoring-faqs. Global Information Security Workforce Study
InfoSecurity Professional Magazine
Complete the Endorsement Process - Once you are notified Safe and Secure Online Volunteer Opportunities
that you have successfully passed the examination, you will have InterSeC
nine months from the date you sat for the exam to complete the
© 2014 International Information Systems Security Certification Consortium, Inc. All Rights Reserved.
following endorsement process:
• Complete an Application Endorsement Form DISCOUNTED:
• Subscribe to the (ISC)2 code of ethics (ISC)2 Security Congress
• Have your form endorsed by an (ISC)2 member (ISC)2 Local Two-Day Secure Events
The credential can be awarded once the steps above have been Industry Conferences
completed and your form has been submitted.* Get the guidelines The (ISC)2 Journal
and form at www.isc2.org/endorsement.
Maintain the Certification - Recertification is required every Maintain the certification with required CPEs and AMF
three years, with ongoing requirements to maintain your credentials
in good standing. This is primarily accomplished through earning 120
Continuing Professional Education (CPE) credits every three years,
with a minimum of 20 CPEs earned each year after certification. If
the CPE requirements are not met, CISSPs must retake the exam to
maintain certification. CISSPs must also pay an Annual Maintenance
Fee (AMF) of US$85.
For more information on the CISSP, visit www.isc2.org/cissp.
*Audit Notice - Passing candidates will be randomly selected and audited by (ISC)2 prior to issuance of any certificate. Multiple certifications may result
in a candidate being audited more than once.
Formed in 1989 and celebrating its 25th anniversary, (ISC)2® is the largest not-for-profit membership body of certified
information and software security professionals worldwide, with nearly 100,000 members in more than 135 countries.
Globally recognized as the Gold Standard, (ISC)2 issues the Certified Information Systems Security Professional (CISSP®) and
related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP®), the Certified Cyber Forensics
Professional (CCFPSM), Certified Authorization Professional (CAP®), HealthCare Information Security and Privacy Practitioner
(HCISPPSM), and Systems Security Certified Practitioner (SSCP®) credentials to qualifying candidates. (ISC)2’s certifications
are among the first information technology credentials to meet the stringent requirements of ISO/IEC Standard 17024, a
global benchmark for assessing and certifying personnel. (ISC)2 also offers education programs and services based on its
CBK®, a compendium of information and software security topics. More information is available at www.isc2.org.
CIS.0
6 (01/14)
