The Certified Information Systems Security Professional (CISSP), also known as (ISC)², is one of the most globally recognized certifications in the information security profession.
The first version of the Common Body of Knowledge (CBK) was finalized in 1992 and the CISSP credential was launched two years later in 1994. The initial groups that joined together to form the consortium included the Canadian Information Processing Society, The Computer Security Institute, The Data Processing Management Association (and two of its special interest groups), Idaho State University, The Information Systems Security Association, and the International Federation for Information Processing.
Well, it’s been a long time since the 1992-1994 timeframe, and with more than 116,000 certified professionals worldwide, the CISSP has earned its place among these credentials through quality of work performed by its distinguished holders and based on the work of the founders.
The CISSP continues to be the most in-demand information security professional certification currently available. So as you would expect, there are some qualifications that have to be met for any holder.
Before you take the exam, each candidate should look at their own background. To be eligible, your working history should include:
- Five years full-time paid work experience
- Four years experience with a recent college degree or four years experience with an approved security certification. Some examples include the CAP also from (ISC)², the CISM or the CISA, both from ISACA, Security+, CCNA Security, the MCSA or MCSE and the GIAC or any of its certifications from the SANS Institute
If you haven’t met quite the level of those qualifications, passing the exam will make you an associate of (ISC)².
CISSP Knowledge Domains
You will be assessed and questioned on eight different domains that construct the CISSP curriculum. These cover a broad range of topics and will need to have a solid understanding of each before you sit the exam. These domains are set out as follows:
- Security and risk management
- Asset security
- Security architecture and engineering
- Communication and network security
- Identity and access management
- Security assessment and testing
- Security operations
- Software development security
Preparing for the CISSP
Here at Cloud Academy, we have put together a new Learning Path to include the entire CISSP track, covering all eight domains and all control points within each domain.
To lead you through all of this content, we have cybersecurity veteran, Ross Leo, an ISC2 Certified Instructor. Ross has been an Information Security professional for over 36 years where he has worked with organizations such as IBM, Computer Sciences Corporation, and NASA where he was the Director of Security Engineering and Chief Security Architect for Mission Control at the Johnson Space Center. Upon attaining his CISSP license in 1997, Mr. Leo joined ISC2 as Chairman of the Curriculum Development Committee, and served in this role until 2004 where he formulated and directed the effort that produced what became and remains the standard curriculum used to train CISSP candidates worldwide.
The Preparation for the (ISC)² CISSP Certification (Preview) Learning Path contains the CISSP introduction and all content for Domain 1. Over the next few weeks, content for the remaining domains will be added to this learning path to ensure you are ready to tackle this much sought after security certification
Learning Path Contents (Preview)
The Learning Path will begin with an introduction to the certification and what you can expect from the content contained within it. This introduction allows you to gain further insight into:
- The history of the certification
- The prerequisites required for obtaining the CISSP certification
- The eight different domains which construct the certification
- The exam format
- How to register for the exam
- How to become involved within the community once you have obtained your CISSP certification
Following this, there are four courses (modules) that make up the requirements to fulfill the elements needed for Domain 1 in its entirety. These are defined as follows along with objectives you’ll obtain from each:
Domain 1 – Security & Risk Management
- An understanding of what confidentiality, integrity, and availability is and how it applies to information security and how to apply those concepts in the real world
- How to apply security governance principles
- An understanding of compliance, and how it plays a huge role within security and risk management
- How legal and regulatory issues that pertain to cybersecurity within a global context
- Understanding professional ethics
- How to develop and implement documented security policies, standards, procedures, and guidelines and the differences between them
- Understand the fundamentals of business continuity requirements
- How to contribute to personnel security policies
- An introduction to risk, including qualitative and quantitative risk assessments
- How to identify threats and vulnerabilities
- The risk assessment analysis process, including risk assignment or acceptance
- The different security and audit frameworks and methodologies, and how to implement the program elements
- Risk frameworks
- Threat modeling and how to apply these modes within your environment
- How to integrate security risk considerations into acquisitions strategy and practice
- How to establish and manage security education, training, and awareness within your organization
End of Module Exam
At the end of each module, you will find an exam where you will have 40 minutes to complete the 20 multiple-choice questions testing your understanding of the concepts, tools, and best practices obtained from the Security and Risk Management domain.
To learn more about all things security, visit our Security Training Library.