Learning Path Introduction
The course is part of this learning path
This course provides an introduction to the CISSP certification, allowing to you gain a clear understanding of what the certification covers, how to prepare and some tips for the exam day itself.
The objectives of this course are to provide you with and understanding of:
- The history of the certification
- The prerequisites required for obtaining the CISSP certification
- The 8 different domains which construct the certification
- The exam format
- How to register for the exam
- How to become involved within the community once you have obtained your CISSP certification
This course is designed for those looking to take the most in-demand information security professional certification currently available, the CISSP.
Any experience relating to information security would be advantageous, but not essential. All topics discussed are thoroughly explained and presented in a way allowing the information to be absorbed by everyone, regardless of experience within the security field.
If you have thoughts or suggestions for this course, please contact Cloud Academy at firstname.lastname@example.org.
Hello and welcome to the CISSP training seminar brought to you by Cloud Academy. In this introductory module we're going to cover some basic information about what to expect during this course and how to navigate the pathway to be successful on taking your exam. So again, welcome. This is going to be the cloud Academy's presentation of the CISSP examination preparation seminar.
Now as you probably know, the CISSP is one of the most globally recognized certifications in the information security profession. One note, all ISC Squared certifications have met the stringent ANSI 17024 of 2013 standard. This is the equivalent of the ISO standard of the same name and number.
A little bit of history then. The first version of the CBK was finalized in 1992 and the CISSP credential was launched two years later. The initial groups that joined together to form the consortium included the Canadian Information Processing Society, The Computer Security Institute, The Data Processing Management Association and two of its special interest groups. Idaho State University, The Information Systems Security Association and the International Federation for Information Processing. Well, it's been a long time since 1992, 1994 timeframe and with more than 116,000 certified professionals worldwide, it has earned its place among these credentials through quality of work performed by his distinguished holders and based on the work of the founders.
The CISSP continues to be the most in-demand information security professional certification currently available. So as you would expect, there are some qualifications that have to be met for any holder. Before you take the exam, each candidate should look at their own background. Their working history to be eligible for the CISSP should include five years full time paid work experience or alternatively, four years experience with a recent college degree or four years experience with an approved security certification. Some examples include the CAP also from ISC Squared, the CISM or the CISA, both from ISACA, Security+, CCNA Security, the MCSA or MCSE and the GIAC or any of its certifications from the SANS Institute or if you haven't met quite the level of those qualifications, taking the exam and being successful will make you an associate of ISC Squared and give you the opportunity to build your experience so that once you've crossed over one of these boundaries, you'll be awarded the CISSP. Of course, you will have to agree to uphold the ISC2 code of ethics.
Historically, the CISSP has been contained in ten domains. Currently, the knowledge domains are eight and they are these:
- Security and risk management
- Asset security
- Security architecture and engineering
- Communication and network security
- Identity and access management
- Security assessment and testing
- Security operations
- Software development security
Now the eight that you see here contain all of the information that was originally contained in the ten domains. It's been reorganized and integrated in the eight domains that you see here. So all of the information that's been present historically and of course updated is still present as are all the original test questions that you'll face on the actual exam. They've simply been reassigned in accordance with the current organization.
So a little studying advice, obviously you're going to want to read the CISSP ultimate guide available from ISC Squared. This can be obtained by downloading it from the ISC2.org website. You'll want to utilize the additional tools available from the Cloud Academy. As with any study effort, you want to focus on areas of weakness to bring those into line with your areas of strength and it being accountable for your results, it means that you dedicate yourself and your time to making yourself successful in this effort.
Now in recent times, CISSP has changed its format. As of December 2017, the examination was changed from its historic fixed format of 250 questions over a six-hour configuration and it's become an adaptive form of computer-based examination. The minimum number of questions that a candidate will face will be 100, the maximum will be a 150. As has always been the case, 25 unscored items will be mixed in. Now these are going to be a combination of internal, integrity check items used to ensure correct construction of the exam and questions that are being vetted for future inclusion as scored items. You'll have three hours maximum to complete the exam and the minimum passing score is as always, 70%. The question types remain much as they always have been. Most will be the standard multiple-choice with four answer options and a single correct answer. Some questions may be presented based on a provided scenario or a situation. There will, in the new form be some advanced, innovative question types that require drag-and-drop response, hotspot or the reordering of tasks. Other forms may be included.
So the exam advice you want to pass on to you is that you work steadily keeping an eye on your remaining time but not being a clock watcher, you need to focus on the questions. Each question presented will be seen once only. Now this is a dramatic departure from the historic form of 250 questions over the six hours. A candidate could go back and forth, change answers, revisit flag. That can't be happening anymore, you'll see it only once. It is not possible to return to a question once you've answered it and passed on to the next, therefore it's even more important, that you read each question carefully to understand exactly what is being asked of you. One thing to keep in mind is many wrong answers will be true statements in and of themselves, but bear in mind true does not make it correct. The only answer that is correct is the one that fits the question in every single part. You want to try to reduce or eliminate answer options before guessing to improve your odds of making a correct guess for those that you'll have to guess. Answer every question presented. A well calculated guess is much better than leaving it blank. As the old saying goes, you miss 100% of the shots you don't take. If you take a guess, do what you can to improve your odds so that you will catch some points, but answering, passing on without answering of course leaves points on the table and results in a big fat zero. You may be provided a dry erase board for making notes. Don't hesitate to use that to improve your performance.
Now the Pearson VUE exam site is where you'll be taking this exam. In order to register, you go to the ISC2.org website, select the certification, in this case the CISSP and you go to the registration guidance that they provide there. Pearson VUE testing centers should be available pretty much anywhere you're going to be and finding a test date could be somewhat problematic given this exam's popularity. So select the site and once you've confirmed, Pearson VUE will communicate with you through email and they will send you a variety of things including an admission ticket. It is vitally important that you whitelist Pearson VUE to make sure that you miss no thing that they send you. You'll have to print out this admission ticket and take it with you when you go and when you appear, you'll need two forms of ID that matched the name used to register for the examination and if your name on the confirmation letter does not exactly match, you'll need to contact Member Services immediately at member support at ISC2.org to ensure that this discrepancy gets resolved.
Now all candidates must agree to the terms listed in the ISC Two's examination agreement. Once you've been seated for your exam, you'll have five minutes to agree to the non-disclosure agreement or your exam is forfeited and that means your fees gone as well. You'll need to review the NDA prior to sitting for your exam and you can find that at https//www.pearsonVUE.com/ISC2/ISC2_NDA.pdf and it's advisable that you read this before you get there so that you don't have to spend time in reading. Pearson VUE is known for putting you through a bit of work once you've appeared to take your exam. So it's advisable that you show up at least 30 minutes before your scheduled examination time. Visit the ISC Two registration page at the website you see on the slide for more important information about the exam.
Now once you've got all of this out of the way and you're back into the working world with your newly minted CISSP, you may feel as though you want to participate in local chapters, something you may already be doing. Local chapters of ISC Squared, ISSA, ISACA, The Cloud Security Alliance and other cyber security organizations provide members with the opportunity to participate in an international network appears to share knowledge, exchange resources, collaborate on projects and create new ways to earn continuing, professional education credits which you'll need to maintain your certification. They provide a variety of other opportunities such as engaging in leadership roles such as board service, committee service. You can earn CPEs by participating in these activities and other things that these chapters may get involved in. You can participate in co-sponsored event with other industry associations representing your own.
You can if you choose, work to become speaker at the industry events or writing articles for publication. These are both very popular ways of getting CPE's but also participating more in the profession as a whole and then you can participate in local community outreach projects as a public service to educate people about information security. Well that concludes the introduction. Hopefully, you've got a much better view of what you're getting yourself into.
Now, historically as a final note, this examination is regarded as one of the industry's most difficult. Many of the CISSP holders will tell you that they attribute much of their opportunities to holding the CISSP and other of these significant credentials. So be sure that you dedicate the kind of effort necessary to be successful and taking this very important exam. It's a very important step in your career and one that is worthy of your effort and we wish you every success.
About the Author
Mr. Leo has been in Information System for 38 years, and an Information Security professional for over 36 years. He has worked internationally as a Systems Analyst/Engineer, and as a Security and Privacy Consultant. His past employers include IBM, St. Luke’s Episcopal Hospital, Computer Sciences Corporation, and Rockwell International. A NASA contractor for 22 years, from 1998 to 2002 he was Director of Security Engineering and Chief Security Architect for Mission Control at the Johnson Space Center. From 2002 to 2006 Mr. Leo was the Director of Information Systems, and Chief Information Security Officer for the Managed Care Division of the University of Texas Medical Branch in Galveston, Texas.
Upon attaining his CISSP license in 1997, Mr. Leo joined ISC2 (a professional role) as Chairman of the Curriculum Development Committee, and served in this role until 2004. During this time, he formulated and directed the effort that produced what became and remains the standard curriculum used to train CISSP candidates worldwide. He has maintained his professional standards as a professional educator and has since trained and certified nearly 8500 CISSP candidates since 1998, and nearly 2500 in HIPAA compliance certification since 2004. Mr. leo is an ISC2 Certified Instructor.