CISSP - Certified Information Systems Security Professional
The CISSP is a security certification that demonstrates that the owner has an excellent range of knowledge in information security. This certification is not tied to a specific vendor and is related to security in general.
This certification is issued by the International Information Systems Security Certification Consortium, known as (ISC)2. It also maintains the SSCP (Systems Security Certified Practitioner) and CAP (Certification and Accreditation Professional) certifications.
The CISSP has been accredited in the ISO Standard 17024:2003. This standard by the International Organization for Standardization, is related to certifying the competence of personnel.
The CISSP is broken into 10 specific areas of knowledge, known as domains in its Common Book of Knowledge (CBK). These include:
Business Continuity and Disaster Recovery Planning
Information Security and Risk Management
Legal, Regulations, Compliance and Investigations
Physical (Environmental) Security
Security Architecture and Design
Telecommunications and Network Security
To be considered certified, the following criteria must be satisfied:
Candidates may be audited to verify their professional experience.
- The candidate must pay an examination fee;
- The candidate must prove that they have four years of professional experience in the security field, or three years and a college degree.
- The candidate must subscribe to the (ISC)2 Code of Ethics.
- The candidate must answer questions concerning criminal history and background with full explanations if needed.
- The candidate must pass the CISSP exam with a score of 700 points or greater.
- The candidate must be endorsed by a CISSP or other professional.