By Sarah Morgan
CISSP is a global standard, widely recognized as the information and cybersecurity benchmark certification.
It’s an advanced cert that demonstrates a wealth of IT security knowledge and experience. If you want to ascend the ranks of information security, a CISSP can be an incredibly valuable asset.
The CISSP is a demonstration of your information security acumen and fundamental step for the senior role of Chief Information Security Officer (CISO). With the CISSP, you’ll have a common baseline and standardisation of knowledge, a proven record of ethics and a solid reputation of professional conduct (crucial for a business leader and any striving for senior level positions).
How to become a CISSP
The journey to becoming a CISSP takes hard work and dedication. If it didn’t, this certification wouldn’t be so valuable.
There are five steps to becoming (and maintaining a) CISSP:
- Meet the experience requirements
- Pass the exam
- Obtain an Endorsement
- Prepare for an Audit
- Recertification
 |
| Don't let the bad guys in. morguefile / larryfarr |
1. Meet the experience requirements
In order to even register for your CISSP exam, you’ll need to prove you possess five (or more) years of professional experience in information security.
Plus, you’re history of professional experience must have involved at least two of the following 10 domains present in the CISSP Common Body of Knowledge (CBK):
- Access Control
- Telecommunications and Network Security
- Information Security Governance and Risk Management
- Software Development Security
- Cryptography
- Security Architecture and Design
- Operations Security
- Business continuity and Disaster Recovery Planning
- Legal, Regulations, Investigations and Compliance
- Physical (Environmental) Security
(ISC)2 provide one-year reductions in professional experience if you possess on of the following:
- A four-year college degree
- You hold a credential from (ISC)2’s approved list. Examples include: MCSE, MCSA, MCITP CompTIA Security+, the CISA / CISM and the CCNP (to name just a few)
- An advanced degree in information security from the U.S. National Centre of Academic Excellence in Information Assurance Education (CAE/IAE)
It’s worth noting that you cannot combine these qualifications, regardless of how many you possess, you can only receive a maximum reduction of one year.
2. Pass the exam
So you’ve accumulated 5 years of information security experience (or 4 years with the 1 year waiver) and your work embraces two of the 10 CISSP CBK domains.
But before you can even sit the exam you’ll also have to complete the Candidate agreement, confirming your aforementioned experience, and legally committing to the Code of Ethics. You’ll then be required to successfully answer four questions regarding your criminal history and related background.
Now you just need to pass the exam, right? Well, as you can imagine, passing the CISSP exam is going to take some serious preparation.
In fact, in the words of (ISC)2 – ‘The vast breadth of knowledge and experience required to pass the CISSP is what sets it apart.’
The CISSP exam will test your knowledge of the 10 CISSP domains. Achieving the standard of knowledge you need to pass the exam takes time and dedication.
Many CISSP holders recommend taking up to 15 days off work, just to round off your 4 month revision journey. If you can’t afford to take this much time off work, there are always more efficient ways to achieve your CISSP, like training courses or varying speeds.
Now, book the exam – do it early and you’ll save money. But, please note: some training providers do include the exam cost in their training package.
Either way, it’s time for your exam. Be ready for a test of endurance – you’ll have 6 hours to answer as many of the 250 multiple choice questions as you can.
2. Pass the exam
So you’ve accumulated 5 years of information security experience (or 4 years with the 1 year waiver) and your work embraces two of the 10 CISSP CBK domains.
But before you can even sit the exam you’ll also have to complete the Candidate agreement, confirming your aforementioned experience, and legally committing to the Code of Ethics. You’ll then be required to successfully answer four questions regarding your criminal history and related background.
Now you just need to pass the exam, right? Well, as you can imagine, passing the CISSP exam is going to take some serious preparation.
In fact, in the words of (ISC)2 – ‘The vast breadth of knowledge and experience required to pass the CISSP is what sets it apart.’
The CISSP exam will test your knowledge of the 10 CISSP domains. Achieving the standard of knowledge you need to pass the exam takes time and dedication.
Many CISSP holders recommend taking up to 15 days off work, just to round off your 4 month revision journey. If you can’t afford to take this much time off work, there are always more efficient ways to achieve your CISSP, like training courses or varying speeds.
Now, book the exam – do it early and you’ll save money. But, please note: some training providers do include the exam cost in their training package.
Either way, it’s time for your exam. Be ready for a test of endurance – you’ll have 6 hours to answer as many of the 250 multiple choice questions as you can.
3. Obtain an Endorsement
Congratulations, you passed your exam! But you’re not done yet. You’ll now have to proposition an active (ISC)2 credential holder to attest to your industry experience.
They’ll have to fill out an endorsement form for you. Once (ISC)2 receives and approves the endorsement, you can finally take up the mantle of a fully-qualified CISSP.
4. Prepare for an audit
(ISC)2 randomly submits some of its CISSP professionals to audits. It’s never a good idea to skew the facts on your application, especially so if you’re singled out for an audit.
If you are found to have incorrect or falsified data on your application, you’re going to lose your CISSP. Honesty really is the best policy.
5. Maintaining your certification
4. Prepare for an audit
(ISC)2 randomly submits some of its CISSP professionals to audits. It’s never a good idea to skew the facts on your application, especially so if you’re singled out for an audit.
If you are found to have incorrect or falsified data on your application, you’re going to lose your CISSP. Honesty really is the best policy.
5. Maintaining your certification
To remain a member of the (ISC)2, and to keep your CISSP certification, you must:
- Abide by the (ISC)2 Code of Ethics
- Obtain and submit the required Continuing Professional Education credits (CPEs)
- Submit Annual Maintenance Fees (AMFs) upon receipt of annual invoices
The information security landscape is constantly in flux, perhaps no more so than information security. As a result, your CISSP must be maintained with CPEs – a minimum of 20 CPEs every year for the first two years of the three-year cycle.
Even if you satisfy the CPE requirements of your first or second year, your tally must still equal 120 by the end of the third year.
CPE’s can be gained through live educational events and online seminars (available to (ISC)2 members only).
If your certification is terminated, you’ll need to retake the examination before you can return to being CISSP certified. You’ll also be charged a $35 reinstatement fee upon recertification (though this pales in comparison to working through the 6 hour exam once more).
Got what it takes?
If you’ve got the experience, determination and drive to crush the CISSP but don’t want to take several weeks off work – try an accelerated course. You could be certified in only 5 working days.
Related articles:
- Succeed in the CISSP exam with these 4 tips
- Four killer resources to prepare you for CISSP exam success
- What is covered in the CISSP certification?
About the Author:
ليست هناك تعليقات:
إرسال تعليق