What is the CISSP Certification ?

Certified Information Systems Security Professional (CISSP):

Is an independent information security certification granted by the international system security certification consortium, also known as (ISC)².The certification was created to ensure professionals in computer security have standardized knowledge of the field. Earning a Certified Information Systems Security Professional certificate can help you have a successful career as a computer security professional. The CISSP designation is a globally recognized, vendor-neutral standard attesting to an IT security professional’s technical skills and hands-on experience implementing and managing a security program.

What is the CISSP?

The Certified Information Systems Security Professional (CISSP) exam is a six-hour exam consisting of 250 questions that certifies security professionals in ten different areas, of access control systems and methodology, business continuity planning and disaster recovery planning, physical security, operations, security, management practices, telecommunications and networking security. Other areas important to the CISSP certification are cryptography, security architecture application and systems development, law, investigation, and ethics.

How to become a CISSP:

The CISSP curriculum covers subject matter in a variety of information security topics. The CISSP examination is based on what (ISC)² terms the Common Body of Knowledge (or CBK). According to (ISC)², “the CISSP CBK is a taxonomy – a collection of topics relevant to information security professionals around the world. The CISSP CBK establishes a common framework of information security terms and principles that allow information security professionals worldwide to discuss, debate and resolve matters pertaining to the profession with a common understanding.”

From 15 April 2018, the CISSP curriculum was updated as follows:

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering
  • Communication and Network Security
  • Identity and Access Management (IAM)
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

Related image


Security professionals who study for the CISSP should be able to explain issues such as architecture and access control for protecting information system assets. In being able to explain these issues to clients and other stakeholders, the analyst must know how to assess the business or organization’s current operations policies for incident response and make recommendations to those concerned for improvements to business or organization security. Knowing how to explain the importance of disaster recovery policies and demonstrate multiple and effective strategies to clients and stakeholders is a key skill tested in the CISSP. As part of the communication process, security analysts must compare and contrast different cryptographic protocols and be able to make recommendations based on this analysis of security needs. Creating systems of policies, standards, procedures, and guidelines with clients and stakeholders in mind should be the end goal of a CISSP analyst who earns certification.

In terms of technical knowledge, CISSP analysts must demonstrate proficiency in a number of areas. Proficiency in network architecture and design, being able to implement network architecture to anticipate threats and best use given sometimes limited resources. This includes demonstrating clear understanding software security applications life cycle effectiveness. CISSP analysts also should have the ability to collect digital forensic evidence while maintaining the integrity of the evidence gathered. They also must demonstrate knowledge of physical security systems and how they add value to network security systems.


A Certified Information Systems Security Professional (CISSP) is essential for security professionals to be successful in their careers. Many employers value the CISSP for its designation as a standard for security professionals. While the investments in time and money are substantial, the career rewards can be valuable as professionals with the CISSP are in demand.


Burning Glass Technologies, a career site, reports that nearly one fourth of cyber security job postings in 2015 requested the CISSP. According to the (ISC), “certified information security professionals earn a worldwide average of 25 percent more than their non-certified counterparts.” Being a CISSP professional can lead to higher pay and a more rapid advancement in the security analyst field. Security professional positions such as network security specialists, senior security engineers, information security manager, or chief security officers can all benefit from CISSP certification training.

Career Opportunities with a CISSP

By earning the CISSP credential, you commit yourself to a career in IS security. In turn, this shows how interested and dedicated you are to what you do. Prospective employers will go through your CV more thoroughly and even contact you if they believe you to be the right candidate for the job. If you are already employed, your chances of being offered higher incentives in order to remain a valuable asset to your employer will likely increase.

In addition, the pay scale of Certified Information Systems Security Professionals is higher than that of other IT professionals. Surveys show that some CISSP salaries exceed $100,000 annually.

  • The jobs offered to Certified Information Systems Security Professionals are more prestigious in nature

As a CISSP, you will have the opportunity to work in various prestigious positions such as a Security Engineer or an Information Technology Director. Organizations including the U.S. Department of Defense tend to prefer holders of the CISSP certificate over other job applicants. The CISSP credential also proves your versatility, which is an important factor employers always demand.

  • A CISSP can advance in his or her career easily

Once you become a Certified Information Systems Security Professional, you will be prepared to pursue CISSP concentrations in certain CBK domains, which are:

  • Information Systems Security Architecture Professional:

    This is an independent information security certification which is offered for CISSP holders to learn how to develop, design, and analyze security plans. This certificate is beneficial to those who hold the position of Chief Security Architects and Analysts or work as independent consultants.

  • Information Systems Security Engineering Professional:

    This CISSP concentration is quite prestigious because it was co-developed by the systems security engineering experts at the U.S. National Security Agency. With this certificate, you will be able to incorporate and enhance the security of projects, applications, business processes, and information systems.

  • Information Systems Security Management Professional:

    This certification offers CISSPs the chance to learn more about project management, risk management, creating and delivering security awareness programs, and managing Business Continuity Planning programs. A CISSP with this certificate will be in charge of information security policies and other methods which will guarantee that business goals are achieved.

What are some popular books? 

1. Eleventh Hour CISSP®: Study Guide

Image result for Eleventh Hour CISSP®: Study Guide

Author: Conrad, Eric

Eleventh Hour CISSP: Study Guide, Third Edition provides readers with a study guide on the most current version of the Certified Information Systems Security Professional exam. This book is streamlined to include only core certification information, and is presented for ease of last-minute studying. Main objectives of the exam are covered concisely with key concepts highlighted.

The CISSP certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. Over 100,000 professionals are certified worldwide, with many more joining their ranks. This new third edition is aligned to cover all of the material in the most current version of the exam’s Common Body of Knowledge. All domains are covered as completely and concisely as possible, giving users the best possible chance of acing the exam.

2.CISSP All-in-One Exam Guide

Author: Shon Harris

A complete, up-to-date revision of the leading CISSP training resource from the #1 name in IT security certification and training, Shon Harris Fully revised for the latest release of the Certified Information Systems Security Professional exam, this comprehensive, up-to-date resource covers all 10 CISSP exam domains developed by the International Information Systems Security Certification Consortium (ISC2). This authoritative exam guide features learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations. Written by the leading expert in IT security certification and training, CISSP All-in-One Exam Guide, Sixth Edition helps you pass the exam with ease and also serves as an essential on-the-job reference.

Covers all 10 CISSP domains:

  • Information security governance and risk management
  • Access control
  • Security architecture and design
  • Physical and environmental security
  • Telecommunications and network security
  • Cryptography
  • Business continuity and disaster recovery
  • Legal, regulations, compliance, and investigations
  • Software development security
  • Security operations

Also includes(Electronic Content):

  • 1400+ practice exam questions in a Windows-based test engine with a new custom exam generation feature that allows you to practice by domain or take a complete CISSP practice exam
  • Video training module from Shon Harris—single domain

3.CISSP: A Comprehensive Beginners Guide on the Information Systems Security 

CISSP: A Comprehensive Beginners Guide on the Information Systems Security by [Schmidt, Walker]

Author: Walker Schmidt

As information security professionals, risk evaluation and mitigation are the key parts of our job. Dealing with risk is the theme of our roles, be it as firewall engineers, auditors, penetration testers, management, etc.
The key functions of the Security and Risk Management domain are risk analysis and mitigation as well as ensuring the best organizational structure for a robust information security system is in place. In this area of expertise, it’s the quality of the people that can make or break an organization. By “quality of the people”, we mean knowledgeable and experienced staff with supportive as well as vested leadership are of the highest quality.