The CISSP certification is the best known security certification,
period, in part due to its longevity. It has existed since 1992.
The CISSP certification is also very popular, based on the number of
people who hold it. There are approximately 60,000 CISSPs as of October
2008.
Also see:
CISSP
Training or Self Study?
9 Tips for Taking
The CISSP Exam
My Experience taking the
CISSP Exam
The CISSP is often described as a "mile wide and an inch thick" and covers an
almost dizzying array of topics. Officially, it covers the Common Body
of Knowledge (CBK), which consists of ten domains:
Access Control, Application Security, Business Continuity and Disaster
Recovery Planning, Cryptography, Information Security and Risk
Management, Legal, Regulations, Compliance and Investigations,
Operations Security, Physical (Environmental) Security, Security
Architecture and Design, Telecommunications and Network Security.
There is no attempt to teach hands on or cutting edge topics; the CISSP
for example doesn’t even cover Intrusion Prevention Systems (IPS)
currently. The test covers both technical and managerial topics. It has
been compared to earning a Master degree; useful, but not
concentrating on what’s necessarily the current state of the art in
industry.
The CISSP is governed by the International Information Systems Security
Certification Consortium, commonly known as (ISC)², and pronounced “I S
C squared.”
Nothing about the CISSP is simple!
Even applying online to take the test took me over an hour, including my
information being lost once and needing to re-enter it.
You need a minimum of five years of direct full time security work
experience in two or more of the ten (ISC)² information security domains,
although one year may be waived for having a four-year college degree or
"an Advanced Degree in Information Security from a National Center of
Excellence or the regional equivalent can substitute for one year
towards the five-year requirement."
The CISSP exam is regularly scheduled in inconvenient locations
worldwide and depending on where you live, plan on traveling to an exam.
I only had to drive about 80 minutes, but it’s not uncommon for people
to fly to take the exam.
The CISSP exam is multiple choice, consisting of 250 questions over six
hours. It’s taken using paper and pencil, and if you’re late for the
exam, you are not allowed admittance, somewhat like the opera. I found
many of the questions required picking the "best" answer as they were
all correct, or the "least sucky" as the answers were all incorrect.
The certification lasts for three years, and you can renew by retaking
the test, something almost no one ever does, or by earning the correct
number and types of continuing professional education (CPE) credits –
again, it's somewhat complicated.
Oh wait, there is also paperwork and a possible audit AFTER successfully
passing the CISSP exam. You'll be told if you passed typically 3-4 weeks
after taking the test.