Your Guide to the CISSP Certification Exam
Your Guide to the Certified Information Systems Security Professional (CISSP) Exam
The CISSP guarantees that information security leaders have a proper understanding of developing threats, technologies, and standards. The certification exam uses a variety of advanced, innovative questions to provide a better assessment of candidates on a broader scale.
What Is the CISSP?
The Certified Information Systems Security Professional (CISSP) is a vendor-neutral certification for those looking to deepen their understanding and credibility in the information security field. The CISSP is backed by the International Information System Security Certification Consortium (ISC)² — a nonprofit that focuses on the global safety and security of the cyber world.
To understand the full scope of the process, It is important to learn the backstory of the CISSP exam and the certification process to see how it can be beneficial to your career.
History of the CISSP
In the late 1980s, it became evident to the professional information technology community that a standardized certification process was needed for professionals in the industry. With a vendor-neutral program, it would also be easy for companies to weed out prospective applicants who may not possess the skills necessary for specific positions.
Here is a timeline of the CISSP, from inception to initiation:
- 1988 — The Special Interest Group for Computer Security gathered influential IT organizations to develop the requirements and standards for certification.
- 1989 — The International Information System Security Certification Consortium (ISC)² is formed.
- 1990 — (ISC)² creates an early draft of the Common Body of Knowledge (CBK), a compilation of relevant information for all security professionals.
- 1992 — The final draft of the CBK is finalized and becomes the basis for all content for the ensuing CISSP exam.
- 1994 — The CISSP certification program is launched, which covers asset security, risk management, and security engineering.
Did You Know?
What Are the Career Benefits of the CISSP?
The CISSP is a globally recognized certification, and earning it can broaden your career skills and earning potential, and open up career advancement opportunities. In addition to work experience, the credential demonstrates that an IT professional has knowledge of the concepts, terms, and principles commonly used in the information security field.
According to Payscale.com, average salary ranges for individuals with CISSP credentials range from $61,304 to $154,965.
An IT specialist with experience can combine it with their CISSP and lay the foundation for a rewarding future. Those with more than 20 years as a professional in IT security have the potential to earn upwards of $127,000, while a person who has been working for less than one year can earn closer to $63,000. 
Who Needs CISSP Certification?
Though the CISSP certification is not a necessary standard for every position in the IT security field, it is considered a requirement for those who aspire to work in specific roles. The following positions require a CISSP credential:
- IT Director
- Security Analyst
- Chief Information Security Officer
- Network Architect
- Security Systems Engineer
- Director of Security
These careers help protect a company’s computer systems, networks, and data. For example, a security analyst will develop information security plans and policies, implement protections such as firewalls and data encryption programs, and monitor for security breaches. Roles like this and the security systems engineer function in a similar capacity and would most likely be part of a company’s IT team reporting to an IT director or chief information security officer.
4 Steps of CISSP Certification
The CISSP is for seasoned professionals in the field. Here is an overview to help you walk through the certification process:
1. Professional experience
Professional experience is an important requirement that applicants are expected to have upon entering the program. Ideally, candidates should have five years of experience prior to taking the exam. More specifically, you must have been paid for full-time work in at least two of the CBK domains.
If you only have four years of professional experience, you can still move forward with the process by receiving a one-year experience waiver. The waiver is available to those who have a four-year college degree or an equivalent credential from the list approved by (ISC)².
The other option is to become an associate of (ISC)². You can do this by taking and passing the CISSP exam. From that point, you will be given six years to gain the experience necessary to become officially certified. 
2. Take your CISSP exam
When you are prepared for the CISSP, go to Pearson VUE and create an account. Next, you can register for the certification. The exam is offered in a variety of versions including English, Spanish, German, Portuguese, Japanese, French, Korean, Chinese, and Visually Impaired.
Upon scheduling the exam, you will be asked to sign an examination agreement. You will need to review the (ISC)² code of ethics, as the agreement will ask that you attest to following the guidelines laid out by the stated code.
You will also be asked to answer a few questions regarding your background; these questions explore any past felony convictions, criminal hacking, or other information that will vet you as a CISSP candidate. Be prepared, as your answers may prevent you from being eligible for the certification.
Next you will present your professional experience and sign that you have completed the required years in IT security work.
Once everything is complete, the last step is to pay the CISSP exam fee. The full six-hour exam is currently $599.
Did You Know?
Once you have passed the exam, you will need an (ISC)² professional to endorse you before you are officially presented with the CISSP credential. The endorsement application will need to be signed by this professional, who must be have an active membership and be in good standing.
The (ISC)² professional should be able to vouch for your years of professional experience. If you do not know a member personally, the organization itself can act as your endorser.
You are given nine months to complete this process. If you are unable to meet the nine-month deadline and still want to pursue the CISSP certification, you will need to start over and retake the exam. As mentioned previously, if you still need more time to obtain the necessary professional experience, you may become an Associate of (ISC)². This will give you an additional six years to complete this requirement.
4. Maintain your CISSP certification
To maintain your certification and keep your name in good standing with (ISC)², you will need to renew your certificate every three years. A large part of the renewal process is the accumulation of continuing professional education (CPE) credits. Each year, you will be expected to earn 40 CPE credits. By the time your certificate needs to be renewed, you should have 120 CPE credits altogether.
You will also need to pay an annual $85 maintenance fee. The final requirement for maintaining your CISSP credential is observing the (ISC)² Code of Ethics.
Structure of the CISSP Exam
The sitting time for the exam is six hours. You may take short breaks, but they are restricted. If you have to use the restroom, you may be escorted. During these breaks, the test time continues to count down and will not pause or stop for you.
The exam consists of 250 questions, of which 25 will not be graded, but these are not disclosed ahead of time. The questions are a mix of multiple choice and innovative questions. To answer these, you either drag and drop your choices into the correct location, or click on specific hotspots.
Advanced questions measure a wider range of skills and offer greater insight into real-world applications. These also measure knowledge at higher cognitive levels, as well as allow for more coverage of content.
The Eight Domains of the CISSP
The CISSP exam covers eight domains:
- Security and risk management
- Asset security
- Security engineering
- Communication and network security
- Identity and access management
- Security assessment and testing
- Security operations
- Software development security
Each domain is weighted differently and covers a broad range of topics underneath each domain umbrella. Here they are in more detail:
Security and Risk Management
Each weighted at 16% of the exam, Security and Risk Management and Security Operations are the highest valued sections. This domain in particular will focus on the basics of security and risk management, such as confidentiality, compliance law, security governance principles, ethics, policies, procedures, and legal issues.
Each weighted at 10% of the exam, Asset Security and Software Development Security are the lowest valued sections. Just because they are worth less does not mean they should be discounted. Together, they still make up 20% of the test. This section will cover topics such as ownership, privacy, asset classification, and data security controls.
This section is weighted at 12% and covers topics such as engineering processes, fundamental concepts, security designs, vulnerabilities of mobile and web-based systems, and cryptography.
Communication and Network Security
Also weighted at 12%, the Communication and Network Security section will cover topics such as network attacks, network architecture design such as IP/non-IP protocols, and secure network components.
Identity and Access Management
This section is the third largest part of the exam with the content weighted at 13%. It will cover the elements of how to control access and manage identity. Topics include authentication of identity, cloud identity, and physical and logical assets control.
Security Assessment and Testing
This section makes up 11% of the exam, covering everything that has to do with security testing. Questions will address topics such as security control testing, assessment strategies, and automated and manual test outputs.
This section is an important one, weighing in at 16% of the exam. It covers a large breadth of information, from basic security operations to incident management. Other topics include disaster recovery, personnel safety, monitoring activities, business continuity planning, and resource protection techniques.
Software Development Security
Accounting for 10% of the test, Software Development Security is a pretty straightforward section. It will cover the ins and outs of software security. Topics include effectiveness, environment security controls, and software security impact.
Tips and Tricks for Passing the CISSP Exam
Use Online Resources and Locate Sample Test Questions
There are so many resources available to help you study for the CISSP. In fact, a good number of them can be found on the (ISC)² website. The organization itself has the official textbook, study guide, practice tests, and links to the mobile application versions.
It is recommended to spend half of your time studying CISSP materials and the other half on the practice exams. In addition, the organization offers the book CISSP for Dummies as a reference source. The website also offers interactive flashcards, the exam outline, and access to training seminars.
Here are more helpful resources that can prepare you for the CISSP exam:
- The CISSP Exam: 5 Test-taking Strategies
- Top Tips for Preparing and Passing the CISSP Exam
- Four Tips to Prepare for the CISSP Exam
Take a CISSP Preparation Course
To suppliement your own study, it is a good idea to enrol in a CISSP preparation course either in class or online. You will recieve instruction from industry experts with real-world experience as you cover all the material you need to prepare for the exam. The great thing about enrolling in a course is that you will recieve additional coaching from Information Security specialists who can answer quesitons and provide guidance while you study.
In addition you will have access to a a live practive lab environment and sample exams so you can apply your skills in real scenarios to test your knowledge and track and monitor your learning progress.
Take the Time to Study in Advance
As with any big test, the more time you give yourself to prepare, the better off you will be. There is no way you will be successful trying to cram a six-hour test’s worth of information into your brain last minute. Pace yourself; take each domain and master it before moving on to the next section.
Use the practice tests to your advantage by testing your knowledge at the end of each section. You should always strive to get the highest score possible, so do not move on until you have scored at least an 80%. An above average score for all sections will ensure that you are able to process the material successfully and ultimately apply it on the exam and moving forward in your career.
Meet with Others to Form a Study Group
If you know other people who are also taking the exam, it would be a great idea to join a study group. Nothing sets information into the brain better than practicing with others. Repeating the material out loud and testing others will go a long way in reinforcing the concepts for your own benefit.
Additionally, if you are struggling with any domain or topic, it is likely that someone else in your group has a firm grasp on it and would be happy to help you. This can save you time and energy that can be spent preparing for your exam.
Take the Next Step in Your IT Security Career
The CISSP is an essential component for professionals desiring career growth in the IT field. Not only does the certification equip you for the evolving challenges of IT security, but it can also help you explore avenues of career opportunity. With your renewed knowledge of the CISSP, study tactics, and resources, you will emerge more prepared to earn your certification and help shape a safe future for the IT industry.
Call IT Futures now to find your path to a CISSP certificaiton 1800 483 888
 Average Salary for Certification: Certified Information Systems Security Professional (CISSP) (2017) by PayScale (Website)
 Certified Information Systems Security Professional (2017) by TechTarget (Website)
 How to Get Your CISSP Certification (2016) by (ISC)2 (Website)
 CISSP – Certified Information Systems Security Professional (2016) by (ISC)2 (Website)
 Average CISSP Salary (2017) by Infosec Institute (Website)