From Wikipedia, the free encyclopedia - View original article
Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the International Information Systems Security Certification Consortium, also known as (ISC)².
As of May 2014, (ISC)² reports 93391 members hold the CISSP certification worldwide, in 149 countries. In June 2004, the CISSP obtained accreditation by ANSI ISO/IEC Standard 17024:2003 accreditation. It is also formally approved by the U.S. Department of Defense (DoD) in both their Information Assurance Technical (IAT) and Managerial (IAM) categories for their DoDD 8570 certification requirement. The CISSP has been adopted as a baseline for the U.S. National Security Agency's ISSEP program.
In the mid-1980s a need arose for a standardized, vendor-neutral certification program that provided structure and demonstrated competence. In November 1988, the Special Interest Group for Computer Security (SIG-CS), a member of the Data Processing Management Association (DPMA), brought together several organizations interested in this goal. The International Information Systems Security Certification Consortium or "(ISC)²" formed in mid-1989 as a non-profit organization.
By 1990, the first working committee to establish a Common Body of Knowledge (CBK) had been formed. The first version of the CBK was finalized by 1992, and the CISSP credential was launched by 1994.
The CISSP curriculum covers subject matter in a variety of Information Security topics. The CISSP examination is based on what (ISC)² terms the Common Body of Knowledge (or CBK). According to (ISC)², "the CISSP CBK is a taxonomy – a collection of topics relevant to information security professionals around the world. The CISSP CBK establishes a common framework of information security terms and principles that allow information security professionals worldwide to discuss, debate and resolve matters pertaining to the profession with a common understanding."
Currently, the CISSP certification covers the following ten domains:
Candidates for the CISSP must meet several requirements:
The CISSP credential is valid for three years. The credential can be renewed by re-taking the exam, but most certificate holders renew by submitting Continuing Professional Education (CPE) credits. To maintain the CISSP certification, a certificate holder is required to earn and submit a minimum of 20 CPEs each year and 120 CPEs by the end of their three-year certification cycle. They are also required to pay an annual fee of US$85.
For CISSPs who hold one or more concentrations, CPEs submitted for the CISSP concentration(s) will be counted toward the annual minimum CPEs required for the CISSP.
CPEs can be earned through several paths, including taking classes, attending conferences and seminars (online and in person), teaching others, undertaking volunteer work, and professional writing, all in areas covered by the CBK. Most activities earn 1 CPE for each hour of time spent, however preparing (but not delivering) training for others is weighted at 4 CPEs/hour, published articles are worth 10 CPEs, and published books 40 CPEs.
In 2005, Certification Magazine surveyed 35,167 IT professionals in 170 countries on compensation and found that CISSPs led their list of certificates ranked by salary. A 2006 Certification Magazine salary survey also ranked the CISSP credential highly, and ranked CISSP concentration certifications as the top best-paid credentials in IT.
In 2008, another study came to the conclusion that IT professionals with CISSP (or other major security certifications) tend to have salaries $21,000 higher than IT professionals without such certificates.
Critics of the CISSP claim that the (ISC)² has devalued the CISSP (such as by relaxing standards and refusing to adequately prosecute ethical lapses by its holders) in the pursuit of higher revenue via allowing more CISSP holders, that few employers - especially for top-paying jobs - care about CISSP as evidenced by their job postings, and that much of what the CISSP claims to certify is based only on the holder's own testimony.