by Terry Atkison

Created on: February 06, 2009

Out of the hundreds of technical certifications available, the CISSP is one of the most difficult to obtain. Offered by the International Information Systems Security Certification Consortium, or (ISC)2 for short, the CISSP is approved by the U.S. Department of Defense for its own security programs, and has been adopted as the basis for the National Security Agency's security certification process.

According to (ISC)2 , the CISSP is based on the Common Body of Knowledge (CBK) of the information security field, which consists of topics of interest to the information security field and establishes a base of terms and principles for security professionals worldwide. The CISSP follows the "CIA Triad" of Confidentiality, Integrity, and Availability, a basic principle established by security professionals over 20 years ago.

The CISSP is a broad-based certification that requires an unusual skill-set from a potential candidate, as it is one of the few technical certifications that doesn't solely concentrate on computer or network technologies. The CIA Triad covers ten 'Domains' of interest, which include:

Access Control
Application Security
Business Continuity and Disaster Recovery Planning
Cryptography
Information Security and Risk Management
Legal, Regulations, Compliance and Investigations
Operations Security
Physical (Environmental) Security
Security Architecture and Design
Telecommunications and Network Security

In order to qualify for a CISSP certification, a potential candidate must have five years of experience in at least two of the ten Domains covered and be endorsed by a current (ISC)2 member. Beyond that, the candidate has to pass a background check that concentrates on any potential criminal activities. Only then can a candidate take the actual CISSP exam, which consists of 250 question and requires a score of 700 in order to pass.

Once obtained, the CISSP certification is valid for three years. It can be renewed either by retaking the original exam, or by providing documentation of 120 Continuing Professional Education (CPE) credits since the time of the original certification. These CPEs can be earned either through seminars and live events offered by (ISC)2 itself, or through continuing education classes offered through approved programs at various colleges and universities worldwide.

According to a survey performed in 2006 by Certification Magazine, the CISSP remains the highest-paid certification available in the technical field. In that year, average salaries for CISSP certified individuals were $94,070, and went even higher for certain CISSP specializations available through (ISC)2. These specializations include:

ISSAP Information Systems Security Architecture Professional
ISSEP Information Systems Security Engineering Professional
ISSMP Information Systems Security Management Professional

These specializations show that the certification holder has gained training, education, and experience in specific domains of the CISSP body of knowledge, and they command salary premiums of up to $20,000 per year beyond the CISSP itself.

The CISSP is not a typical technical certification due to the broad base of knowledge required to obtain it, but the potential financial benefits and professional stature that can be gained more than outweigh the difficulties presented.

Sources:

http://www.isc2.org

Learn more about this author, Terry Atkison.
Click here to send this author comments or questions.