CISSP, or Certified Information Systems Security Professional, CISM, or Certified Information Systems Auditor, CASP, or the CompTIA Advanced Security Practitioner’, and CCISO, or the Certified Chief Information Security Officer’ are all the top certifications in the Information security domain. This document compares all four certifications.
The ultimate certification for cybersecurity professionals is the CISSP (Certified Information Systems Security Professional) from (ISC). The CISSP certification demonstrates your ability to “effectively design and implement a best-in class cybersecurity program” (CISSP – The World’s Premier Cybersecurity Certification).
The CISSP exam covers nearly every aspect of Information security in a broad manner. It is often referred to as “a mile wide and an infinity deep”! The CISSP exam is a more technical and operational certification than any other.
CISSP is required for certain job roles:
The CISSP certification is internationally accepted and would be a benefit to all cyber security aspirants. However, these job roles would especially benefit from the CISSP certification.
Chief Information Officer
Chief Information Security Officer
Director of Security
Security Systems Engineer
Prerequisite for taking the exam:
A candidate for CISSP must have at least 5 years of security experience in two domains of (ISC.2 CISSP CBK)
Domains in the CISSP
To pass the CISSP exam, a candidate must be proficient in the following eight domains.
Security and Risk Management Domain
Asset Security Domain
Security Architecture and Engineering Domain
Communication and Network Security Domain
Domain Identity and Access Management (IAM).
Security Assessment and Testing Domain
Security Operations Domain
Software Development Security
The exam contains approximately 100-150 questions
To pass the exam, the candidate must score 700 of a possible 1,000 points
The exam takes approximately 3 hours.
All English versions of CISSP exam use CAT (Computerized adaptive Testing).
This link allows the candidate to check the cost of the exam.
Candidates who pass the exam must complete endorsement within nine months. An (ISC2) professional must endorse and digitally sign the application. The endorser must attest that the candidate has experience in the IT security field.
After the candidate has received his CISSP credential (ISC), he/she will become a member (ISC). The candidate should then recertify each 3 years.
Maintaining the certification
Recertification can be achieved by earning CPEs, or ‘Continuing Professional Education’, and by paying AMF (annual Maintenance Fees) of 85$.
CPEs can also be earned by attending webinars, participating in events, reading about Information security articles, writing about them, and volunteering.
EC-Council has created a leadership program called the “Certified Chief information Security Officer” or CCISO program. It is designed to promote middle-level cyber security professionals to Executive leaders. It is also designed to help Executive leaders improve their skills. It is a natural progression from the CISSP certification.
The CCSIO program has five domains
Governance and risk management
Information Security Controls, Compliance, and Audit Management
Security Program Management and Operations
Information Security core competencies
Management of vendors, finance, and strategic planning
Each domain must have a minimum of 5 years experience.