We're offering 20% off September Live Online classes! See which courses are applicable.   |   Details

  
AccountIcon BigDataIcon BlogIcon default_resource_icon CartIcon checkmark_icon cloud_devops_icon computer_network_admin_icon cyber_security_icon gsa_schedule_icon human_resources_icon location_icon phone_icon plus_icon programming_software_icon project_management_icon redhat_linux_icon search_icon sonography_icon sql_database_icon webinar_icon

Search UMBC Training Centers

ISC2 CISSP certification is a highly coveted cybersecurity certification for seasoned professionals and leaders in this space. CISSP stands for Certified Information Systems Security Professional and this guide will explain everything you need to know regarding the CISSP, how it can fit into your career and if it is worth pursuing.

What Is CISSP?

The CISSP is a globally recognized credential managed by the International Information Systems Security Certification Consortium (ISC2). Since its launch in 1994, it has become a standard in validating an individual’s deep technical and managerial knowledge and experience in the field of information security.

The (ISC)² CISSP Certification Exam Details

CISSP not only meets the requirements for ANSI/ISO/IEC Standard 17024, it was actually the first information security certification to do so. It is also an approved baseline certification under the U.S. Department of Defense (DoD) 8570 certification requirement.

For the purposes of this guide, all exam related information is aligned to the CISSP Computerized Adaptive Testing (CAT). The CISSP CAT exam is the standard used for all English-based CISSP exams. The CAT exam format is also available in Chinese, German, Japanese, and Spanish.

As of April 15, 2024, the linear, fixed-form exam will no longer be available.

Unless otherwise noted, details regarding the exam are aligned to (ISC)²’s CISSP Certification Exam Outline effective as of April 15, 2024.

How Much Is The CISSP Exam?

The CISSP certification exam costs $749.

How Long Is The (ISC)² CISSP Certification Exam?

The ISC2 CISSP certification exam offers candidates up to 4 hours to complete the 125-175 multiple choice and advanced innovative questions. ISC2’s advanced innovative questions consist of drag and drop and hotspot style of questions.

What Are The CISSP Exam Domains?

The CISSP certification exam concentrates on 8 domains related to information security:

  1. Security and Risk Management 15%
  2. Asset Security 10%
  3. Security Architecture and Engineering 13%
  4. Communication and Network Security 13%
  5. Identity and Access Management (IAM) 13%
  6. Security Assessment and Testing 12%
  7. Security Operations 13%
  8. Software Development Security 11%

How Hard Is The CISSP Exam?

The CISSP certification exam is known to be one of the more challenging cybersecurity certification exams available. As such, it is not uncommon for even experienced cyber professionals to fail on their first attempt.

This certification requires candidates to be experienced in the field of cybersecurity, which is often helpful on the exam’s objective and performance based questions. However, many questions are aligned to how a security or risk manager would think and act, not how a technologist would perform. Years of technically performing information security tasks can actually lead to incorrectly answering questions that should be approached from a process or managerial standpoint. The biggest challenge is retraining yourself to the think to the test and how ISC2 expects you to answer.

How To Pass The ISC2 CISSP Certification Exam?

As mentioned above, the biggest challenge IS professionals face when tackling the CISSP exam is their tendency to answer from their viewpoint as a technologist in the field. In order to pass the CISSP certification exam, it is necessary to look at the exam from the viewpoint of an Information Security Manager and the process requirements such a role needs to adhere to.

In terms of preparation, most people take several months to thoroughly study the exam domains using an assortment of materials including:

“Kelly [Handerhan] was an amazing instructor and knew the content very well. She was able to answer our questions and direct our focus for the exam.”

CISSP Student

CISSP Requirements

Before you can sit for the CISSP exam you need to meet specific experience requirements. This includes a minimum of 5 years cumulative paid work experience in at least 2 of the 8 CISSP CBK domains.

It is possible to reduce the work requirement by 1 year if you hold a 4-year college degree OR regional equivalent OR one of the approved credentials listed below:

Instructor-Led vs Self-Paced CISSP Training

More often than not, the question of instructor-led training (ILT) or self-paced training is presented as a one or the other approach for preparing for a certification exam. In relation to the CISSP exam, both options are often necessary as a part of a comprehensive study plan.

As mentioned previously, the CISSP exam is not one to take lightly and it is definitely not one that can be passed after a single week of training either through self-paced, ILT or both. Instead the below is a suggested outline for preparation.

  1. Start with the CBK. Read through the entire guide and then re-read and highlight the areas you are not well versed in.
  2. Read up on the problem areas. Take your textbook or study guide and read the sections related to the areas you don’t fully understand. As you have more questions on these areas, look up the answers online.
  3. Enroll in an ILT course. Go into the course with the mindset of learning from someone who has taken and passed the CISSP exam. Make sure you receive clarification on the trouble areas you have found in your self study.
Learn More About Our ISC2 CISSP Training Course
  1. Practice the exams. Take as many practice exams as possible to identify other potential problem areas.
  2. Repeat steps 2 and 4 until you are consistently passing practice exams at a high percentage (85%+)
  3. (Optional) Retake an ILT course right before you plan to attempt the exam. We offer a free retake to students and it is very valuable for CISSP students to get a last minute refresher and time to discuss their final exam preparation with an instructor.

“This class was necessary to pass the CISSP test”

CISSP Student

Requirements After You Pass Your CISSP Exam

Meeting the education requirements and passing your exam are not the only steps required to earning your CISSP certification. There are three more steps you need to complete before officially becoming a CISSP:

  1. Complete the endorsement process. This can be completed online and “attests that your assertions regarding professional experience are true and that you are in good standing within the cybersecurity industry.”
  2. Agree to the code of ethics. (ISC)² requires all candidates to agree to and uphold their code of ethics. Violating this code may result in the revocation of your CISSP certification.
  3. Pay your first year’s AMF. (ISC)² collects an Annual Maintenance Fee (AMF) by all certification holders that goes toward the cost of maintaining their certification. Your AMF is due on the anniversary of your certification and if you hold multiple (ISC)² certifications, you only pay the AMF once on the anniversary of your earliest certification. The cost is $125.

Is CISSP Worth It?

It can be! If you are pursuing a managerial path in cybersecurity, then the CISSP is an ideal fit and can help you attain higher salaries and greater career opportunities than your non-certified peers.

It is typically best suited for professionals holding or aspiring to hold the following job titles:

  • Chief Information Security Officer
  • Chief Information Officer
  • Director of Security
  • IT Director/Manager
  • Security Systems Engineer
  • Security Analyst
  • Security Manager
  • Security Auditor
  • Security Architect
  • Security Consultant
  • Network Architect

The CISSP certification is also an IA approved baseline certification under the DoD Directive 8570.01-M for the following job categories:

  • IAT Level III
  • IAM Level II
  • IAM Level III
  • IASAE I
  • IASAE II

The ISC2 CISSP Compared To Other Industry Certifications

While the CISSP is a highly coveted cybersecurity certification, it is certainly not the only available and it may not be the best fit. Below is a quick breakdown of how the CISSP certification compares to other credentials so you can choose the best path for your career.

CISSP vs CISM

CISSP leans heavily into the operational side of security whereas the ISACA CISM focuses on how your information security practices fits into your business objectives. CISM is often a next step after CISSP if your goal is to become a CIO or Risk Management Professional.

CISSP vs CASP+

If you want an advanced level certification but don’t intend to pursue a management role in cyber, then CompTIA’s CASP+ is your perfect choice. According to CompTIA, “CASP+ is the only hands-on, performance-based certification for practitioners — not managers — at the advanced skill level of cybersecurity. While cybersecurity managers help identify what cybersecurity policies and frameworks could be implemented, CASP+ certified professionals figure out how to implement solutions within those policies and frameworks.”

CISSP vs CRISC

ISACA’s CRISC is narrowly focused on controlling and mitigating risk whereas the CISSP addresses a broader range of cybersecurity topics with risk management only accounting for about 15% of the exam. In terms of career opportunities, CISSP will open more doors in cybersecurity than CRISC but if your goal is a role in risk management then CRISC will help you standout.

CISSP vs CISA

Similarly to the CRISC comparison, CISA is a highly concentrated exam on Information Systems auditing. This concentration is a benefit for an auditor but doesn’t provide the broad industry acceptance that the CISSP garners.

CISSP vs Security+, CEH or CCSP

CISSP doesn’t really compare to certifications such as the CompTIA Security+, EC-Council CEH or even the ISC2 CCSP because they are each designed for very different audiences and skill levels.

  • CISSP is an advanced cybersecurity certification for managers;
  • Security+ is an entry-level cybersecurity certification;
  • CEH is an intermediary certification concentrated in ethical hacking.
  • CCSP is an advanced cybersecurity certification concentrated in cloud computing.

CISSP Average Salary

According to Payscale.com, the average salary for a CISSP is $127,000 annually. Over 80% of respondents report they are in mid-career or later stages of experience.

Jobs For CISSPs

As mentioned previously, the CISSP certification is broad enough to apply to a number of cybersecurity job roles. Over 35,000+ jobs on LinkedIn mention the CISSP and titles include:

  • Security Engineer/Security Architect
  • Cybersecurity Engineer
  • Cyber Penetration Tester
  • Incident response Analysts
  • Information Security Specialist
  • Director of IT
  • Security Analyst
  • Security Consultant

Similarly, these opportunities are available across a number of industries. Banking, Automotive, IT, Computer Software, Civil Engineering, Insurance, Aviation & Aerospace, Defense & Space, Financial Services, Government, Higher Education & more all have posted jobs for looking for CISSPs.

How Many CISSPs In The World?

Only 159,679 professionals hold the CISSP certification worldwide as of March 2023. According to Cyber Seek, there are more than 66,000 cybersecurity job listings request CISSP certification as of April 2024.

How To Maintain Your CISSP Certification

A CISSP certification is valid for 3 years from the date it was earned but it can be renewed if the certification holder earns and submits a total of 120 Continuing Professional Education (CPE) credits during the three-year certification cycle. ISC2 requires two categories of CPEs which they simply label as Group A or B.

Group A CPEs must be earned and submitted annually and ISC2 requires CISSP certification holders to submit 30 Group A CPEs each year to qualify for renewal. Domain-Related Education, Contributions to the Profession, and Unique Work Experience are all considered Group A CPEs.

Group B CPEs can be earned and submitted at any point during the three year certification cycle. General Professional Development is labelled as Group B CPEs. In addition to the 90 Group A CPEs, ISC2 requires an additional 30 CPEs that are either Group A or B for members to renew their CISSP certification.

Sample CISSP CPE Activities

Example of Group A CPE activities include the below activities as long as the content relates back to the CISSP domains:

  • Participating in either a self-paced or instructor-led training course
  • Attending a higher education course
  • Reading a book, magazine, whitepaper, etc.
  • Publishing a book, whitepaper, blog post, article, etc.
  • Attending a conference, seminar or other similar event either in-person or virtually
  • Presenting information security related material
  • Performing a unique work-related project outside of your normal duties
  • Volunteering in an information security related capacity

Example of Group B CPE activities include the below activities as they relate to general professional development outside of the CISSP domains. These activities are generally in a management or public speaking capacity:

  • Attending industry conferences
  • Participating in education courses
  • Preparing for a presentation/lecture/training
  • Involvement on a Government/Private Sector/Charitable Organizations Committee
Continuing Education ActivityEstimated CEUs Earned
ISC2 Offered CPE Activities Generally you will earn 1 CPE per 1 hour of participation. Some CPE maximums apply to activities. Reference Handbook for more details.
Education (Self-paced or instructor-led)Generally you will earn 1 CPE per 1 hour of instruction. A maximum of 40 CPEs can be earned per activity. CPE maximums apply to books, magazines and whitepapers. Reference Handbook for more details.
Contributions to the Profession: Create New Industry Knowledge CPE maximums apply to the creation of books, articles, book chapters, professional blog posts, whitepapers, training courses, etc. Reference Handbook for more details.
Contributions to the Profession: Volunteer Service Generally you will earn 1 CPE per 1 hour of participation. CPE maximums apply to delivering ISC2 Safe and Secure Online (SSO) presentations. Reference Handbook for more details.
Unique Work Experience Generally you will earn 1 CPE per 1 hour of participation. Reference Handbook for more details.
Professional Development: Non-Domain related
professional development		Generally you will earn 1 CPE per 1 hour of participation. Reference Handbook for more details.

What’s Next? CISSP Concentrations

After earning your CISSP, the next step in your security certification path could be a CISSP concentration. CISSP concentrations signify that you not only have the skills of an ISC2 CISSP, but that you also have achieved subject matter mastery in the field of information security architecture, engineering or management.

CISSP-ISSAP

The CISSP Information Systems Security Architecture Professional (CISSP-ISSAP) is most appropriate for either a chief security architect or analyst, according to ISC2. It is closely aligned to the consultative process of information security and makes the most sense for independent contractors or government leaders who need to meet 8570 requirements.

CISSP-ISSEP

The CISSP Information Systems Security Engineering Professional (CISSP-ISSEP) is ideal for senior systems engineers or IA officers/analysts. This certification was developed in conjunction with the U.S. National Security Agency (NSA) and ensures that certification holders can develop secure systems using systems engineering processes. The CISSP-ISSEP also meets DoD 8570.01-M certification requirements.

CISSP-ISSMP

The CISSP Information Systems Security Management Professional (CISSP-ISSMP) is designed for cybersecurity leaders such as, CIOs, CISOs, CTOs, or other security executives. From establishing to governing information security programs, this certification attests that you have all the necessary skills. For government leaders, the CISSP-ISSMP also meets DoD 8570.01-M certification requirements.

(ISC)2 cissp certification logo

Register Now For An Upcoming (ISC)² CISSP Training Course!

Complete the form below to schedule a time to speak with an Admissions Advisor about our upcoming (ISC)² CISSP Training.

PreviousHow To Get A Security+ Certification

Contact Us