The Certified Information Systems Security Professional (CISSP) is an independent information security certification created, granted, and governed by an organization called the International Information Systems Security Certification Consortium, also known as (ISC)².
The CISSP has been adopted as a baseline for the U.S. National Security Agency's ISSEP program.
Certification Exam Overview
- Certification Provider: ISC-2
- Number of Questions: 250
- Question Style: Multiple Choice
- Length of Test: Six Hours
- Average Passing Rate: 70%
- Estimated Certification Holders: 90,000+
- International Reach: 149+ Countries
Salary Range for CISSP Professionals
Surveys by sites such as PayScale.com show a wide range of potential salaries for CISSP credential holders, who made between $54,820 and $152,311 in 2014. The wide variance in salary rate is accounted for by location, years experience and job title.
According to Robert Half Technology in 2015, the CISSP certification can contribute an average salary increase of 6% over the salary of a professional with the same job but no CISSP certification.
Common IT careers in the United States associated with the CISSP certification and their estimated 2015 salary ranges include:
- Chief Information Officer: $157,000 – $237,000
- Data Security Analyst: $106,000 – $149,000
- Systems/Network Security Administrator: $95,000 – $140,000
- Network Security Engineer: $105,000 – $141,000
- Information Systems Security Manager: $122,000 – $171,000
Who Needs a CISSP Certification?
CISSP certifications are most sought after by IT professionals working primarily in the information security field.
While many IT professionals may be interested in obtaining a CISSP certification, the (ISC)² actually has very strict requirements for the length and type of work that a candidate must obtain before ever taking a CISSP exam.
Common Job Titles for CISSP Certified Professionals
- Chief Information Security Officer
- Director of Security
- Security Manager
- Security Analyst
- Security Systems Engineer
- Security Consultant
- Network Security Administrator
- Network Architect
- Network Security Engineer
- Systems Security Administrator
Prerequisites and Additional Qualifications for the CISSP Exam
Before taking the CISSP exam, interested IT professionals need to have at least five years of professional experience in at least two of the ten “CISSP Domains” identified by the (ISC)². Although the CISSP exam covers all ten “CISSP Domains,” extensive work experience is only required in at least two.
The ten CISSP Domains are:
- Access Control
- Business Continuity and Disaster Recovery Planning
- Information Security Governance and Risk Management
- Legal, Regulations, Investigations, and Compliance
- Operations Security
- Physical (Environmental) Security
- Security Architecture and Design
- Software Development Security
- Telecommunications and Network Security
CISSP candidates must also answer a short series of questions relating to their criminal history and background, and must be endorsed by an existing certified CISSP holder.
Maintaining a CISSP Certification
A CISSP certification is valid for three years. To maintain a CISSP credential beyond three years, a CISSP certification holder must complete the following tasks:
- Retake the CISSP certification exam every three years, OR:
- Earn a minimum of 20 Continuing Professional Education (CPE) credits during each year, and complete a total of at least 120 credits throughout each three-year period.
- In addition to one of the above, holders must pay an annual fee of $85 during all years in which the credential is valid.
Additional Details About the CISSP
In June 2004, the CISSP obtained accreditation by ANSI ISO/IEC Standard 17024:2003 accreditation. It is also formally approved by the U.S. Department of Defense (DoD) in both their Information Assurance Technical (IAT) and Managerial (IAM) categories for their DoDD 8570 certification requirement.
Each exam includes 25 ungraded, “experimental” questions