The Certified Information Systems Security Professional (CISSP) is an independent information security certification created, granted, and governed by an organization called the International Information Systems Security Certification Consortium, also known as (ISC)².

The CISSP has been adopted as a baseline for the U.S. National Security Agency's ISSEP program.

Certification Exam Overview

Certification Provider: ISC-2
Number of Questions: 250
Question Style: Multiple Choice
Length of Test: Six Hours
Average Passing Rate: 70%
Estimated Certification Holders: 90,000+
International Reach: 149+ Countries

Salary Range for CISSP Professionals

Surveys by sites such as PayScale.com show a wide range of potential salaries for CISSP credential holders, who made between $54,820 and $152,311 in 2014. The wide variance in salary rate is accounted for by location, years experience and job title.

According to Robert Half Technology in 2015, the CISSP certification can contribute an average salary increase of 6% over the salary of a professional with the same job but no CISSP certification.

Common IT careers in the United States associated with the CISSP certification and their estimated 2015 salary ranges include:

Chief Information Officer: $157,000 – $237,000
Data Security Analyst: $106,000 – $149,000
Systems/Network Security Administrator: $95,000 – $140,000
Network Security Engineer: $105,000 – $141,000
Information Systems Security Manager: $122,000 – $171,000

Who Needs a CISSP Certification?

CISSP certifications are most sought after by IT professionals working primarily in the information security field.

While many IT professionals may be interested in obtaining a CISSP certification, the (ISC)² actually has very strict requirements for the length and type of work that a candidate must obtain before ever taking a CISSP exam.

Common Job Titles for CISSP Certified Professionals

Chief Information Security Officer
Director of Security
Security Manager
Security Analyst
Security Systems Engineer
Security Consultant
Network Security Administrator
Network Architect
Network Security Engineer
Systems Security Administrator

Prerequisites and Additional Qualifications for the CISSP Exam

Before taking the CISSP exam, interested IT professionals need to have at least five years of professional experience in at least two of the ten “CISSP Domains” identified by the (ISC)². Although the CISSP exam covers all ten “CISSP Domains,” extensive work experience is only required in at least two.

The ten CISSP Domains are:

Access Control
Business Continuity and Disaster Recovery Planning
Cryptography
Information Security Governance and Risk Management
Legal, Regulations, Investigations, and Compliance
Operations Security
Physical (Environmental) Security
Security Architecture and Design
Software Development Security
Telecommunications and Network Security

CISSP candidates must also answer a short series of questions relating to their criminal history and background, and must be endorsed by an existing certified CISSP holder.

Maintaining a CISSP Certification

A CISSP certification is valid for three years. To maintain a CISSP credential beyond three years, a CISSP certification holder must complete the following tasks:

Retake the CISSP certification exam every three years, OR:
Earn a minimum of 20 Continuing Professional Education (CPE) credits during each year, and complete a total of at least 120 credits throughout each three-year period.
In addition to one of the above, holders must pay an annual fee of $85 during all years in which the credential is valid.

Additional Details About the CISSP

In June 2004, the CISSP obtained accreditation by ANSI ISO/IEC Standard 17024:2003 accreditation. It is also formally approved by the U.S. Department of Defense (DoD) in both their Information Assurance Technical (IAT) and Managerial (IAM) categories for their DoDD 8570 certification requirement.

Each exam includes 25 ungraded, “experimental” questions

Related Questions