Known as the gold standard of information security certifications, the Certified Information Systems Security Professional (CISSP) was the first certification accredited by the American National Standards Institute (ANSI) to International Standards Organization (ISO) Standard 17024:2003. The CISSP is not only an objective measure of excellence, but a globally recognized standard of achievement. It requires at least five cumulative years of relevant work experience in two or more of the 10 domains of the CISSP CBK (common body of knowledge), or four years of work experience and a four-year bachelor's degree or a master's degree in information security. To maintain the certification, CISSP holders are required to obtain 120 continuing professional education (CPE) credits every three years, with a minimum of 20 CPEs posted during each year of the three-year certification cycle. This continuing education ensures that CISSP-certified pros are keeping up with the latest threats.
One major point that sets the CISSP apart from other security certifications is the breadth of knowledge and experience necessary to pass the exam. A CISSP candidate cannot specialize in just one domain. They must know and understand the full spectrum of the (ISC) 2 CBK to become certified. In addition to the required five cumulative years of relevant work experience in two or more of the 10 domains, CISSPs must also legally adhere to the (ISC)2 Code of Ethics, be endorsed by a current (ISC)2 member, and undergo continuing education to keep the certification current. By meeting each of the above requirements, employers can rest assured that when they hire a professional who holds the CISSP credential, that person has been tested on understanding industry best practices and possesses a broad knowledge of the field and sound professional ethics and judgment.
A professional who holds the CISSP typically develops information security strategy, writes information security policy, manages information security and personnel, and ensures security policy is complying with industry regulations. Further, concentrations of the CISSP are available for those desiring additional validation of skills in management (CISSP-ISSMP), architecture (CISSP-ISSAP) and engineering (CISSP-ISSEP). These concentrations allow CISSPs to focus their talents on functional areas of importance to them or their companies.