CISSP Certification - The Ultimate Guide

Introduction

Due to the increasing number of network threats, internal security vulnerabilities, phishing attempts and other forms of hacker attacks, network security is a huge consideration in today’s world. However, the number of certified security experts is actually decreasing, not increasing. This means that the demand for these professionals has reached an unprecedented level and will only continue to grow as the gap between supply and demand increases. The first step in getting one of these coveted positions is to learn how to become a certified information systems security professional (CISSP).

What Is the CISSP Certification?

Indeed, CISSP certification proves that you are the leader of network security and that your knowledge and skills in key areas are up to date. It shows that you not only have a deep knowledge and understanding of existing threats, but also to emerging threats, and how to prevent these threats from affecting the company.

According to (ISC)2, it is a "Having a vendor-independent certificate, for those who have deep technical and managerial capabilities, skills, experience and credibility to design, project, implement, and manage their overall information security plans to protect organizations from increasingly complex attacks."

The CISSP CBK (critical knowledge system) covers eight "Field", including:

Security and risk management

Asset security

Security engineering

Communication and network security

Identity and access management

Security assessment and testing

Security operations

Software development security

To obtain CISSP certification, you need experience in at least two of the eight areas (we will cover them in the requirements section).

According to (ISC) 2, this certification is ideal for security advisers, security managers, IT supervisors and managers, security auditors, security architects, security analysts, security systems engineers, chief information security officers, security executives, and network architects, to name just a few.

What Is (ISC)2?

Although many technical certifications are issued by companies, (ISC) 2 is actually an international non-profit organization. Founded 25 years ago, it played an important role in combating cyber threats.

The CISSP certification is an organization’s most well-known certificate, but it provides other certificates, all of which are now "A part of a safety integral, programming method.", which have more than 115,000 members as a variety of security roles from network security to network security. Infrastructure security and everything between the two.

The Rising Demand

Do you not believe that becoming a CISSP will really help you develop your career further? Consider what (ISC) 2 CEO David Shearer said at the organizational meeting in Orlando on September 2016. "We have to take a holistic approach to security, so there is a growing demand for soft skills. The industry needs not only skilled people but also communication, business, and personnel. We need to build up deep experts in order to communicate. I have no objection to the wide range of criticism of CISSP, but the power of CISSP is that you understand the breadth of any information security issues. "

Of course, to be a professional with a certificate, you need to know the CISSP requirements, many of which are required.

Alan Paler (Alan Paller), director of research at the SANS Institute, supported this in an interview with Ars Technica and explained it further. "the idea that there is a shortage is absolutely correct," he said. "but this is a key shortage. Most of the work that is difficult to accomplish is a key task. "

How Do I Earn the CISSP?

To obtain credentials, you must meet the current CISSP requirements. Yes, it involves a long test process, but much deeper than that. You need a lot of previous work experience, or you can be an assistant to (ISC) 2, plus the less practical experience in security. The whole process will look like this:

Has the minimum required real-world experience?

If you lack the required years of experience, you can become an Associate of (ISC)2.

If you have a 4-year degree, you may qualify for a 1-year waiver.

Complete the exhaustive CISSP exam with at least a minimum score of 700 out of 1,000 points.

Complete the endorsement process and agree to the organization’s code of ethics.

Maintain your CISSP certification and recertify every three years.

What is Work Experience Required?

Perhaps the single most difficult requirement for those aspiring to earn their CISSP certification is the work experience needed. You’ll need a minimum of five years of experience working in the real world as a security professional. You must be able to show proof that you worked fulltime in this role, and that you have experience in a minimum of two out of the eight domains highlighted in the (ISC)2 CBK.

If you have a four-year degree or an approved additional certificate from an approved list of options, you’ll have a one-year waiver, which means that you only need to prove that you have a four-year real world as a full-time experience for security professionals.

Are you interested in participating in the CISSP training program? Check out the InfoSec Institute training camp, or fill in the form below for price details.

What is the Associate of (ISC)2?

For those who do not have the required work experience, you can be an assistant to (ISC) 2. To do this, you need to pass the CISSP and then work as a security expert. From the date of passing the exam, you have six years to obtain the full CISSP certificate. If you are unable to do so during this period, you need to take the exam again after at least five years of work.

In order to be an assistant to (ISC)2, you first need to determine the path to follow (in this case, CISSP, although the organization also provides SSCP, CCSP, HCISPP, CCFP, CAP, and CSSLP authentication). Next, you need to arrange and participate in the joint test and complete the test agreement, which is a legally binding document that requires you to comply with the organization’s ethics.

If you are going to get a CISSP certification, the joint exam will contain 250 questions. Please note that the actual CISSP exam is much more exhaustive. After passing the exam, you will be able to use ongoing training options along with other benefits. However, you will need to maintain your identity, which requires you to receive 15 CPE (continuing professional education) credits per year and pay an annual fee of $35.

In the meantime, you will need to obtain a full CISSP certification and start the accreditation process, eventually converting your associated certificate to a CISSP certificate.

The process looks like this:

Choose your certification preference (CISSP in this case).

Schedule the exam and agree to the code of ethics.

Take the exam and pass it.

Maintain your status and work toward your CISSP certification. You have six years to complete five years of real-world experience.

The Examination: Questions/Format/Length

The actual exam contains 250 questions, and you will have six hours to complete these questions. They are a variety of options, as well as the so-called "high-level innovation" of the organization. These are drag-and-drop problems, as well as the "hot issue" to measure knowledge and cognitive skills. For example, you may encounter a problem and then drag all the correct answers from one side of the test to the "Correct answer" box on the other side (the test is done on the computer, not on paper).

Multiple choice questions are based on many factors. A couple of examples can be found below:

Which one of the following is the MOST important security consideration when selecting a new computer facility?

Local law enforcement response times

Adjacent to competitors’ facilities

Aircraft flight paths

Utility infrastructure

Which one of the following describes an SYN flood attack?

Rapid transmission of Internet Relay Chat messages

Creating a high number of half-open connections

Disabling the domain name service (DNS) server

Excessive list linking of users and files

How does the CISSP Endorsement Process Work?

After passing the CISSP test, your work has not yet been completed. You need to complete the organization’s accreditation process before you can really get the certification. This will require you to have an approval form for a digital signature by an existing (ISC) 2 certified professional who is a reputable member of the organization.

The endorser must be able to prove that you have professional experience and, as far as he or she knows, your experience is real. Please note that when the approval form is completed, you must have the certificate number of the member. If you do not have a relationship with a well-established existing (ISC)2 member, the organization itself can act as an endorser.

It is also important to know a few other things. First, there is limited time to gain recognition. You need to complete the endorsement within 9 months of passing the CISSP exam, otherwise, you must re-take the exam (and pay the fee again).

Think about your contact before taking the exam. If you don’t know any member of the organization at this time, please set up a number of contacts in the organization in advance. In the worst case, the organization itself can act as your spokesperson.

You should also understand that the organization will regularly review the number of people randomized to pass the exam. They have something to say about the audit. For "A portion of the candidate who has passed the (ISC)2 exam and submits the approved candidate will be reviewed at random and other information is required to be provided for verification as required.", if you select an application for approval, you will be notified by email.

What is the Candidate Background Required?

(ICS)2 No one is allowed to take the exam. We will conduct a rigorous background review and you need to ensure that the requirements of CISSP are met before the process is started. The organization stated that, If you do not meet the background requirements and take the exam, the examination fee or other fees will not be refunded

During background screening, you need to pay close attention to three issues. The answer "yes" to any of the above may disqualify you from any certification through the organization. However, if you feel that there is no real reason for your rejection, you can contact them via email to defend your case. The three issues to be noted are as follows:

Have you ever been convicted of a felony, a dishonest-based crime (involving a liar or a misdemeanor) or a military service or whether there is a serious crime against you? (a minor traffic offense and an offense charged by a juvenile court). )

Have you ever been involved, or publicly identified, with criminal hackers or hacking?

Have you ever been famous for any other name, alias or alias? Ignore publicly identifying your user identity or screen name. Name changes due to marriage or adoption are also ignored.)

Make sure that you have resolved all potential conflicts so that your background check is clean and there is no danger signal in this process.

In Conclusion

Meeting these CISSP requirements and passing the exam will provide you with one of the most sought-after certificates for recruiters of global information technology and cybersecurity professionals. The CISSP requirements proposed by (ISC) 2 are strict but can be met. The most important of these is five years of practical experience as a security expert. Even if you have a four-year college degree, you are only eligible for one year of experience exemption, so make sure you are already working in the field before applying for this certificate.