Sistema de blogs Diarium
Universidad de Salamanca
Pablo Gallardo's Blog
My professional web log about IT, Project Management & SAP

How to get CISSP Certification

CISSP (Certified Information Systems Security Professional) is an information security certification granted by organization (ISC)2.


What are the typical roles that apply for this certification?

Roles that may apply for this certification:

  • Chief Information Security Officer
  • Chief Information Officer
  • Director of Security
  • IT Director/Manager
  • Security Systems Engineer
  • Security Analyst
  • Security Manager
  • Security Auditor
  • Security Architect
  • Security Consultant
  • Network Architect

What are the requirements to get CISSP Certification?

To get CISSP Certificaiton you need to do two things:

  1. Achieving a passing score on the CISSP exam within 2 years before applying for certificaiton
  2. Meet the required professional experience
  3. Obtain an endorsement from an existing (ISC)2 member
  4. Subscribe to the ISC2 Code of Ethics

Each requirement is explained in more detail in further questions.

What is the professional experience required to get CISSP Certification?

To get the CISSP require a minimum of 5-year experience in relevant areas.

1-year of experience can be replaced with one year of education or specific IT certifications.

Experience must be related to 2 of the 8 CISSP Common Body of Knowledge (CBK) domains.

Read this article for more information about CISSP requirements.

What are the IT certifications that can redeem 1-year of experience?

IT certifications that can redeem 1-year of experience:

  1. CAP (Certified Authorization Professional)
  2. CISM
  3. CISA
  4. CCIE (Certified Internetwork Expert)
  5. CCNA Security (Cisco Certified Network Associate Security)
  6. CASP (CompTIA Advance Security Practitioner)
  7. CompTIA Security+
  8. CySA+ (CompTIA Cybersecurity Analyst)
  9. Many GIAC certifciations

Check the full list on this link.

What is the (ISC)2 Code of Ethics?

The (ISC)2 Code of Ethics must be accepted if you want to get CISSP Certification.

You can check the (ISC)2 Code of Ethics on this link.

What are the CISSP domains where I must have previous experience?

Domains have a double function:

  • Restrict the subjects where you must have professional experience
  • Define the content of the CISPP exam

Exam questions are related to any of these domains, but they are not equally distributed and some topics are more frequent. This proportion of domain distribution is pre-set, and changes over the time. The percentage included here change over the time.

Domains that must be studied:

  • Domain 1. Security and Risk Management (15%)
  • Domain 2. Asset Security (10%)
  • Domain 3. Security Architecture and Engineering (13%)
  • Domain 4. Communication and Network Security (13%)
  • Domain 5. Identity and Access Management (IAM) (13%)
  • Domain 6. Security Assessment and Testing (12%)
  • Domain 7. Security Operations (13%)
  • Domain 8. Software Development Security (11%)

As said, you need to have professional experience on at least 2 domains.

I don’t have the required experience (yet). Can I pass the exam?

You can pass the exam without the required experience.

However, if you want to get CISSP certification,  you need to meet requirements in 2 years after passing the exam. Otherwise, you will miss your chance to get the exam.

The is one figure known as CISSP Asociate, that allows you to be entitled like this for 6 years until you get the necessary professional experience.

How is CISSP exam?

CISSP exam takes 3 hours as maximum.

You need to get a passing score of 700 over 1000.

There are two types of CISSP exams:

  • CISSP-CAT (Computerized Adaptative Testing) exams
  • Old CISSP Exam

The CISSP-CAT test is used if you do the exam in English.

The old test is used if you do the exam in any other available language.

Then, how is CISSP-CAT exam?

The score system in the new exam is quite complex.

I would recommend not to worry on this and focus on preparing the exam itself.

There are three types of questions:

  • Four-option multiple-choice single-answer
  • Four-option multiple-choice multiple-answer
  • Advanced innovative questions

Most of the questions are four-option, multiple-choice questions with a single answer.

Some multiple-choice questions may allow you to select more than one answer.

Advance innovative questions

And how is old CISSP exam?

CISSP old exam is the one used for non-English versions of CISSP exam.

It is a 250-question linear, fixed-form flat exam.

How do I prepare CISSP exam?

Please check this post.

Do I need to get endorsed after passing the exam?

Yes, you need to get endorsed by an existing (ISC)2 member after passing the exam.

You need to be endorsed as much as 6 months after you pass the exam.

You can find more information about endorsement process on this link.

How much cost to get CISSP Certification?

I’m still calculating it.

I failed the exam. Can I retake it?

You can retake the exam under some conditions:

  1. You can take the CISSP exam a maximum of 4 times in a 12-month period
  2. You must wait 30 days after your first attempt before trying a second time
  3. You must wait an additional 60 days after your second attempt before trying a third time
  4. You must wait an additional 90 days after your third or subsequent attempts before trying again

You can find the official policy on this link.

How to maintain CISSP Certification?

Requirements to keep CISSP Certifications:

  • Pay annual maintenance fee (AMF)
  • Earn 120 CPE credits each three-year period

You must complete continuing professional education requirements.

You need to earn 120 Continuing Professional Education (CPE) credits by your third-year anniversary.

For more information about CPE, check the (ISC)2 CPE Handbook and the CPE Opportunity page.

For more information about the AMF, check this link.

You might be also interested in…

External references


About pmgallardo

I studied Computer Science at University of Salamanca. Since then, I have been working first as developer and then as SAP consutant. This blog is about problems I dealt when using computers, and more important, the solutions I found. Whenever I am on an issue and suddenlly I have a flash that leads me to a solution, I document my discoveries in a post.

, , , , , , , , ,

No comments yet.

Leave a Reply


Política de privacidad
Studii Salmantini. Campus de excelencia internacional