CISSP Fast Track - Frequently Asked Questions
Below are some of the more frequent questions we receive regarding CISSP (Certified Information Security Manager). More information on CISSP, including examination and certification requirements, is available on the (ISC)2 web site.
Who should become a CISSP?
What qualifications do I need?
How is CISSP different from CISM?
How do I become an Associate of (ISC)2?
1. Who should become a CISSP?
The CISSP credential is ideal for mid-level and senior-level managers who are working toward or have already attained positions such as CISOs, CSOs or Senior Security Engineers.
As a CISSP, you gain access to (ISC)2 services and programs which support and enhance your growth throughout your information security career. These services and programs include:
- Ongoing education
- Peer networking
- Forums
- Events
- Job postings
- Industry communications
- Concentrations for proven subject matter expertise
- Speaking and volunteer opportunities
2. What are the qualifications needed to gain CISSP certification?
To become a CISSP, a candidate must successfully complete two separate processes: Examination and Certification. The eligibility requirements to sit for the CISSP examination are completely separate from the eligibility requirements necessary to be certified.
To sit for the CISSP Examination, a candidate must:
- Pay all relevant fees
- Assert that he or she possesses a minimum of five years of direct full-time security professional work experience in two or more of the ten domains of the (ISC)2 CISSP CBK® or four years of direct full-time security professional work experience in one or more of the ten domains of the CISSP CBK® with a degree. Additionally, a Master's Degree in Information Security from a National Center of Excellence can substitute for one year toward the four-year requirement.
- Subscribe to the (ISC)2 Code Of Ethics
To attain the CISSP Certification, a candidate must:
- Pass the CISSP exam with a scaled score of 700 points or greater
- Submit a properly completed and executed Endorsement Form
- Successfully pass an audit of their assertions regarding professional experience, if the candidate is selected for audit
- Upon receiving CISSP Certification you must uphold the (ISC)2 Maintainance Requirements and Re-Certify every 3 years
3. How is CISSP different from CISM (Certified Information Security Manager)?
Although there are many differences between the CISSP Common Body Of Knowledge and the CISM Job Practice Areas, the most obvious differences is in the experience requirements. Only CISM requires information security management experience, in addition to general information security experience. CISSP has no such management requirement.
4. I want to become a CISSP but do not have the required experience as yet - Associate of (ISC)2
Candidates who do not meet the CISSP professional experience requirements may become Associates of (ISC)2. To become an Associate of (ISC)2, you will need to complete and submit the examination form and successfully pass the exam. You don't have to wait until you've spent years in the field to demonstrate your competence in information security.
After taking the CISSP examination, you will receive an email from (ISC)2 indicating whether you have passed the exam. Upon successfully passing the exam, you become an Associate of (ISC)2. The (ISC)2 Associate for CISSP designation is valid for a period of 5 years from the date the "pass" email is issued; the (ISC)2 Associate has a maximum of 5 years to obtain the required experience and submit the required endorsement form for certification as a CISSP.
