CISSP Certification : Certified Information Systems Security Professional

What is CISSP Certified Information Systems Security Professional ?

Recognized worldwide, the CISSP certification is the most prestigious in the field of information security. It attests to the technical and managerial skills of security professionals, and their ability to develop, deploy and supervise security policy within a company. The CISSP addresses eight key areas of the Common Body of Knowledge (CBK), listed below :

• Domain 1. Security and risk management  
• Domain 2. Asset Security  
• Domain 3. Security Architecture and Engineering  
• Domain 4. Network Communication and Security  
• Domain 5. Identity and Access Management (IAM)  
• Domain 6. Security Assessment and Testing  
• Domain 7. Security Operations  
• Domain 8. Secure software development

‍

Awarded by ISC2, an international non-profit organization committed to information security, this cybersecurity certification brings together more than 150,000 certified members in more than 170 countries.

Becoming CISSP certified will bring you into ISC2, opening the doors to various benefits :

• Access to exclusive resources, educational tools and professional networking opportunities  
• Recognition of your expertise and credibility with employers, clients and colleagues  
• Opportunity to contribute to the development of the information security profession  
• Membership in a global community of information security leaders

Which organizations offer CISSP certification ?

The CISSP certification is granted by ISC2, a non-profit international entity dedicated to enhancing the business of information security. The organization has over 150,000 certified members in more than 170 countries. To obtain this certification, the ISC2 requires the passing of a 4-hour exam, including between 125 and 175 questions, either multiple choice or short answers, covering the eight areas of the CBK (Common Body of Knowledge).

In addition, it is imperative to have at least five years of professional experience in at least two of the CBK fields, or four years with a university degree or certification recognized by ISC2. Committing to the ISC2 Code of Ethics is also mandatory, as is joining a continuing education program in order to maintain certification.

However, ISC2 does not have a monopoly on CISSP certification. Other entities also offer training, preparation and review sessions for CISSP, including :

• Global Knowledge : global reference in computer and managerial training, offering online, in-person or mixed courses, in addition to exam simulations and advice to pass the CISSP.  
• Cybrary : an e-learning platform specialized in cybersecurity, providing a free CISSP preparation course, accompanied by quizzes, simulations and additional resources.  
• Udemy : online learning platform, offering paid CISSP preparation courses, led by qualified instructors.  
• Transcend : provider of practical tests and certification exam preparation materials, including CISSP exam simulations, in-depth explanations and references to official resources.

‍

It is essential to select a recognized and reliable training organization, compliant with ISC2 standards, to optimize your chances of success at the CISSP certification.

What are the specific CISSP certification requirements for my industry ?

CISSP certification is essential for all professionals handling sensitive or critical data, covering sectors as diverse as finance, health, energy, transport, defense, and education. It aims to improve the security of information systems and ensure compliance with current regulations and standards.

Information security standards and regulations

Information security requirements vary by sector. Examples include :

• ISO/IEC 27001 : for the establishment of an information security management system.  
• GDPR : framework for the processing of personal data in the European Union.  
• NIS Directive : improvement of the security of networks and information systems for certain operators and suppliers.
• Military Programming Act : protection against cyber attacks and obligation to report security incidents for vital operators.  
• PCI DSS standard : for banking and financial sector entities processing payment card data.  
• HIPAA Standard : for healthcare players in the United States processing medical data.
  

‍

Obtaining CISSP certification equips you with key information security principles and practices, tailored to your field.

The partners of the CISSP certification

To achieve CISSP certification, you can count on the support of reliable partners offering :

• Global Knowledge : wide range of training and resources to pass the CISSP exam.  
• Cybrary : access to a free preparation course, quiz, simulations, and additional resources in cybersecurity.  
• Udemy : paid courses with qualified instructors to prepare for certification.  
• Transcend : practice tests and preparation tools based on official references for the CISSP exam.

‍

Choose a partner recognized by the ISC2, guaranteeing compliance with standards and increasing your chances of success at CISSP certification.

What are the steps to obtain CISSP certification ?

Obtaining the CISSP certification is a demanding path of preparation, motivation and commitment. Learn the key steps to becoming a certified information security specialist.

Step 1 : Check eligibility requirements

Before you start, make sure you meet the following criteria :

• Have at least five years of professional, paid experience in two or more of the eight areas of the CISSP CBK (Common Body of Knowledge). A university degree or other certification recognized by the ISC2 can reduce this period to four years.  
• Commit to the ISC2 Code of Ethics and participate in a continuing education program to keep your certification valid.  
• Be sponsored by an ISC2 member who can attest to your experience and identity.

Step 2 : Prepare for the CISSP exam

The CISSP exam is a four-hour computerized adaptive test consisting of between 125 and 175 multiple-choice, short-answer questions, covering the eight areas of the CISSP CBK :

• Domain 1. Security and risk management  
• Domain 2. Asset Security  
• Domain 3. Security Architecture and Engineering  
• Domain 4. Network Communication and Security  
• Domain 5. Identity and Access Management (IAM)  
• Domain 6. Security Assessment and Testing  
• Domain 7. Security Operations  
• Domain 8. Secure software development

‍

To prepare effectively, you can use the following resources :

• The official ISC2 guide for the CISSP exam, including the detailed content of the CISSP CBK, sample questions, and practical tips.  
• Official ISC2 courses, available online, face-to-face, or self-directed, delivered by certified and experienced trainers.  
• The official practice tests of the ISC2, to familiarize yourself with the format of the exam, the level of difficulty and the types of questions.  
• Additional resources such as books, podcasts, videos, forums and blogs, offering additional information and testimonials from candidates.
  

Step 3 : Register for the CISSP exam

Register on the ISC² website, with a registration fee of 699 USD, choose an ISC2 accredited exam center and plan your exam. A confirmation email with instructions for the day of the exam will be sent to you.

Step 4 : Take and Pass the CISSP Exam

On D-Day, go to the centre with a valid ID and your registration confirmation. Follow the centre’s rules and instructions. You will have four hours to answer questions. At the end, you will immediately know if you have succeeded or failed, and if successful, you will receive your score as well as a performance report by domain.

Step 5 : Obtain and maintain CISSP certification

After passing the CISSP exam, you will need to go through the ISC2 approval process to complete your certification. The necessary documents are :

• The ISC2 approval form, including your personal and professional details as well as your sponsor’s information (name and membership number).  
• The ISC2 Membership Agreement Form, where you certify your commitment to adhere to the organization’s Code of Ethics and Continuing Education Program.  
• The payment of the annual maintenance fee (AMF), which amounts to 125 USD.  
• Once these documents are submitted, you will receive your ISC2 certificate and digital badge. To keep your certification active, follow the requirements below:
• Earn at least 120 continuing education (CPE) credits over three years, with a minimum of 40 CPE each year.  
• Meet the AMF annually.  
• Comply with the ISC2 Code of Ethics.

How much does a CISSP certification cost ?

Opting for CISSP certification represents a major investment, promising in terms of professional and financial benefits. However, its substantial cost merits consideration before embarking on this path.

Let’s look at the main associated costs :

Examination fees

CISSP exam registration costs US$699, payable directly to ISC2 when registering online. This fee covers a single attempt. In case of failure, this sum will have to be paid again to try again, respecting a minimum interval of 30 days between each test.

Training costs

If training for CISSP certification is not mandatory, it is strongly advised to maximize its chances of success. Multiple organizations and platforms offer training at various prices. Examples include :

• ISC2 offers formal online, face-to-face, or self-study training starting at $2,795, with certified instructors, practical tests, and official resources.  
• Global Knowledge offers online, face-to-face and blended learning courses starting at $3,495, including certified instructor support, white tests and exam tips.  
• Cybrary offers a free online course to prepare for CISSP certification, covering the eight areas of CISSP CBK, as well as quizzes, simulations and additional resources.  
• Udemy offers preparation courses starting at $10.99, with videos, exercises and practical tests delivered by experienced instructors.

‍

The cost of training therefore varies according to its type, duration, quality and content. It is crucial to compare offers and select the one that best meets your expectations, your budget and your learning method.

Certification and maintenance fees

After passing the CISSP exam, completing the ISC2 approval process is required to obtain certification, which involves an annual maintenance fee of USD 125. This fee ensures access to exclusive resources, educational tools and networking opportunities within ISC2.

It will also be necessary to accumulate at least 120 continuing education credits (CPE) over three years, including a minimum of 40 CPE each year, to keep the certification up to date. These CPEs can be acquired through various information security activities.

The total cost

The overall cost of CISSP certification varies according to several criteria, such as the number of exam attempts, the choice of training, the duration of certification and continuing education activities. Although it is difficult to establish a precise amount, the total cost is usually between 1,000 and 5,000 USD.

This amount may seem high but must be compared to the potential benefits provided by the CISSP certification, such as increased recognition in the professional field, a possible salary increase, significant differentiation in the labour market and access to a network of recognized cybersecurity professionals.

What is the deadline for obtaining CISSP certification ?

CISSP certification requires serious commitment, including time, preparation, and perseverance. The length of time required to obtain it varies according to several elements, including:

Your professional experience

To be eligible for CISSP certification, a minimum of five years of paid, full-time professional experience is required in at least two of the eight areas covered by the CISSP Common Knowledge Book (CBK). If you do not meet this requirement, you can become an Associate of (ISC)² by passing the CISSP exam, and you will then have six years to gain the required experience. A four-year graduate degree, or regional equivalent recognized on the approved list (ISC)², may reduce the required experience by one year.

Exam preparation

The CISSP exam consists of between 100 and 150 multiple-choice questions, spread across the eight CBK areas. You have three hours to answer it, with a pass threshold of 70%. Since January 2005, the exam is offered in French. Preparing for this exam requires a thorough understanding of key information security concepts and practices, including American specificities.

While many resources and training courses are available to help you, preparation time varies depending on your initial level of knowledge, learning method and availability. In general, intensive preparation of three to six months is recommended to approach the exam with confidence.

Obtaining and maintaining certification

After passing the CISSP exam, you must complete the (ISC)² approval process to receive your certification. This includes paying an annual maintenance fee of US$125 and earning at least 120 continuing education credits (CPE) over three years, with a minimum of 40 CPE each year. CPEs can be acquired through training, research, publishing, volunteering, or mentoring related to information security. Failure to meet these requirements may result in the loss of your certification, forcing you to retake the exam to recover it.

Is there a renewal to be done regarding the CISSP certification ?

The CISSP certification validates advanced cybersecurity skills and is overseen by (ISC)², an internationally renowned organization. Aimed at information system security experts - including security managers, consultants, auditors, architects, and DPOs - it requires passing an in-depth examination of eight core competency areas. Applicants must also have five years of professional experience in at least two of these areas.

After obtaining this certification, professionals must continue to train to keep their knowledge up to date. This includes meeting the continuing education requirements (CPE) of the (ISC)², requiring a specified number of hours of training or cybersecurity activities per year. An annual fee to the (ISC)² is also required, as well as adherence to its code of ethics.

Every three years, the renewal of the CISSP certification requires proof of 120 hours of CPE accumulated during this period, with a minimum of 40 hours per year. In addition, an online exam, the CISSP-ISSAP, is required to assess the current knowledge of the certification holder. Without compliance with these conditions, the certification expires, forcing to retake the initial examination to renew it.

Applying for CISSP certification, and then maintaining this title, requires a serious commitment. However, it opens the door to many opportunities, such as better professional recognition, higher salaries, continuing education, and belonging to an international community of cybersecurity experts.