CISSP certification for security experts
CISSP Certification - Certified Information Systems Security Professional - is for professionals who are experts in information system security.
The ISC², an independent organization that has created and manages the CISSP certification title, has defined a common core of knowledge (CBK = Common Body of Knowledg). The CISSP certification program includes ten domains :
- Access Control Systems and Methodologies
- Security of Telecommunications and Networks
- Security Management Practices
- Security of Application Development and Cryptography Systems
- Architecture and Security Models
- Security of operations
- Business Continuity and Disaster Recovery Plan
- Law, Investigations and Ethics
- Physical security
How to obtain the CISSP certification?
- Be able to prove having 4 years of real experience in security or at least 3 years and a degree of study.
- Fill out an ethical code and answer 4 questions about elements on the personal background.
- Pass the CISSP certification exam, meaning answer a 250-question MCQ covering 10 security topics (excluding constructors) and obtain 700 points, i.e. 75% of correct answers. The test lasts 6 hours.
- Validate your experience ("endorsement") by a third party who certifies the validity of the information provided
- Accept the possibility of being audited from time to time.
But be careful, once obtained, this certification is not considered as definitively acquired. Indeed, you must maintain your competence. To do this, you must obtain 120 CPE (Continuing Professional Education) every 3 years. That is, once CISSP certified, you must commit to spend at least 120 hours in every 3 years to maintain your level.Since January 2005, the CISSP exam is in French. However, the international aspect of the CISSP requires a good understanding of the concepts of American origin and their correspondence with French.