Problem solve Get help with specific problems with your technologies, process and projects.

Experience qualifications for CISSP

With experience requirements for certs like CISSP, is there a general rule-of-thumb of what constitutes acceptable experience?

Actually, ISC-squared is pretty specific on this subject. Your three years of relevant on-the-job experience must pertain directly to one or more of the 10 domains in the CISSP Common Body of Knowledge (CBK):

  • Access Control Systems & Methodology
  • Applications & Systems Development
  • Business Continuity Planning
  • Cryptography
  • Law, Investigation & Ethics
  • Operations Security
  • Physical Security
  • Security Architecture & Models
  • Security Management Practices
  • Telecommunications, Network & Internet Security

Here's what it says on the site about those requirements:

"Have a minimum three years of direct full-time security professional work experience in one or more of the ten test domains of the information systems security Common Body of Knowledge (CBK). Valid experience includes information systems security-related work performed as a practitioner, auditor, consultant, vendor, investigator or instructor, or that which requires IS security knowledge and involves direct application of that knowledge."

Also, on Jan. 1, 2003 these requirements change; see https://www.isc2.org/cgi-bin/content.cgi?page=157 for more info.

For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Qualification assessment for the CISSP
Ask the Expert: How to obtain hands-on experience in security
Ask the Expert: The advantages of work-related security experience

This was last published in September 2002

Dig Deeper on Information security policies, procedures and guidelines

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.