Problem solve Get help with specific problems with your technologies, process and projects.

Security certification: CISSP

Security expert Ed Tittel tells you about the CISSP certification

The International Information Systems Security Certifications Consortium, more popularly known as "ISC-squared" (IISSCC, get it?), represents a mix of businesses and organizations that vary from government, to academia, to the computing industry and beyond. Right now, this organization offers what is probably the best-known security certification available in today's marketplace. It's called the CISSP, which stands for Certified Information Systems Security Professional.

The CISSP is designed to do for security professionals what other licenses like the CPA do for accountants -- namely, to warrant that they understand the general principles that dictate professional behavior, and that they know how to apply a specific body of knowledge to a well-understood area of technical activity. In theory, CISSPs know how to handle security matters ranging from physical security to security policies to software security. In practice, CISSPs must master a sufficiently large body of knowledge to pass a 250-question exam that covers ten important and specific areas of security:

  • Access control
  • Computer operations security
  • Cryptography
  • Application program security
  • Risk management and business continuity planning
  • Communications security
  • Computer architecture and systems security
  • Physical security
  • Policy, standards and organization
  • Law, investigations and ethics

    The CISSP exam has the reputation of being fairly difficult, lasting for six hours and costing $395. And obtaining a CISSP is not a lifetime achievement, either -- CISSPs must rack up 120 continuing professional education (CPE) credits every three years thereafter to stay certified. Eighty CPEs must come from courses or other activities directly related to computer security topics, while the remaining 40 can come from any educational activities for which CPEs are reported. The idea is to keep up one's skills and knowledge base and to continue learning new topics and technologies. For those who can't meet this requirement, they must pass the CISSP exam every three years to stay certified.

    At the end of 1998, ICS-squared reports that there were 1,500 CISSPs worldwide. Although they don't publish any more recent numbers, that number has probably doubled since then. Although this is a small population as most vendor certification programs go, it represents one of the largest bodies of certified security professionals in the world at present.

    Given all this heady information, why might you want to consider becoming a CISSP? Right now, according to the International Computer Security Association (ICSA) there are 13 jobs in the U.S. for every security professional. Demand around the world is increasing, and the security area is rife with all kinds of opportunities -- for consulting, for outsourcing and for full-time positions. Many certification experts (including yours truly) expect security certifications to be among the biggest growth areas in IT in this decade. To repeat a time-honored phrase: "There's gold in them thar hills!"

    As more and more organizations use their networks for mission critical applications, and more of those networks get hooked up to the Internet, there are boundless opportunities for those who know how to help those organizations practice safe computing. Although it's a serious responsibility to manage somebody's network and computer security, it's also interesting work amidst a constantly changing and highly technical landscape. If you ever dreamt of being a fireman or a cop as a kid, here's a way to exercise some of those do-gooder impulses, and make a good living, all at the same time!

    To obtain more information about the CISSP exam you must contact the ICS-squared in writing, by phone, or by e-mail at:

    (ISC)2 Services

    P.O. Box 1117

    Dunedin, FL 34697 USA

    Phone: 727.738.8657 or 727.738.9548
    Toll Free: 888.333.4458 (North America only)
    Fax: 727.738.8522

    Good luck with your certifications! Stay tuned to my tips for the next few months, as I cover other security certifications that may also be of interest.

    About the author
    Ed Tittel writes books on a variety of computing subjects and teaches Windows security classes for Interop, the Internet Security Conference and Austin Community College. Contact Ed via e-mail at

    Related Book

    CISSP all-in-one certification exam guide
    By Shon Harris
    This resource fully covers all exam objectives -- as developed by the International Information Systems Security Certification Consortium -- and offers essential information on IT security. Each chapter contains practice questions, sidebars with technical discussions, real-world examples and test-taking tips. You'll also get valuable information on current trends in security, disaster recovery and the benefits of obtaining this highly-coveted and advanced security certification.
This was last published in November 2000

Dig Deeper on CISSP certification

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.