The Next Generation of Security Leaders

In an increasingly complex cyber world, there is a growing need for information security leaders who
possess the breadth and depth of expertise necessary to establish holistic security programs that assure
the protection of organizations information assets.Thats where the Certified Information Systems Security
Professional (CISSP) comes in.
The CISSP certification is the ideal credential for those with proven deep technical and managerial competence,
skills, experience, and credibility to build and maintain security programs to protecting organizations from
growing sophisticated attacks. The CISSP draws from a comprehensive, up-to-date, global common body of
knowledge that ensures security leaders have a deep knowledge and understanding of new threats, technologies,
regulations, standards, and practices.
Backed by (ISC)2, the globally recognized, not-for-profit organization dedicated to advancing the information security
field, the CISSP was the first credential in the field of information security to meet the stringent requirements of ISO/
IEC Standard 17024. Not only is the CISSP an objective measure of excellence, but also a globally recognized standard
of achievement.

WHY BECOME A CISSP

CISSP in the News

The CISSP Helps You:

Validate your proven competence gained through years
of experience in information security.

CISSP Sets Professionals Apart in the IT

Security Field
- About.com

Demonstrate your technical knowledge, skills, and abilities

to effectively develop a holistic security program set
against globally accepted standards.

56% of Cyber Jobs in Contracting

Industry Require CISSP

- The Washington Post

Differentiate yourself from other candidates for desirable

job openings in the fast-growing information security
market.

Best Professional Certification Program

- SC Magazine

Affirm your commitment to the field and ongoing

relevancy through continuing professional education and
understanding of the most current best practices.
Gain access to valuable career resources, such as
networking and ideas exchange with peers.

The CISSP Helps Employers:

Protect against threats with qualified professionals who
have the expertise to competently design, build, and
maintain a secure business environment.
Ensure professionals stay current on emerging threats,
technologies, regulations, standards, and practices through
the continuing professional education requirements.
Increase confidence that candidates are qualified and
committed to information security.
Ensure employees use a universal language, circumventing
ambiguity with industry-accepted terms and practices.
Increase organizations credibility when working with
clients and vendors.

CISSP INSIGHTS
The CISSP certification I got after attending the official
(ISC)2 [review] seminar greatly added to my competitive
edge and, as a result, I won my current position. I am
now making the (ISC)2 certification a requirement for
the members of my team, confident in the knowledge
that their skills are genuine and current.

Daniel, CISSP
The Netherlands

Obtaining the CISSP certification opened up

doors I thought inviolable. My career - both
professional and academic - grew dramatically!

Claudi, CISSP, CIA, CISA, CISM

Italy

WHO SHOULD OBTAIN A CISSP

CISSP credential holders often hold job functions including:
o Security Consultant

o Security Analyst

o Security Manager o Security Systems Engineer

o IT Director/Manager

o Chief Information Security Officer

o Security Auditor o Director of Security

o Security Architect

o Network Architect

EDUCATION DELIVERED YOUR WAY

Official (ISC)2 CISSP CBK Training Seminar

This official training seminar is the most comprehensive, complete review of information systems security concepts
and industry best practices, and the only training course endorsed by (ISC)2. As your exclusive way to review and
refresh your knowledge of the domains and sub-domains of the CISSP CBK, the seminar will help you identify areas
you need to study and features:
Official (ISC)2 courseware
Taught by an authorized (ISC)2 instructor
Student handbook
Collaboration with classmates
Real-world learning activities and scenarios

The Official CISSP CBK Training Seminar is offered in the following formats:
Classroom Delivered in a classroom setting over the course of five days, classroom-based training

seminars are available at (ISC)2 facilities and (ISC)2 Official Training Providers worldwide. This format is
perfect for hands-on learners.

Private On-site Host your own Training Seminar on- or off-site. Available for larger groups, this option
often saves employee travel time and expense. Group pricing is also available to organizations with 15 or
more employees planning to sit for the exam.

Live OnLine Educate yourself from the convenience of your computer. Live OnLine brings you the same
award-winning course content as the classroom based or private on-site seminars and the benefit of an
(ISC) authorized instructor.

Visit www.isc2.org/cissprevsem for more information or to register.

OFFICIAL TRAINING PROVIDERS

Official (ISC)2 CBK Training Seminars are available throughout the world at ( ISC ) 2 facilities
and through (ISC) 2 Official Training Providers. Official ( ISC ) 2 CBK Training Seminars are
conducted only by (ISC) 2 authorized instructors who are exper ts in their field and have
demonstrated their mastery of the covered domains. Find your nearest official training
provider at www.isc2.org/educationaffiliates.aspx.
Be wary of training providers that are not authorized by (ISC)2. Be cer tain that your
educator carries the (ISC)2 Official Training Provider logo to ensure that you are
experiencing the best and most current programs available.
2014 SC Magazine Award Winner Best Professional Certification Program, CISSP
2013 SC Magazine Award Winner Best Professional Training Program,
(ISC)2 Education

2013
2012
2011
2010
2009
2007
2006

THE CISSP CBK

The CISSP domains are drawn from various information security topics within the (ISC)2
CBK. Updated annually, the domains reflect the most up-to-date best practices worldwide.

The CISSP CBK consists of the following eight domains:

Effective April 15, 2015
Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity)
Confidentiality, integrity, and availability concepts
Security governance principles
Compliance
Legal and regulatory issues
Professional ethics
Security policies, standards, procedures and
guidelines

Business continuity requirements

Personnel security policies
Risk management concepts
Threat modeling
Risk considerations
Security education, training, and awareness

Asset Security (Protecting Security of Assets)

Information and asset classification

Ownership (e.g. data owners, system owners)
Protect privacy
Appropriate retention

Data security controls

Handling requirements (e.g. markings,
labels, storage)

Security Engineering (Engineering and Management of Security)

Mobile systems vulnerabilities
Engineering processes using secure design principles
Embedded devices and cyber-physical
Security models fundamental concepts
systems vulnerabilities
Security evaluation models
Cryptography
Security capabilities of information systems
Site and facility design secure principles
Security architectures, designs, and solution
Physical security
elements vulnerabilities
Web-based systems vulnerabilities
Communication and Network Security (Designing and Protecting Network Security)
Secure network architecture design
Secure communication channels
(e.g. IP & non-IP protocols, segmentation)
Network attacks
Secure network components
Identity and Access Management (Controlling Access and Managing Identity)
Physical and logical assets control
Identification and authentication of people
and devices
Identity as a service (e.g. cloud identity)

Third-party identity services (e.g. on-premise)

Access control attacks
Identity and access provisioning lifecycle
(e.g. provisioning review)

Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
Assessment and test strategies
Security control testing
Security process data
Test outputs (e.g. automated, manual)
(e.g. management and operational controls)
Security architectures vulnerabilities
Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)
Investigations support and requirements
Patch and vulnerability management
Logging and monitoring activities
Change management processes
Provisioning of resources
Recovery strategies
Foundational security operations concepts
Disaster recovery processes and plans
Resource protection techniques
Business continuity planning and exercises
Incident management
Physical security
Preventative measures
Personnel safety concerns
Software Development Security (Understanding, Applying, and Enforcing Software Security)
Security in the software development lifecycle
Development environment security controls

Software security effectiveness

Acquired software security impact

Download a copy of the CISSP Exam Outline at www.isc2.org/exam-outline.

CHECKLIST FOR CERTIFICATION

Obtain the Required Experience - For the CISSP certification, candidates must have five years of cumulative paid fulltime professional security work experience in two or more of the eight domains of the (ISC)2 CISSP CBK, or four years of
cumulative paid full-time professional security work experience in two or more of the eight domains of the CISSP CBK with a
college degree. If you do not have the required experience, you may still sit for the exam and become an Associate of (ISC)2
until you have gained the experience. Visit www.isc2.org/associate to learn more.

Study for the Exam - Utilize these optional educational tools to learn the CISSP CBK.
Exam Outline - www.isc2.org/exam-outline
Official Textbook - www.isc2.org/store
Official Training Seminar - www.isc2.org/cissprevsem

Pass the Exam - Pass the CISSP examination with a scaled

score of 700 points or greater. Read the Exam Scoring FAQs
at www.isc2.org/exam-scoring-faqs.
Complete the Endorsement Process - Once you are notified
that you have successfully passed the examination, you will have
nine months from the date you sat for the exam to complete the
following endorsement process:
Complete an Application Endorsement Form
Subscribe to the (ISC)2 code of ethics
Have your form endorsed by an (ISC)2 member
The credential can be awarded once the steps above have been
completed and your form has been submitted.* Get the guidelines
and form at www.isc2.org/endorsement.

Maintain the Certification - Recertification is required every

three years, with ongoing requirements to maintain your credentials
in good standing. This is accomplished through earning and posting a
minimum of 40 Continuing Professional Education (CPE) credits (of
the 120 CPE credits required in the three-year certification cycle)
and paying the Annual Maintenance Fee (AMF) of US$85 during each
year of the three-year certification cycle before your certification
or recertification annual anniversary date. Visit www.isc2.org/
maintaining-your-credential to learn more.

(ISC)2 One-Day SecureEvents

Industry Initiatives
Certification Verification
Chapter Program
(ISC)2 Receptions/Networking Opportunities
(ISC)2 Global Awards Program
Online Forum
(ISC)2 e-Symposium Webinars
ThinkTANK
Global Information Security Workforce Study
InfoSecurity Professional Magazine
Safe and Secure Online Volunteer Opportunities
InterSeC

DISCOUNTED:

(ISC)2 Security Congress

(ISC)2 Local Two-Day Secure Events
Industry Conferences
(ISC)2 Textbooks
The (ISC)2 Journal
Maintain the certification with required CPEs and AMF

For more information on the CISSP, visit www.isc2.org/cissp.

*Audit Notice - Passing candidates will be randomly selected and audited by (ISC)2 prior to issuance of any certificate. Multiple certifications may result
in a candidate being audited more than once.

Formed in 1989, (ISC)2 is the largest not-for-profit membership body of certified information and software security
professionals worldwide, with over 100,000 members in more than 160 countries. Globally recognized as the Gold Standard,
(ISC)2 issues the Certified Information Systems Security Professional (CISSP) and related concentrations, as well as the
Certified Secure Software Lifecycle Professional (CSSLP), the Certified Cyber Forensics Professional (CCFPSM), Certified
Authorization Professional (CAP), HealthCare Information Security and Privacy Practitioner (HCISPPSM), and Systems
Security Certified Practitioner (SSCP) credentials to qualifying candidates. (ISC)2s certifications are among the first
information technology credentials to meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark for
assessing and certifying personnel. (ISC)2 also offers education programs and services based on its CBK, a compendium of
information and software security topics. More information is available at www.isc2.org.

2015 International Information Systems Security Certification Consortium, Inc. All Rights Reserved.

Visit www.pearsonvue.com/isc2 to schedule an exam date

Submit the examination fee

FREE:

Register for the Exam

MEMBER BENEFITS

CIS.0
(02/15)