Globally recognized, the CISSP certification confirms the expertise of information security professionals. Encompassing all cybersecurity facets through its Common Body of Knowledge, this certification isn't just about mastering theoretical concepts—it's primarily about their practical application within a business context. So, what exactly is the CISSP? What does its program entail? And what prerequisites must be met? Find out below.
What does CISSP mean?
The CISSP (Certified Information Systems Security Professional) serves as a professional credential for cybersecurity specialists. First introduced in 1994 in the United States, it represents one of the pioneering cybersecurity certifications. At a time when the Internet was only beginning to evolve, the need to address information system security concerns was already apparent.
In today’s environment, the CISSP demands even greater effort and creativity from cybersecurity experts to keep pace with increasingly sophisticated malicious hackers.
Therefore, the CISSP assesses not only the technical knowledge of those certified but also their capabilities in risk analysis and their skills in performing system audits. The core objective is to effectively apply cybersecurity principles to meet the specific needs of organizations.
The 8 domains of the CBK
Overseen by the (ISC)² (International Information Systems Security Certification Consortium), the CISSP training is grounded in a Common Body of Knowledge, known as the CBK. This CBK is categorized into 8 domains, each contributing differently to the overall grade.
1 - Security and Risk Management
This domain, making up 16% of the score, is the most significant. For a good reason: you must prove your understanding of crucial cybersecurity concepts, including:
- Data confidentiality, integrity, and availability;
- Basic principles of risk management (including identification, evaluation, and mitigation of risks);
- ISO/IEC standards, security policy management, and business impact analysis;
- Compliance with laws, regulations, and industry standards.
2 - Asset Security
Accounting for 10% of the total grade, this CISSP domain concentrates on the classification of information according to data sensitivity and criticality.
It covers the responsibilities of asset owners/custodians, the information lifecycle, along with the protection and disposal of media.
3 - Security Architecture and Engineering
Comprising 13% of the score, this domain evaluates primarily the engineering processes. It zooms in on:
- Security architecture principles and models;
- Development and evaluation of secure architectures;
- Cryptographic principles, methods, and their applications;
- Security of physical sites and facilities.
4 - Communication and Network Security
Here, you’re tested on your ability to secure network components, establish secure communication channels, and thwart network attacks.
The curriculum includes:
- Network topologies, protocols, and devices;
- Firewalls, intrusion detection systems, VPNs;
- Authentication and authorization in network environments;
- Network attack types and defensive strategies.
This area contributes 13% to the overall CISSP score.
5 - Identity and Access Management (IAM)
Also representing 13% of the final score, this domain is all about managing both physical and logical access to resources.
Topics covered include:
- Identity management techniques and technology;
- Access control models (RBAC, ABAC, MAC, DAC);
- Identity creation, management, and deletion;
- IAM technologies (SSO, MFA, LDAP directories).
6 - Security Assessment and Testing
Valued at 12% of the total CISSP certification score, this domain showcases your understanding of assessment strategies and security testing methodologies (including vulnerability, penetration, and both functional and non-functional testing) along with internal audits.
7 - Security Operations
This domain (13% of the final score) covers:
- Incident management: detection, response, and recovery processes concerning security incidents.
- Business continuity and disaster recovery planning: preparedness and responding to emergencies.
- Security resource management: monitoring, logging, and maintenance of security devices.
- Facility security management: protections against intrusions and natural disasters.
8 - Software Development Security
Accounting for 10% of the total, this domain dwells on incorporating security throughout the software development lifecycle, across various environments.
CISSP’s 8 comprehensive domains make it one of the most challenging—but also most rewarding and highly regarded—certifications in the data security sphere.
A certification reserved for cybersecurity experts
The CISSP’s prestige is matched by its rigor. Indeed, even prior to sitting the exam, four mandatory prerequisites must be met:
- Prove 5 years of professional cybersecurity experience;
- Securing a third-party endorsement;
- Adhering to the (ISC)² code of ethics;
- Consenting to a possible audit.
Subsequently, passing the CISSP exam—consisting of 100 to 150 multiple-choice questions and requiring a 70% success rate—is imperative.
To successfully navigate the CISSP certification exam, proper preparation is key. DataScientest is here to support you with its Cyber Analyst training.
