Prerequisite Guide: How Should You Prepare to Take
the CISSP Certification Exam?
It's no secret that taking the CISSP certification exam can be very intimidating, but it's also worth it. This widely-known certification training is a lot of IT security professional's go-to because it trains them to reach an acclaimed level of achievement and competence overall.
In this guide, CISSP Now will walk you through the CISSP certification exam, its experience requirements, benefits, exam requirements, failure rate, and much more.
In this guide, CISSP Now will walk you through the CISSP certification exam, its experience requirements, benefits, exam requirements, failure rate, and much more.
CISSP: What Is It?
|
CISSP stands for "Certified Information System Security Professional". The CISSP certification exam is a standard test in information security, introduced by the (ISC)², an international non-profit organization with over 140000 members working various security jobs.
If you were to pass the exam, (ISC)² would grant you a cyber certification, verifying that you fully understand cybersecurity, existing threats, emerging threats, and know how to eradicate them to protect an organization. |
|
The CISSP certification exam was first established in 1994 and has, since then, secured its spot as one of the most sought-after and globally recognized examinations in the information security field. The exam can be taken in 8 languages at 882 different places across 114 countries.
Furthermore, it's by far the most requested security certificate on Linkedin. That was made clear when a Linkedin community of 90000 cybersecurity professionals picked CISSP as the most valuable standard certification from a list of 50 cybersecurity certifications and courses. You can click here to learn more about this survey.
Not only does it meet ANSI/ISO/IEC standard 17024 accreditation, but it was the first in the technology field to earn it, so it'd be more than fair to consider it the gold standard in that field. It primarily targets individuals with essential managerial and technical skills and experience, solidifying and validating that experience. That includes the following jobs:
Furthermore, it's by far the most requested security certificate on Linkedin. That was made clear when a Linkedin community of 90000 cybersecurity professionals picked CISSP as the most valuable standard certification from a list of 50 cybersecurity certifications and courses. You can click here to learn more about this survey.
Not only does it meet ANSI/ISO/IEC standard 17024 accreditation, but it was the first in the technology field to earn it, so it'd be more than fair to consider it the gold standard in that field. It primarily targets individuals with essential managerial and technical skills and experience, solidifying and validating that experience. That includes the following jobs:
- Chief Information Security Officer
- Chief Information Officer
- IT Director/Manager
- Director of Security
- Security Systems Engineer
- Security Analyst
- Security Manager
- Security Architect
- Security Consultant
- Network Architect
- Security Auditor
CISSP Prerequisites
If you're wondering whether you qualify to take the CISSP exam or not, let us tell you all about the CISSP certification requirements.
|
CISSP Experience Requirements
To put it simply, The requirements for CISSP are to have no less than five years of direct paid full-time work experience in two CISSP Common Body of Knowledge domains or more, which are:
|
|
Alternatively, you need to have graduated from a 4-year college and had four years of cumulative professional security work experience in at least two of the domains mentioned above. If you don't have a college degree, you can take the regional equivalent of a CISSP credential from (ISC)², which counts as one year of your required experience.
However, if you find that you don't have the CISSP certification requirements, you can opt for an (ISC)² or CISSP associate certification rather than a CISSP professional one. To do that, you'll have to pass the basic level of the CISSP examination. Then, you'd need to become a security professional, and you'll be granted access to many training options and other benefits.
Becoming an (ISC)² associate provides you with 6 years to finish the 5-year required experience for the CISSP certification. Nevertheless, you'd have to maintain your status by earning 15 continuing professional education (CPE) credits and paying a $35 fee annually. This process will help you become a CISSP professional.
Furthermore, holding an extra credential by the (ISC)² exempts you from one year of professional experience, part of the CISSP requirements. Their credentials are:
However, if you find that you don't have the CISSP certification requirements, you can opt for an (ISC)² or CISSP associate certification rather than a CISSP professional one. To do that, you'll have to pass the basic level of the CISSP examination. Then, you'd need to become a security professional, and you'll be granted access to many training options and other benefits.
Becoming an (ISC)² associate provides you with 6 years to finish the 5-year required experience for the CISSP certification. Nevertheless, you'd have to maintain your status by earning 15 continuing professional education (CPE) credits and paying a $35 fee annually. This process will help you become a CISSP professional.
Furthermore, holding an extra credential by the (ISC)² exempts you from one year of professional experience, part of the CISSP requirements. Their credentials are:
- CCSP (Cisco Certified Security Professional)
- CCNP Security (Cisco Certified Network Professional Security)
- CERT Certified Computer Security Incident Handler (CSIH)
- Certified Business Continuity Planner
- Certified Computer Crime Investigator (Advanced) (CCCI)
- Certified Computer Crime Prosecutor
- Certified Computer Examiner (CCE)
- Certified Forensic Computer Examiner (CFCE)
- Certified Fraud Examiner (CFE)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified Internal Auditor (CIA)
- Certified Protection Professional (CPP)
- Certified Wireless Security Professional (CWSP)
- CIW Web Security Associate
- CIW Security Analyst
- CIS Web Security Professional
- CIW Web Security Specialist
- CompTIA Security+
- Cyber Security Forensic Analyst (CSFA)
- GIAC Certified Enterprise Defender (GCED)
- GIAC Security Essentials Certification (GSEC)
- GIAC Certified Firewall Analyst (GCFW)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Windows Security Administrator (GCWN)
- GIAC Certified UNIX Security Administrator (GCUX)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Security Leadership Certification (GSLC)
- GIAC Systems and Network Auditor (GSNA)
- GIAC ISO 27000 Specialists (62700)
- GIAC Certified Forensics Examiner (GCFE)
- GIAC Information Security Professional (GISP)
- GIAC Information Security Fundamentals (GISF)
- Certified Penetration Tester (GPEN)
- Information Security Management Systems Lead Auditor (IRCA)
- Information Security Management Systems Principal Auditor (IRCA)
- MCITP Microsoft Certified IT Professional
- Microsoft Certified Systems Administrator (MCSA)
- Microsoft Certified Systems Engineer (MCSE)
- Master Business Continuity Planner (MBCP)
- Systems Security Certified Practitioner (SSCP)
The necessary experience can look like any information systems security-related work that needs knowledge and application of information security. Therefore, you could be a practitioner, consultant, instructor, auditor, or investigator. To elaborate, here are some of the professions that count as CISSP professional experience:
- Jobs that make use of special education, such as a liberal education or college degree
- Domains where you have to maintain a habitual memory of some knowledge, along with other people in your designated field
- Professions where you manage other employees or projects
- Jobs where you have limited supervision over you while supervising other's work
- Professions that require discretion, judgment, and management decision making
- Occupations requiring ethical judgment rather than ethical behavior
- Oral communication and creative writing
- Training, mentoring, instructing, and teaching others
- Research and development
- Professions involving selecting controls and mechanisms
CISSP Exam Requirements
Once you're sure that you fulfill the experience requirements, you can focus on the exam requirements. A CISSP training program can help you form a comprehensive idea about the course modules so that you're equipped to take and pass the certification exam.
Additionally, you need to create a Pearson VUE account so that you have your knowledge evaluated. The Pearson VUE website provides details on testing policies, locations, and accommodations.
Additionally, you need to create a Pearson VUE account so that you have your knowledge evaluated. The Pearson VUE website provides details on testing policies, locations, and accommodations.
Tip: You may also use the CISSP training material in preparation for the exam.
|
CISSP Background Requirements
It's crucial to ensure that you meet the background qualifications before taking the test because, otherwise, you might not pass, and you won't be refunded for the exam fees ($699) and other related expenses. |
|
To do that, you’ll be asked four questions which you need to be prepared for. Firstly, you'll be asked if you have any past or present felony convictions regarding dishonesty or a Court Martial in military service. Secondly, you'll be asked if you have any public involvement or identification with criminal hacking or hackers.
Thirdly, the organization will inquire about the existence of any license, membership, registration, or certification revocation and any disciplining or censorship at the hands of a government agency or organization. Fourthly, they'll want to know if you've had other names, alias, or a pseudonym.
Any of these are considered red flags, making the organization reluctant to grant you the certificate. Therefore, it'd be wise to resolve any issues that might arise and have a clean background.
Nonetheless, if the organization denies you the certificate because you raised one of these red flags and you feel that you've been wronged, you can plead your case to the organization in an email.
Thirdly, the organization will inquire about the existence of any license, membership, registration, or certification revocation and any disciplining or censorship at the hands of a government agency or organization. Fourthly, they'll want to know if you've had other names, alias, or a pseudonym.
Any of these are considered red flags, making the organization reluctant to grant you the certificate. Therefore, it'd be wise to resolve any issues that might arise and have a clean background.
Nonetheless, if the organization denies you the certificate because you raised one of these red flags and you feel that you've been wronged, you can plead your case to the organization in an email.
CISSP Benefits
|
The benefits of CISSP certification are numerous. For instance, it gives you the skills to define the design, architecture, and management of your organization's security. Moreover, you'll have the necessary tools to be a qualified CISSP professional.
You'll also get informed about the eight domains that we've detailed previously, security access control systems, and software methodology. Last but not least, you'll learn to optimize security operations. |
|
CEO of (ISC)², David Shearer, backed this up at the organization's conference in Orlando, September of 2016. He stated that,
"We have to take a holistic approach to security, so there’s more demand for soft skills. The industry needs people that are good at technology but also good at communication, business, and people.
We need to build out deep specialists to be able to communicate. The CISSP is often criticized as being too broad, and I don't disagree, but the power of CISSP is that you understand the breadth of any information security problem," Shearer added.
In short, as a CISSP certified professional, you'll be trusted to develop information security standards, policies, and procedures. This makes you more likely to secure an information security job and a step ahead of other CISSP certification candidates.
Moreover, The Global Information Security confirms that CISSP certified professionals receive higher salaries than their peers by 25%. Of course, this salary boost may vary from one country or region to another. Not to mention, CISSP grants you access to beneficial resources, which facilitates networking and exchanging ideas with other CISSP certified professionals.
Speaking of access, you could join professional organizations and get in touch with other CISSP certified individuals. And even better, you could attend webinars and have a free subscription to the infoSecurity professional magazine, half of (ISC)² textbook, and digital badges to advertise for your experience.
"We have to take a holistic approach to security, so there’s more demand for soft skills. The industry needs people that are good at technology but also good at communication, business, and people.
We need to build out deep specialists to be able to communicate. The CISSP is often criticized as being too broad, and I don't disagree, but the power of CISSP is that you understand the breadth of any information security problem," Shearer added.
In short, as a CISSP certified professional, you'll be trusted to develop information security standards, policies, and procedures. This makes you more likely to secure an information security job and a step ahead of other CISSP certification candidates.
Moreover, The Global Information Security confirms that CISSP certified professionals receive higher salaries than their peers by 25%. Of course, this salary boost may vary from one country or region to another. Not to mention, CISSP grants you access to beneficial resources, which facilitates networking and exchanging ideas with other CISSP certified professionals.
Speaking of access, you could join professional organizations and get in touch with other CISSP certified individuals. And even better, you could attend webinars and have a free subscription to the infoSecurity professional magazine, half of (ISC)² textbook, and digital badges to advertise for your experience.
CISSP Endorsement
|
After you pass the CISSP exam, you still need another certified CISSP to verify your professional experience and endorse you. They must be an active member of the (ISC)² community. If no endorser is available, (ISC)² endorsement is a way out because the organization can act as your endorser.
|
|
Note that you're required to subscribe to the (ISC)² code of ethics if you want to get endorsed. Also, you have nine months to get endorsed from the date of your CISSP examination. If you don't get endorsed in that time, you're going to have to retake the exam and, by default, pay its fees again.
For that reason, it helps to have a good network and connections within the organization so that you'd find an endorser. You'll need your endorser's certification number to fill in the endorsement form, and they can sign the endorsement form digitally. Only then can you earn your certification.
Still, you may not be done with this because the (ISC)² organization audits some new members randomly. In other words, if you've passed the exam and submitted endorsements, there's a chance that you'll be part of the percentage selected for audit and asked to provide further information as a means of verification.
If that's the case, an email will be sent to you to notify you. Other than that, you'll need to recertify your CISSP certification every three years to maintain it.
For that reason, it helps to have a good network and connections within the organization so that you'd find an endorser. You'll need your endorser's certification number to fill in the endorsement form, and they can sign the endorsement form digitally. Only then can you earn your certification.
Still, you may not be done with this because the (ISC)² organization audits some new members randomly. In other words, if you've passed the exam and submitted endorsements, there's a chance that you'll be part of the percentage selected for audit and asked to provide further information as a means of verification.
If that's the case, an email will be sent to you to notify you. Other than that, you'll need to recertify your CISSP certification every three years to maintain it.
The CISSP Examination
We can't talk about the CISSP without delving into the actual examination details, mainly its format and length.
|
Format
As expected, the exam is conducted on a computer, not on paper. Its questions are multiple-choice questions. They're also hotspot questions, meaning that they test not only your knowledge but also your cognitive skills. Moreover, they're drag-and-drop questions, where you’re expected to drag all the correct answers from one side to another side's "correct answers" box. To pass the test, you need to score at least 700 out of 1000. |
|
Length
English language CISSP tests utilize Computer Adaptive Testing (CAT). This testing method processes a candidate's answers to previous questions and uses that to adjust the test's difficulty to their level.
This precise evaluation approach saves time, cutting the 6 hours exam administration time in half. It facilitates evaluating a test taker's ability so that 100 items could be enough to make an assessment, rather than 250 items on a typical, linear exam. Generally, the number of questions ranges from 100 to 150.
English language CISSP tests utilize Computer Adaptive Testing (CAT). This testing method processes a candidate's answers to previous questions and uses that to adjust the test's difficulty to their level.
This precise evaluation approach saves time, cutting the 6 hours exam administration time in half. It facilitates evaluating a test taker's ability so that 100 items could be enough to make an assessment, rather than 250 items on a typical, linear exam. Generally, the number of questions ranges from 100 to 150.
Studying for the CISSP
Aside from the documents and papers you need to provide, you may be unsure how to handle the preparation and studying for the CISSP test, so we'll offer you a few suggestions.
For one, decide how many days you'll need to prepare for the test and devote more time to the domains you have little to no experience in. Typically, it takes a candidate about two or three months to study the course material. We'd say about 50 questions for each domain should be enough to give you a solid understanding of it.
For one, decide how many days you'll need to prepare for the test and devote more time to the domains you have little to no experience in. Typically, it takes a candidate about two or three months to study the course material. We'd say about 50 questions for each domain should be enough to give you a solid understanding of it.
Also, it helps to join in local study groups and tackle many questions and topics with others. Numerous resources could prove helpful to you, such as reference resources, learning materials, and free test resources.
For extra reading, cyber security news sites could be a lifesaver to CISSP candidates. In addition, you can check out this CISSP eBook. It's an excellent free study guide, tackling the exam's structure and objectives. And more importantly, it devotes a whole chapter to each of the eight domains with exercises and detailed answer keys.
Speaking of test resources, aim for an 80% on your practice tests if you want to get the 70% on the actual test. And remember that time management is vital to your success, so train yourself to answer all 100 questions in 3 hours or 250 questions in 6 hours maximum.
For extra reading, cyber security news sites could be a lifesaver to CISSP candidates. In addition, you can check out this CISSP eBook. It's an excellent free study guide, tackling the exam's structure and objectives. And more importantly, it devotes a whole chapter to each of the eight domains with exercises and detailed answer keys.
Speaking of test resources, aim for an 80% on your practice tests if you want to get the 70% on the actual test. And remember that time management is vital to your success, so train yourself to answer all 100 questions in 3 hours or 250 questions in 6 hours maximum.
Passing/Failing the CISSP
Of course, we'd like to be optimistic, but to ease your mind, we're addressing all the possible outcomes of taking the exam.
|
The CISSP Pass Rate
The CISSP pass rate is approximately 20%, which makes the CISSP failure rate quite discouraging. But don't be deterred from taking the exam because, when you consider the CISSP benefits, it just might be worth it. |
|
The CISSP Retake Policy
To help you understand the retake policy, we have to elaborate on two different rules.
Test-Free Days
In the case that you fail the examination, you have the right to retake it an infinite number of times. However, a certain period should pass between one attempt and the next.
Those who haven't passed the test on their first try need to wait 30 days before their next test. Those who've already had two attempts have to wait at least 60 days from their second attempt. As for those who failed the test three or more times, they need to wait 90 days from their most recent try before retesting.
Maximum Attempts per Year
The second rule that governs the CISSP retake policy is the maximum number of attempts that you're granted for an (ISC)² exam in 12 months, and that's four times for each exam. You can, however, pursue different (ISC)² exams at the same time.
To help you understand the retake policy, we have to elaborate on two different rules.
Test-Free Days
In the case that you fail the examination, you have the right to retake it an infinite number of times. However, a certain period should pass between one attempt and the next.
Those who haven't passed the test on their first try need to wait 30 days before their next test. Those who've already had two attempts have to wait at least 60 days from their second attempt. As for those who failed the test three or more times, they need to wait 90 days from their most recent try before retesting.
Maximum Attempts per Year
The second rule that governs the CISSP retake policy is the maximum number of attempts that you're granted for an (ISC)² exam in 12 months, and that's four times for each exam. You can, however, pursue different (ISC)² exams at the same time.
FAQs About the CISSP Certification Exam
Can I Take the CISSP Exam Without Experience?
It's possible to do so, but we strongly urge you to fulfill the experience requirements first. If not, you'd need to complete the five years of required experience in 6 years.
Is the CISSP Difficult?
It's certainly a challenge with 100 to 150 questions, which you need to answer in three hours. That’s why it's essential to be well-prepared for the examination.
Does CISSP Require Coding?
Programming and coding aren't needed for you to pass the CISSP exam. Nevertheless, having a basic understanding of programming principles and how they translate into coding can be pretty beneficial.
It's possible to do so, but we strongly urge you to fulfill the experience requirements first. If not, you'd need to complete the five years of required experience in 6 years.
Is the CISSP Difficult?
It's certainly a challenge with 100 to 150 questions, which you need to answer in three hours. That’s why it's essential to be well-prepared for the examination.
Does CISSP Require Coding?
Programming and coding aren't needed for you to pass the CISSP exam. Nevertheless, having a basic understanding of programming principles and how they translate into coding can be pretty beneficial.
Final Thoughts
Ultimately, taking the CISSP certification exam can be a game-changer for your career if you work in information security. When you prepare for the exam, you should focus on two aspects.
Firstly, you need to be sure that you fulfill the CISSP requirements, including the required five years experience, a clear background, an endorser, and more. Secondly, you should also cover the studying material for the test, which entails having a solid understanding of all eight domains.
Looking up failure rates may be discouraging, but remember that it's always the most daring decision that reaps the best outcomes. In the worst-case scenario, you'd still have many chances to pass the examination with the retake policy. When you pass it, this would mean higher salaries, better jobs, access to webinars, easy networking, and much more!
Thinking about CISSP certification? Take the next step and sign-up for your free CISSP NOW! ebook study guide!
Firstly, you need to be sure that you fulfill the CISSP requirements, including the required five years experience, a clear background, an endorser, and more. Secondly, you should also cover the studying material for the test, which entails having a solid understanding of all eight domains.
Looking up failure rates may be discouraging, but remember that it's always the most daring decision that reaps the best outcomes. In the worst-case scenario, you'd still have many chances to pass the examination with the retake policy. When you pass it, this would mean higher salaries, better jobs, access to webinars, easy networking, and much more!
Thinking about CISSP certification? Take the next step and sign-up for your free CISSP NOW! ebook study guide!
