Certified Information Systems Security Professional

Why Trust Techopedia

What Does Certified Information Systems Security Professional Mean?

Certified Information System Security Professional (CISSP) is a vendor-neutral, independent certification offered by the International Information System Security Certification Consortium, otherwise known as (ISC)².


This globally recognized certification is designed to show an employer that a job candidate has the knowledge and experience necessary to effectively design, implement and manage an organization’s cybersecurity.

Individuals seeking CISSP certification must pass a comprehensive 3-hour exam that consists of 100 to 150 questions and covers 8 broad information security domains. The eight testing domains for CISSP certification are:

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering
  • Communication and Network Security
  • Identity and Access Management (IAM)
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

To qualify for the CISSP exam, candidates must either have five years of security experience or four years of experience in addition to a security-related university or college degree.

If a candidate doesn’t yet have the required work experience, they have the option of taking and passing the exam to become an Associate of (ISC)². Associates are allowed six years to earn the work experience needed for full CISSP certification.

Techopedia Explains Certified Information Systems Security Professional

The CISSP exam is administered by Pearson VUE and is known for being difficult to pass the first time around because it covers such a broad range of infosec topics.

Candidates can prepare for the exam by registering for a training course or using free study guides and online practice exams. Once certified, candidates become a member of (ISC)² and must apply for recertification every three years by earning continuing professional education (CPE) credits and paying ISC² a fee.

Who should take the CISSP Exam?

  • Chief Information Security Officers
  • Chief Information Officers
  • Security Directors
  • Security Systems Engineers
  • Security Analysts
  • Security Auditors
  • Security Architects
  • Security Consultants
  • Network Architects
  • IT Directors
  • IT Managers

What is the Average CISSP Salary?

CISSP is intended for both experienced security practitioners and executives who are interested in proving their knowledge across a wide range of security best practices. Professionals who earn the CISSP certification are among the most sought-after job candidates in information technology and according to recent surveys, salaries can be expected to range between $59,000 and $194,000.

Advanced CISSP certifications

Advanced CISSP certifications are also offered in three different specializations. To qualify for advanced certs, candidates must be a CISSP in good standing and have two years cumulative, paid work experience in at least one relevant test domain.

CISSP Architecture (CISSP-ISSAP) – the successful candidate demonstrates they know how to design security programs and provide management with risk-based guidance to meet organizational goals.

CISSP Management ( CISSP-ISSMP) – the successful candidate must demonstrate they excel at creating and and governing an organization’s infosec programs.

CISSP Engineering (CISSP-ISSEP) – the successful candidate must demonstrate they have the necessary knowledge and practical skills to incorporate security in all areas of business operations.


Related Terms

Margaret Rouse
Senior Editor
Margaret Rouse
Senior Editor

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.