I: Reference Conditions
The following conditions must be met:
CISSP's code of ethics is to require spoto CISSP to be honest, and everyone can fill in according to their own real situation.
a. Comply with the rules and regulations of (ISC) 2 (please refer to).
b. More than 3 years working in one or more of the 10 examination fields specified by CBK (common body of knowledge). You can be a practitioner, auditor, consultant, client, investor or teacher in the field of information security. You are required to apply information system security knowledge directly in your work. Three years of practical work can be cumulative.
c. Re-certification is required every three years, and you need to obtain 120 continuing professional education (CPE) credit points within three years.
d. About English: for non-English speaking countries, CISSP allows the examinee to carry the dictionary without mark or label. According to the author's observation, a large part of the reasons why domestic examinee fail to pass the exam lie in their weak English foundation. On the one hand, they fail to understand the questions accurately; on the other hand, they are slow in doing the questions, which affects their level. Although electronic translators without memory function (such as Wenquxing) are allowed to be used in some examinations, solid English foundation and rich professional English vocabulary are important conditions for successful passing the examination. If readers are interested in CISSP certification, but their work experience can not meet the requirements of (ISC) 2, what should they do? Don't be discouraged, (ISC) 2 has set up a title called "associate of (ISC) 2" for examiners in this situation. Examiners can apply to (ISC) 2 for upgrading to formal CISSP after passing the CISSP examination and accumulating enough years of work experience in practical work.
e. However, it should be noted that: (ISC) 2 revised the work experience requirements for applicants in CISSP certification examination in May. Starting from October 1, 2007, the original Four-year Full-time work experience requirements were increased to five years, and the number of CBKS involved in the work was increased from at least one to at least two. Applicants can still reduce the requirement of one year's work experience through education and certification, and the restrictions on certificate list and years are the same as before.
Before filling in the registration form, the applicants of CISSP certification examination also need to agree to the payment, refund and re payment rules of (ISC) 2 certification examination, the confidentiality agreement of the examination and the copyright agreement of the examination paper, and most importantly, (ISC) 2 CISSP code of ethics. In addition, when filling in the registration form, the applicants need to answer four questions about whether they have criminal record background.
f. Since June 1, 2002, (ISC) 2 divides the process of obtaining CISSP into two steps: certification and examination. After passing the examination, you must obtain the third party's approval before you can finally obtain the CISSP certificate. The third party can be the employer of the reference or other certified professionals. This move makes it more difficult to obtain CISSP, but it also makes clear the difference between CISSP and other security authentication, and maintains the authority of CISSP.
II: Introduction to Relevant Qualifications
The following qualifications are related to information security and can be applied in China at present:
*CISA: Certified Information Systems Auditor, managed by ISACA, is another internationally recognized professional qualification for security professionals. CISA needs to master a large number of knowledge related to it security, accounting for about 70% of CBK, but more emphasis on audit processes, methods and other aspects.
*Chief auditor of ISO17799 / BS7799, ISO 17799 / BS7799 - information security management standard, prepared by British national standards chemical association, has become an international standard. ISO17799 chief auditor is similar to ISO9000 quality management auditor, which promotes information security management by audit. It is an important qualification for security consulting, it audit and security consultant. The qualification requires more than 4 years of working experience, participating in training courses organized by BSI and passing the examination.
*CIW / SP: Certified Internet Webmaster / Security Professional, CIW is an international business training certification for internet professionals, CIW certification is non manufacturer, but different from ISACA, (ISC) 2 and other non-profit organizations. In CIW training courses, safety related courses meet the needs of technical personnel to learn safety skills, and thus receive more attention. However, the security professional certification is only equivalent to the representative holding the mark of having participated in the security skills training and passed the examination, which is more suitable for the personnel who have preliminary contact with security to learn.
*CISP: (Certified Information Security Professional) registered information security professionals, referred to as CISP, according to the actual job needs, CISP is divided into three categories, namely "registered information security engineer", English for Certified Information Security Engineer (CISE)“ Certified Information Security Officer (CISO) in English and Certified Information Security Auditor (CISA) in English. Among them, CISE is mainly engaged in information security technology development and service engineering construction, CISO is engaged in information security management, and CISA is engaged in information system security audit or evaluation. These three types of registered information security professionals are the necessary professional positions of information security enterprises, information security consulting service institutions, information security evaluation and certification institutions (including authorized evaluation institutions), social organizations, groups, and technical departments (including standardization departments) related to information system (Network) construction, operation and application management, Its basic function is to provide technical support for the security of information system. Its professional qualification and ability are certified by China information security product evaluation and Certification Center.
III: About Re-certification and Continuing Education
In professional certification, especially in the field of it, many certificates have timeliness, and need to be re certified after a period of time, so as to urge the holders to pay attention to the latest trend of their profession. CISSP qualification is valid for 3 years, and can be re certified by re examination after 3 years. However, (ISC) 2 supports the continuing professional education (CPE) program. CISSP qualification holders can obtain 120 CPE points within 3 years and pay an annual maintenance fee of 85 US dollars, Then they can maintain their CISSP qualification.
CPE score mainly comes from direct safety related activities or education activities. Scoring can be obtained in the following ways:
*Training for manufacturers: CISSP can get one CPE per hour by participating in training and lectures held by manufacturers;
*Safety meeting: CISSP can get 1 CPE per hour when participating in safety meeting;
*University courses: CISSP can obtain 11.5 CPEs per semester by participating in and passing university courses;
*Publishing safety papers or books: CISSP can obtain 40 CPEs by publishing safety books, or 10 CPEs by publishing safety articles, with a maximum of 40 CPEs in three years;
*Provide safety training: CISSP can get 4 CPEs per hour for safety lectures and lectures, and can get up to 80 CPEs per year in this way;
*For the management of safety professional organizations, CISSP can obtain 10 CPEs per year, but it can obtain 20 CPEs at most in this way;
*Self study: CISSP can obtain CPE through self-study, and obtain up to 40 CPEs in 3 years in this way;
*Reading security books: CISSP can obtain 10 CPEs by reading information security books, but only one book is recognized every year;
*Volunteer work: CISSP can obtain CPE as a volunteer of (ISC) 2, and the score and specific activities are determined by (ISC) 2;
Others: if CISSP wants to obtain CPE in other ways, it must submit it to the re-certification Committee of (ISC) 2 for approval.
IV: The Assessment Scope of CISSP Certification Includes 10 Directions
CBK (Common Body of Knowledge) is listed in the following alphabetical order:
1. Access control
2. Application security application security (including development)
3. Business continuity and Disaster Recovery Planning
4. Cryptography information encryption
5. Information security and risk
6. Legal, regulation, compliance and investigation
7. Operations security
8. Physical (environment) security
9. Security architecture and design of
security architecture and design
10. Telecommunication and network security
V: How to Register:
Registration address: (ISC) 2 website:
Candidates can check the website of ISC 2 to determine the time and place of the examination, and pay the registration fee online directly with credit card. Chinese mainland candidates can use foreign currency cards (such as China Merchants Bank credit card) to pay online, and they can also directly pay RMB to the companies that are jointly tested (such as Zhongsheng).
CISSP can only be registered by the applicants themselves to (ISC) 2, and (ISC) 2 does not provide the way of agent registration. Please pay attention to this. At present (ISC) 2 provides two ways to register for CISSP examination, online registration and offline email / fax registration. The former is suitable for those who have convenient Internet access and credit cards, while the latter is more suitable for those who do not have credit cards. The website for online registration is:
Offline registration requires the applicant to download the registration form from ISC 2 website, fill in the form according to the requirements, and then mail or fax it to the address specified in the form. Applicants in the Asian region use the registration form at the following address:
It should be mentioned here that because there may be delay in mailing or faxing, it is suggested that applicants register for CISSP online as much as possible.
When choosing the registration method, applicants also choose the payment method of examination fee. If it is online registration method, applicants need to pay by credit card. Please make sure that the available amount of credit card is enough to pay the registration fee. Use a dual currency credit card supporting RMB and US dollars, such as the credit card of China Merchants Bank. In addition, applicants who do not have a credit card can also ask others to pay on their behalf. Just fill in the credit card information according to the requirements of the online application form. However, some friends say that when they ask others to pay with the credit card of some banks, the payment will fail because the payment receipt provided by (ISC) 2 is written on the name of the applicant instead of the name of the owner of the credit card. There is also a way to pay, that is to go to the bank to buy a draft, fill in the relevant information and print out the completed application form and mail it to (ISC) 2 Hong Kong office, but this method will be more time-consuming.
The registration fee for CISSP is USD 499 that 15 days before the scheduled test and $599 within 15 days. If applicants need to cancel or change the time of the test for various reasons, they need to give at least 15 days' written notice (ISC) 2 in advance of the test, and they also need to pay a $100 refund fee or change the time of the test. If the registration of a certain examination.