IT Security Training

Once you have achieved your CISSP certification you must do a few things in order to maintain your hard-won CISSP certification:

1. Keep your contact information current. As soon as you receive your certification, register on the (ISC)2 Web site and provide your contact information. (ISC)2 informs you about your annual maintenance fee, Board of Directors elections, annual meetings, and events, but only if you maintain your contact info.
2. Pay your annual maintenance fee (AMF). You’re required to pay the annual maintenance fee (AMF — currently US $85) each year in order to continue to hold your CISSP certification. You can easily pay the AMF online at the (ISC)2 Web site
3. Attending training and conferences to earn CPEs. CPEs are Continuing Professional Education credits. You’re required to continue to earn CPEs through security- and professional-related education opportunities in order to maintain your CISSP certification. During each three-year certification cycle, you have to earn a minimum of 120 CPEs; you must earn at least 20 CPEs each year. (You can’t wait until the last minute in a threeyear cycle to earn all of your CPEs.) To submit your CPEs, log in to the ISC Web site and register your training and other qualified events, one at a time.   You can earn a lot of CPEs by attending conferences and training courses, but you can find many more ways to earn CPEs, such as by providing training, attending chapter meetings, or publishing articles or books.

If you are preparing for the CISSP exam, then you would need lots of mental stamina.  The CISSP examination is a grueling six-hour 250-question marathon.  As described by the (ISC)2, you need a scaled score of 700 or better to pass the examination. Not all the questions are weighted equally, so we can’t absolutely state the number of correct questions required for a passing score.

The examination isn’t computer based. It’s administered the old-fashioned way: exam booklet, answer sheet, and a lot of pencils. You can write in the exam booklet, but (ISC)2 only scores answers recorded on the answer sheet.You won’t find any multiple-answer, fill-in-the-blank, scenario, or simulation questions on the CISSP exam.

However, all 250 multiple-choice questions require you to select the best answer from four possible choices. Only 225 questions are actually counted toward your final score. The other 25 are trial questions for future versions of the CISSP examination. However, the exam doesn’t identify these questions for the test-taker, so you have to answer all 250 questions like they are all the real thing.

If you are looking to sit for the CISSP exam, there are a couple of requirements you need to fulfill:

1) You must have minimum of five cumulative years of professional, full-time, direct work experience in two or more of the following domains listed

• Access Control
• Application Development Security
• Business Continuity and Disaster Recovery Planning
• Cryptography
• Information Security Governance and Risk Management
• Legal, Regulations, Investigations, and Compliance
• Operations Security
• Physical (Environmental) Security
• Security Architecture and Design
• Telecommunications and Network Security

The work experience requirement is a hands-on one — you can’t satisfy the requirement by just having “information security” listed as one of your job responsibilities. You need to have information security knowledge and perform work that requires you to regularly apply that knowledge.

However, you can get a waiver for a maximum of one year of the five-year professional experience requirement if you have one of the following:

• A four-year college degree
• An advanced degree in information security from a U.S. National Center of Academic Excellence in Information Assurance Education (CAEIAE) or a regional equivalent
• A credential that appears on the (ISC)2–approved list, which includes more than 30 technical and professional certifications, such as various SANS GIAC certifications, Microsoft certifications, and CompTIA Security+