The Certified Information Systems Security Professional (CISSP) designation is awarded by the International Information Systems Security Certification Consortium (ISC) 2 to those individuals who have proven experience in the information security field and pass the Consortium's examination.

Applicant Requirements

The applicant must meet the following requirements in order to obtain the designation:

1. Subscribe to the (ISC)² Code of Ethics.

2. Have three years of direct work experience in one or more of the ten test domains of the information systems security Common Body of Knowledge (CBK), listed below.
   • Access Control Systems & Methodology
   • Operations Security
   • Cryptography
   • Application & Systems Development
   • Business Continuity & Disaster Recovery Planning
   • Telecommunications & Network Security
   • Security Architecture & Models
   • Physical Security
   • Security Management Practices
   • Law, Investigations & Ethics

   Valid experience includes information systems security-related work performed as a practitioner, auditor, consultant, vendor, investigator or instructor, that requires information systems security knowledge and involves the direct application of that knowledge. The three-year direct experience requirement is actual time worked. The work requirement, however, is cumulative and may have been accrued over a much longer period of time.

3. Pass an examination consisting of one Core exam and four Domain exams.

   The Core examination covers the field of information security in a general manner, while the Domain examinations cover each of the ten CBK areas at an expert level.

For more information contact the (ISC)² at info@isc2.org or by phone at (508) 845-9200.

We provide this section for your information only. While one of the Managing Partners was heavily involved in certification efforts in the recent past, it remains a personal decision and as such does not constitute an endorsement by the firm.