Tasks of a CISSP certified professional

Before moving on to CISSP Certification requirements a professional must know what is expected of him/her. This certification is just a yardstick to measure if one has mastered the following:

• Manage and monitor transmission methods, security measures, and network structures for maintaining privacy.
• To identify and develop an enterprise’s information assets.
• Documenting the implementation of procedures and policies.
• Knowledge in developing the controls of applications and systems software.
• Methods and principles of disguising organizational data assets.
• Identifying the controls of media and hardware facilitating data access.
• Disaster recovery and business continuity despite disruptions due to unexpected cyber attacks.
• Deep insight into investigative techniques aimed at determining cybercrime.
• Ensures that an organization complies with cybersecurity regulations and laws.
• Create a protective physical environment to secure an organization’s valuable information.

Now coming back to what an individual needs to undertake to acquire excellence in the aforementioned tasks.

What has Work Experience got to do with CISSP Certification Eligibility?

Work experience of no less than 5 years is one of the crucial CISSP Exam requirements. In each of these years, one must work for a minimum of 35 hours per week each month. Individuals possessing a 4-year graduate degree or any other advanced qualification are subject to a year less than those 5 years of work experience. This applies to CISSP Certification holders, too. Thus, a full-time job of 4 years is sufficient for a certified professional to take the CISSP Exam. This job must cover more than two of the domains listed here:

• Risk management
• Security operations
• Security of software development
• Access and identity management
• Asset security
• Network and communications security
• Security assessment
• Security engineering and architecture

These domains analyze an individual’s excellence in preparing IT security procedures and architecture.

Even part-time jobs get counted into the required work experience provided that they fulfill the given time frame. A year’s work experience for a part-time job is calculated at the rate of 20 hours each week. This equals 2080 hours a year in each of those 5 years stated in the eligibility criterion. Such extensive experience of aspirants in itself prove their efficiency even before they clear the CISSP Exam. This certification eligibility program is an opportunity for professionals to strengthen their roots in information security.

The CISSP Exam is the next big step toward qualifying for the certification. Individuals need to score very high out of total marks of 1000. Answering 250 multi-response questions within 6 hours is easier said than done. Exam rescheduling and reattempting provisions offer ample scope for candidates to attain the CISSP Certification. The exam tests one’s A-Z knowledge of enforcing the much-needed integrity, security, availability, and confidentiality of data.

Rules to maintain CISSP Certification

CISSP Certification remains effective for 3 years from the date of acquisition. A candidate must adhere to the rules set by (ISC)2, the governing body of this certification. There are 3 phases to renewing one’s certification credentials:

• Paying the required AMFs (Annual Maintenance Fees)
• Abide by (ISC)2’s ethics
• Meet the required count of CPE credits

AMF refers to the fee that one must pay annually for retaining (ISC)2 membership. Next, comes the set of (ISC)2 approved ethics that every cybersecurity professional must observe. The third requirement for the CISSP certification renewal is the collection of 120 CPEs within 3 years. This phase is about gaining knowledge to keep abreast of the recent developments in cyber security measures and crimes. CPE(Continuing Professional Education) credits fall within two categories. Out of the 40 CPEs to be earned in 1 year, 30 must belong to the first category while the remaining 10 can be from either of the groups.

Specific activities are allotted to each of these groups. Candidates need to accumulate their CPE credits either by performing all or some of these activities.

Means of CPE collection as listed in the first category:

• Earning CPE would be quick and easy for avid readers. An attentive reading of a whitepaper, book, or magazine with relevant information or news of cybersecurity incidents.
• Writing articles, whitepapers, or a book on IT security-related trends or real-time affairs to publish them.
• Attend relevant presentations, seminars, educational courses, or conferences.
• Create study material or presentations for information security instructors/trainers.
• Working on a separate cybersecurity project outside one’s regular job.
• Self-study for any certification exam preparation or project research.
• Offer volunteer information security services to charitable, public, and private sector organizations.
• Pursue a relevant higher academic course.

The second category of CPE gathering activities includes:

• Attend conferences outside the information security domain.
• Participation in education courses apart from those related to cyber security.
• Preparation of non-security lecture/training/presentation.
• Volunteer non-security services to private, public, and charitable organizations.

An hour spent in any of these activities equals 1 CPE credit. The CISSP Certification itself enables one with all-pervasive expertise in the information security arena. Moreover, these methods of CPE collection continuously enrich the knowledge of accredited professionals and make them certification holders in the true sense.

Professional education along with experience makes one qualify for retaining the CISSP Certification. This is an indirect way of (ISC)2 to ensure that cybersecurity professionals are never bereft of their skills. Instead, with time and through the certification renewal processes they can polish them over and over again. In comparison to the maintenance fees a certification holder pays, these CPEs return him/her much more.

Besides, none of the above-mentioned activities are tedious. These can be easily balanced with one’s day-to-day job as an information security professional. For many, attending conferences and seminars appears to be constructive breaks from work. One can’t definitely ignore the sense of self-satisfaction one gains by amassing all the possible skillfulness in one’s field.

Certified professionals can delineate cyber attacks as insider, external, unstructured, or structured cyber attacks. They assess the observance of methods to safeguard compromised PII data. This data type is related to crucial details of bank accounts, licenses, SSN, etc. The training program makes aspirants adept at figuring out identity-theft computer intruders. They are intent on committing fraud by stealing personal information. Such professionals detect the vulnerable settings of applications sharing peer-to-peer files.

Certification holders introduce the principle of least functionality in organizations. They allow systems to run only those services and applications that align with business operations. The attack surface expands with an increase in the number of applications running within the system. The training program teaches them to keep that number in check through performing regular configurations. They limit the use of network services, protocols, and open ports. Certified individuals are needed by organizations to perform automated scanning of their corporate networks.