CISSPT stands for: Certified Information Systems Security Professional. CISSPT is a trademarked certification for information system security professionals. (ISC)² is the name of the non-profit organization that owns the CISSP trademark and is in charge of the entire CISSPT program. (ISC)² stands for: International Information Systems Security Certification Consortium (you pronounce (ISC)² as "I-S-C-squared"). Becoming a CISSP requires several things of an individual, one of which is passing a rigorous and wide-ranging examination which includes a lot of the theory, as well as the practice, of information system security. The reasons for this requirement can be found in the CISSPT name itself:

Certified: The title of CISSP would not carry weight without a high degree of assurance that individuals so designated have demonstrated both depth and breadth of understanding of their discipline. Of necessity, this includes not only the practice of information system security, but also the theoretical basis of the discipline. This helps to insure that successful CISSP candidates don't just know how to secure certain specific systems. They also know how to: manage security on a broad scale, across multiple systems or an entire organization develop security policy and explain security issues to both users and management address security issues raised by new systems using consistent and proven methodologies

Information System Security: this is subtly different from computer security or network security or communications security. It is all of these things and more.

Professional: anyone holding the CISSP title should understand more than the mechanics of security. They must have thought seriously about the role of information system security within companies, governments, and society. They should also grasp of the importance of their role in creating and ensuring the security of information systems. Indeed, in order to sit for the CISSPT examination, candidates must meet the following requirements:

1. Subscribe to the (ISC)² Code of Ethics.

2. Have three (3) years of direct work experience in one or more of the ten test domains of the information systems security Common Body of Knowledge (CBK), listed below. Valid experience includes information systems (IS) security-related work performed as a practitioner, auditor, consultant, vendor, investigator, or instructor, that requires IS security knowledge and involves the direct application of that knowledge. The three (3) year experience requirement is actual time worked; the requirement is cumulative, however, and may have been accrued over a much longer period of time.

The Ten Domains of the CISSPT are:

1. Access Control Systems & Methodology
2. Telecommunications & Network Security
3. Security Management Practices
4. Applications & Systems Development Security
5. Cryptography
6. Security Architecture & Models
7. Operations Security
8. Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
9. Law, Investigations & Ethics
10. Physical Security

Please visit the (ISC)² web site for more information.

Updated Spring, 2002 by webloke © Stephen Cobb
Some article content reprinted by permission.
Article content copyright named author(s).