I have included this post and the preceding ten posts about CISSP for readers who are interested to find out more about the certification, or proceed with their own studies on information security. It is a structured and comprehensive scope about information security. I am not related to (ISC)2 and am not CISSP accredited myself.
In my 25 years of experience serving MNCs and small businesses alike around the world, I have met fantastic practitioners who are CISSP certified and those who are not CISSP certified. I have also presided over a harrowing experience of protecting an organisation from a live cyberspace attack and bringing the situation back to business-as-usual. Believe me, during those stressful moments, the first thing that struck my mind was definitely not what certifications I hold, but how I could effectively quell the attack with minimum disruption to the business.
CISSP® - Certified Information Systems Security Professional - is a globally recognized certification in the field of information security, hosted by (ISC)2.
It has ten domains:
- Access Control
- Telecommunications and Network Security
- Information Security Governance and Risk Management
- Software Development Security
- Cryptography
- Security Architecture and Design
- Operations Security
- Business Continuity and Disaster Recovery Planning
- Legal, Regulations, Investigations and Compliance
- Physical (Environmental) Security
The CISSP® examination consists of 250 multiple choice questions with four (4) choices each, within 6 hours.
Multiple choice question style of examination is efficient and highly scalable, and so can be extended worldwide to measure and certify information security professionals,
However, in real life, I have not had a problem that is so explicitly stated that it comes with four possible answers, out of which one will be definitely correct and the other three definitely wrong. Real life is a lot fuzzier and ambiguous, and often, we will not even know what the real problem is on the outset. Usually, we confront a 'situation', interprete it and construct a scenario based on the information that is obtained or presented before us. Sometimes, there are information that we have failed to uncover, and/or information that are deliberately kept away from us.
So is CISSP bad? No.
Is it super? No either.