Use this quick start guide to collect all the information about ISC2 CISSP Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the ISC2 Information Systems Security Professional (CISSP) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual ISC2 Certified Information Systems Security Professional (CISSP) certification exam.
The ISC2 CISSP certification is mainly targeted to those candidates who want to build their career in Cybersecurity domain. The ISC2 Certified Information Systems Security Professional (CISSP) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of ISC2 CISSP.
ISC2 CISSP Exam Summary:
| Exam Name | ISC2 Certified Information Systems Security Professional (CISSP) |
| Exam Code | CISSP |
| Exam Price | $599 (USD) |
| Duration | 360 mins |
| Number of Questions | 250 |
| Passing Score | 700/1000 |
| Schedule Exam | Pearson VUE |
| Sample Questions | ISC2 CISSP Sample Questions |
| Practice Exam | ISC2 CISSP Certification Practice Exam |
ISC2 CISSP Exam Syllabus Topics:
| Topic | Details | Weights |
|---|---|---|
| Security and Risk Management |
- Confidentiality, integrity and availability concepts - Security governance principles - Compliance - Legal and regulatory issues - Professional ethics - Security policies, standards, procedures and guidelines |
16% |
| Asset Security |
- Information and asset classification - Ownership (e.g., data owners, system owners) - Protect privacy - Appropriate retention - Data security controls - Handling requirements (e.g., markings, labels, storage) |
10% |
| Security Engineering |
- Engineering processes using secure design principles - Fundamental concepts of security models - Security evaluation models - Security capabilities of information systems - Security architectures, designs and solution elements vulnerabilities - Web-based systems vulnerabilities - Mobile systems vulnerabilities - Embedded devices and cyber-physical systems vulnerabilities - Cryptography - Site and facility design secure principles - Physical security |
12% |
| Communication and Network Security |
- Secure network architecture design (e.g., IP & non-IP protocols, segmentation) - Secure network components - Secure communication channels - Network attacks |
12% |
| Identity and Access Management |
- Physical and logical assets control - Identification and authentication of people and devices - Identity as a service (e.g., cloud identity) - Third-party identity services (e.g., on-premise) - Access control attacks - Identity and access provisioning lifecycle (e.g., provisioning review) |
13% |
| Security Assessment and Testing |
- Assessment and test strategies - Security process data (e.g., management and operational controls) - Security control testing - Test outputs (e.g., automated, manual) - Security architecture vulnerabilities |
11% |
| Security Operations |
- Investigations support and requirements - Logging and monitoring activities - Provisioning of resources - Foundational security operations concepts - Resource protection techniques - Incident management - Preventative measures - Patch and vulnerability management - Change management processes - Recovery strategies - Disaster recovery processes and plans - Business continuity planning and exercises - Physical security - Personnel safety concerns |
16% |
| Software Development Security |
- Security in the software development lifecycle - Development environment security controls - Software security effectiveness - Acquired software security impact |
10% |
To ensure success in ISC2 CISSP certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for Information Systems Security Professional (CISSP) exam.