Skip to content

Page004

Steps to Becoming a CISSP®

Becoming a CISSP® requires four steps:

  • Proper professional information security experience
  • Agreeing to the (ISC)²® code of ethics
  • Passing the CISSP® exam
  • Endorsement by another CISSP®

Additional details are available on the examination registration form available at https://www.isc2.org.

The exam currently requires 5 years of professional experience in 2 or more of the 8 domains of knowledge. Those domains are covered in Chapters 2–9 of this book. You may waive 1 year with a college degree or approved certification; see the examination registration form for more information.

You may pass the exam before you have enough professional experience and become an “Associate of (ISC)²®.” Once you meet the experience requirement, you can then complete the process and become a CISSP®.

The (ISC)²® code of ethics is discussed in Chapter 2, Domain 1: Security and Risk Management.

Passing the exam is discussed in the section “How to take the exam,” and we discuss endorsement in the section “After the exam” below.

Computer-Based Testing (CBT)

(ISC)²® has partnered with Pearson VUE (http://www.pearsonvue.com/) to provide computer-based testing (CBT). Pearson VUE has testing centers located in over 160 countries around the world; go to their website to schedule your exam. Note that the information regarding CBT is subject to change; please check the (ISC)²®’s exam registration site (https://www.isc2.org/) for any updates to the CBT process.

According to (ISC)²®, “Candidates will receive their unofficial test result at the test center.” The results will be handed out by the Test Administrator during the checkout process. (ISC)²® will then follow up with an official result via email. In some instances, real-time results may not be available: “(ISC)² conducts a thorough statistical and psychometric analysis of the score data to establish the pass/fail score before releasing scores. We need a minimum number of test takers before this analysis can be completed”[^4]. This normally occurs when the exam changes: students have reported a 6-week wait before they received their results in the weeks following a major exam update. Immediate results followed shortly after that time.

CISSP® CAT

(ISC)²® describes CAT (Computerized Adaptive Testing): “CAT is the computerized delivery of exam items uniquely tailored to the ability of an individual candidate. Unlike fixed-form, linear exams, adaptive testing delivers items based on the demonstrated ability of a candidate during the exam. With CAT, the difficulty of each item a candidate receives is optimized to measure their ability with the greatest degree of efficiency possible”[^5].

Adaptive testing can be stressful. The exam engine is designed to present questions that a candidate has a 50/50 chance of answering: “After each item is answered, the item selection algorithm determines the next item to present to the candidate with the expectation that a candidate should have approximately a 50% chance of answering that item correctly”[^5]. This means the better a candidate does: the harder the exam gets. Remember that the exam score is scaled, and 50 questions are pre-test (research) questions that don’t count towards the final score.

The inclusion of pre-test questions adds to exam-day stress: assuming a minimum exam length of 125 questions; 40% (50) are unscored. That leaves 75 questions that are scored, and the adaptive engine attempts to choose questions that a candidate has a 50/50 chance of answering. A candidate who is doing well on the exam can literally be missing (well) over half the questions. Most passing students report that they were convinced they failed or were completely unsure of how they did until they received their results. This includes students who passed with 125 questions (meaning they did extremely well).