CISSP Concentrations

«« Previous
Next »»

Achieve Excellence in Information Security


You’re a leader in information security. And in this ever-changing industry in which the opposition grows ever smarter, you’re always looking for ways to stay ahead and master your craft.

Challenge yourself with a CISSP Concentration! These specialized credentials build upon the CISSP. Whether you’re interested in career growth, deeper knowledge or achieving elite status, CISSP Concentrations are optional pursuits that prove your subject matter mastery. They highlight your evolving expertise in information security:

◈ Architecture
◈ Engineering
◈ Management

1. Steps to Certification


1.1 Get the Needed Experience

To qualify for the CISSP-ISSAP, you must be a CISSP in good standing and:

◈ Have two years cumulative, paid, full-time work experience
◈ In one or more of the six domains of the CISSP-ISSAP Common Body of Knowledge (CBK)

To qualify for the CISSP-ISSEP, you must be a CISSP in good standing and:

◈ Have two years cumulative, paid, full-time work experience
◈ In one or more of the four domains of the CISSP-ISSEP CBK

To qualify for the CISSP-ISSMP, you must be a CISSP in good standing and:

◈ Have two years cumulative, paid, full-time work experience
◈ In one or more of the five domains of the CISSP-ISSMP CBK

1.2 Create an Account at Pearson VUE and Schedule Your Exam

To schedule an exam, you must create an account at Pearson VUE.

Pearson VUE is the leading provider of global, computer-based testing for certification and licensure exams. You can find details on testing locations, policies, accommodations and more on their website.

Once you’ve set up your account and are ready to register, you’ll need to:

◈ Complete the Examination Agreement. You agree to the truth of your assertions regarding professional experience. You also legally commit to the adherence of the (ISC)² Code of Ethics.
◈ Review the Candidate Background Questions.
◈ Pay the exam fee.

1.3 Pass the Exam

This is the day to show your greatness!

Depending on the exam you take, you’ll have:

◈ Three hours to complete the 125 ISSAP exam questions.
◈ Three hours to complete the 150 ISSEP exam questions.
◈ Three hours to complete the 125 ISSMP exam questions.

You must pass the exam with a scaled score of 700 points or greater.

1.4 Get Endorsed

Once you successfully pass the exam, you’ll have nine months from the date of the exam to have your application endorsed.

Your endorsement form must be completed and signed by an (ISC)² certified professional. He or she needs to be an active member who can confirm your professional experience.

(ISC)² can endorse you if you can’t find a certified individual.

2. Get to Know the CISSP-ISSAP


Information Systems Security Architecture Professional

The CISSP-ISSAP is an appropriate credential if you’re a chief security architect or analyst. Typically, you work as an independent consultant or in a similar capacity.

Recommended CISSP-ISSAP Online Practice Exams with EDUSUM.COM

As the architect, you play a key role in the information security department. Your responsibilities fall between the C-suite and upper managerial level and the implementation of the security program.

Although your role is tied closely to technology, it may be closer to the consultative and analytical process of information security.

This security architect certification proves your expertise developing, designing and analyzing security solutions. It also shows you excel at giving risk-based guidance to senior management in order to meet organizational goals.

Download Your Free CISSP-ISSAP Exam Outline

2.1 Why Earn the CISSP-ISSAP

You’re on the leading edge of your craft. Here are just a few reasons to challenge yourself with this security architect certification:

◈ A demonstration of excellence. You want to stand out from your fellow CISSPs. This concentration proves you have an elite level of knowledge and expertise.
◈ New opportunities. The CISSP-ISSAP opens doors: from new career paths and jobs, to more exciting work.
◈ Growth and learning. This is an opportunity to dive deep and hone your craft. You’ll find new ways to grow and stay on the forefront of information security. And earning your concentration is a big challenge.
◈ Ease of continuing education and dues. As a CISSP, you already have a relationship with (ISC)². If you earn the CISSP-ISSAP, you only have to share your Continuing Professional Education (CPE) credits with one organization. You may apply your CISSP-ISSAP CPE credits toward your CISSP requirement (as long as these credits are specific to security architecture). And your dues are a lot less than if you pursue an advanced certification with a separate organization. You’ll make great use of your time, energy and money.

2.2 Should You Pursue the CISSP-ISSAP?

This security architect certification is an excellent way to hone your craft. But is it right for you?

You’re a great fit for the CISSP-ISSAP if you:

◈ Are a life-long learner who craves a new challenge.
◈ Want to go beyond the CISSP. You have a competitive spirit and want to stand out from your peers.
◈ Want to be seen as a subject matter expert and prove your knowledge in a more focused area.
◈ Are looking ahead in your career. The CISSP-ISSAP will help you achieve an even higher level of success.
◈ Need this concentration to move into a specific job.

The CISSP-ISSAP is ideal for those working in roles such as:

◈ System architect
◈ Chief technology officer
◈ System and network designer
◈ Business analyst
◈ Chief security officer

2.3 Mastering the Domains on the Exam

The CISSP-ISSAP exam tests your skills in six domains. The domains draw from a range of information security topics within the (ISC)² Common Body of Knowledge (CBK).

Here’s how the domains are weighted on the exam:

CISSP-ISSAP

Domains Weight 
1. Identity and Access Management Architecture 19% 
2. Security Operations Architecture  17% 
3. Infrastructure Security  19% 
4. Architect for Governance, Compliance and Risk Management  16% 
5. Security Architecture Modeling  14% 
6. Architect for Application Security  15% 
Total  100% 

Identity and Access Management Architecture

◈ Design identity management and lifecycle
◈ Design access control management and lifecycle

Security Operations Architecture

◈ Determine security operation capability requirements and strategy
◈ Design continuous security monitoring (e.g., SIEM, insider threat, enterprise log management, cyber crime, advanced persistent threat)
◈ Design continuity, availability and recovery solutions
◈ Design security operations (e.g., interoperability, scalability, availability, supportability)
◈ Integrate physical security controls
◈ Design incident management capabilities
◈ Security communications and networks

Infrastructure Security

◈ Determine infrastructure security capability requirements and strategy
◈ Design layer 2/3 architecture (e.g., access control segmentation, out-of-band management, OSI layers)
◈ Secure common services (e.g., wireless, email, VoIP, unified communications)
◈ Architect detective, deterrent, preventative and control systems
◈ Architect infrastructure monitoring
◈ Design integrated cryptographic solutions (e.g., Public Key Infrastructure (PKI), identity system integration)

Architect for Governance, Compliance and Risk Management

◈ Architect for governance and compliance
◈ Design threat and risk management capabilities
◈ Architect security solutions for off-site data use and storage
◈ Operating environment (e.g., virtualization, cloud computing)

Security Architecture Modeling

◈ Identify security architecture approach (e.g., reference architectures, build guides, blueprints, patterns)
◈ Verify and validate design (e.g., POT, FAT, regression)

Architect for Application Security

◈ Review software development lifecycle (SDLC) integration of application security architecture (e.g., requirements traceability matrix, security architecture documentation, secure coding)
◈ Review application security (e.g., custom, commercial off-the-shelf (COTS), in-house cloud)
◈ Determine application security capability requirements and strategy (e.g., open source, cloud service providers, SaaS/IaaS providers)
◈ Design application cryptographic solutions (e.g., cryptographic API selection, PRNG selection, software-based key management)
◈ Evaluate application controls against existing threats and vulnerabilities
◈ Determine and establish application security approaches for all system components (mobile, web and thick client applications; proxy, application and database services)


2.4 Getting Training That’s Right for You

Prepare for your CISSP-ISSAP exam through a combination of training courses and individual study. And learn from (ISC)² — the creator of the CBK!

Simply choose the best training format for your schedule, needs and learning style.

In-Person Training Seminars


Classroom-Based Training

◉ Ideal for hands-on learners. The most thorough review of the CBK, industry concepts and best practices.
◉ Four-day training event delivered in a classroom setting. Eight hours a day.
◉ Available at (ISC)2 facilities and through (ISC)2 Official Training Providers worldwide.
◉ Led by authorized instructors.

GET DETAILS ON CLASSROOM-BASED TRAINING

Private On-Site Training

◉ A cost-effective and convenient training solution if your organization has 10 or more employees taking the exam.
◉ Tailored to your team’s schedule, budget and certification requirements.
◉ Conveniently taught in your office space or a local venue.
◉ Led by authorized instructors.

GET DETAILS ON PRIVATE ON-SITE TRAINING

Online Training Seminars


Instructor-Led Training

◉ Participate from the convenience of your computer. This saves you travel time and expense.
◉ Weekday, weekend and evening options to fit your busy schedule.
◉ Comprehensive review of the CBK, so you’re ready for this security architecture certification.
◉ Access to recordings of all course sessions for 60 days.
◉ Led by authorized instructors.

GET DETAILS ON INSTRUCTOR-LED SEMINARS

Training Course Overview


Our training helps you fully prepare for your CISSP-ISSAP exam. You will:

◉ Review, refresh and expand your knowledge.
◉ Identify areas you need to study for your exam.

You can expect an in-depth review of the domains of the CBK — including discussion of industry best practices and timely security concepts.

(ISC)² authorized instructors lead all our training. You’re learning from industry experts who understand you. They know how to make the content highly relatable. And they go through a rigorous process to teach to our CBK.

Plus, we use proven adult learning techniques to reinforce topics. This approach increases how much information you retain. Our techniques are highly interactive. They focus on real-world learning activities and scenarios, so you get the most out of training.

Self-Study Resources


In addition to training, we offer resources to help you with self-study. Our resources include the:

Exam Outline
Official (ISC)² Guide to the CISSP-ISSAP CBK Textbook

GET YOUR FREE EXAM OUTLINE

2.5 Taking Your CISSP-ISSAP Exam

Length of exam Up to 3 hours 
Number of questions  125 questions 
Question format Multiple choice 
Passing grade A passing score is 700 out of 1000 points 
Exam language  English 
Testing center Pearson VUE Testing Center 

2.6 Maintaining Your Concentration

Once you have passed your CISSP-ISSAP exam and are certified, you need to recertify every three years. To do so, you simply need to:

◈ Earn 20 continuing professional education (CPE) credits each year. (You may apply these 20 credits toward your CISSP CPE requirement as long as these credits are specific to security architecture.)
◈ Pay a USD$35 Annual Maintenance Fee (AMF). This amount is in addition to the fee required for the CISSP.

3. Get to Know the CISSP-ISSEP


Achieve Excellence in Information Security

You’re a leader in information security. And in this ever-changing industry in which the opposition grows ever smarter, you’re always looking for ways to stay ahead and master your craft.

Recommended CISSP-ISSEP Online Practice Exams with EDUSUM.COM

Challenge yourself with a CISSP Concentration! These specialized credentials build upon the CISSP. Whether you’re interested in career growth, deeper knowledge or achieving elite status, CISSP Concentrations are optional pursuits that prove your subject matter mastery. They highlight your evolving expertise in information security:

◈ Architecture
◈ Engineering
◈ Management

Information Systems Security Engineering Professional

The CISSP-ISSEP is an ideal credential for proving you know how to incorporate security into all facets of business operations.

This security engineering certification recognizes your keen ability to practically apply systems engineering principles and processes to develop secure systems. You have the knowledge and skills to incorporate security into projects, applications, business processes and all information systems.

The CISSP-ISSEP was developed in conjunction with the U.S. National Security Agency (NSA). It offers an invaluable tool for any systems security engineering professional.

Download Your Free CISSP-ISSEP Exam Outline

3.1 Why Earn the CISSP-ISSEP

You’re on the leading edge of your craft. Here are just a few reasons to challenge yourself with this security architect certification:

A demonstration of excellence. You want to stand out from your fellow CISSPs. This concentration proves you have an elite level of knowledge and expertise.
New opportunities. The CISSP-ISSEP opens doors: from new career paths and jobs, to more exciting work.
Growth and learning. This is an opportunity to dive deep and hone your craft. You’ll find new ways to grow and stay on the forefront of information security. And earning your concentration is a big challenge.
Ease of continuing education and dues. As a CISSP, you already have a relationship with (ISC)². If you earn the CISSP-ISSEP, you only have to share your Continuing Professional Education (CPE) credits with one organization. You may apply your CISSP-ISSEP CPE credits toward your CISSP requirement (as long as these credits are specific to security engineering). And your dues are a lot less than if you pursue an advanced certification with a separate organization. You’ll make great use of your time, energy and money.

3.2 Should You Pursue the CISSP-ISSEP?

This security engineering certification is an excellent way to hone your craft. But is it right for you?

You’re a great fit for the CISSP-ISSEP if you:

◈ Are a life-long learner who craves a new challenge.
◈ Want to go beyond the CISSP. You have a competitive spirit and want to stand out from your peers.
◈ Want to be seen as a subject matter expert and prove your knowledge in a more focused area.
◈ Are looking ahead in your career. The CISSP-ISSEP will help you achieve an even higher level of success.
◈ Need this concentration to move into a specific job.

The CISSP-ISSEP is ideal for those working in roles such as:

◈ Senior systems engineer
◈ Information assurance systems engineer
◈ Information assurance officer
◈ Information assurance analyst
◈ Senior security analyst

3.3 Mastering the Domains on the Exam

The CISSP-ISSEP exam tests your skills in four domains. The domains draw from a range of information security topics within the (ISC)² Common Body of Knowledge (CBK).

Here’s how the domains are weighted on the exam:

CISSP-ISSEP

Domains Weight 
1. System Security Engineering 50% 
2. Certification and Accreditation (C&A) / Risk Management Framework (RMF)  15% 
3. Technical Management  15% 
4. U.S. Government Information Assurance Related Policies and Issuances  20% 
Total  100% 

System Security Engineering

Understand relationship between security engineering and systems engineering

◈ Discover information protection needs
◈ Define system security requirements
◈ Develop detailed security design
◈ Implement system security

Certification and Accreditation (C&A) / Risk Management Framework (RMF)


◈ Understand the U.S. Government C&A/RMF process to be applied (e.g., National Information Assurance Certification and Accreditation Process (NIACAP), DoD Information Assurance Certification and Accreditation Process (DIACAP), National Institute of Standards and Technology Special Publication (NIST SP) 800-37 rev 1)
◈ Understand the roles and responsibilities of stakeholders identified with the C&A/RMF process
◈ Integrate the C&A/RMF process with systems security engineering

Technical Management

◈ Understand and support the acquisition process
◈ Initiate the technical effort
◈ Plan the technical effort
◈ Implement and manage the technical effort
◈ Close the technical effort

U.S. Government Information Assurance Related Policies and Issuances

◈ Understand national laws and policies
◈ Understand civil agency policies and guidelines
◈ Understand DoD policies and guidelines
◈ Understand applicable international standards


3.4 Getting Training That’s Right for You

Prepare for your CISSP-ISSEP exam through a combination of training courses and individual study. And learn from (ISC)² — the creator of the CBK!

Simply choose the best training format for your schedule, needs and learning style.

In-Person Training Seminars


Classroom-Based Training

◈ Ideal for hands-on learners. The most thorough review of the CBK, industry concepts and best practices.
◈ Four-day training event delivered in a classroom setting. Eight hours a day.
◈ Available at (ISC)² facilities and through (ISC)² Official Training Providers worldwide.
◈ Led by authorized instructors.

GET DETAILS ON CLASSROOM-BASED TRAINING

Private On-Site Training

◈ A cost-effective and convenient training solution if your organization has 10 or more employees taking the exam.
◈ Tailored to your team’s schedule, budget and certification requirements.
◈ Conveniently taught in your office space or a local venue.
◈ Led by authorized instructors.

GET DETAILS ON PRIVATE ON-SITE TRAINING

Online Training Seminars


Instructor-Led Training

◈ Participate from the convenience of your computer. This saves you travel time and expense.
◈ Weekday, weekend and evening options to fit your busy schedule.
◈ Comprehensive review of the CBK, so you’re ready for this security engineering certification.
◈ Access to recordings of all course sessions for 60 days.
◈ Led by authorized instructors.

GET DETAILS ON INSTRUCTOR-LED SEMINARS

Training Course Overview


Our training helps you fully prepare for your CISSP-ISSEP exam. You will:

◈ Review, refresh and expand your knowledge.
◈ Identify areas you need to study for your exam.

You can expect an in-depth review of the domains of the CBK — including discussion of industry best practices and timely security concepts.

(ISC)² authorized instructors lead all our training. You’re learning from industry experts who understand you. They know how to make the content highly relatable. And they go through a rigorous process to teach to our CBK.

Plus, we use proven adult learning techniques to reinforce topics. This approach increases how much information you retain. Our techniques are highly interactive. They focus on real-world learning activities and scenarios, so you get the most out of training.

GET YOUR FREE EXAM OUTLINE

3.5 Taking Your CISSP-ISSEP Exam

Length of exam Up to 3 hours
Number of questions 150 questions 
Question format Multiple choice 
Passing grade A passing score is 700 out of 1000 points
Exam language English
Testing center Pearson VUE Testing Center

3.6 Maintaining Your Concentration

Once you have passed your CISSP-ISSEP exam and are certified, you need to recertify every three years. To do so, you simply need to:

Earn 20 continuing professional education (CPE) credits each year. (You may apply these 20 credits toward your CISSP CPE requirement as long as these credits are specific to security engineering.)
Pay a USD$35 Annual Maintenance Fee (AMF). This amount is in addition to the fee required for the CISSP.

4. Get to Know the CISSP-ISSMP


Information Systems Security Management Professional

You are vital to your organization’s success. Prove your knowledge and leadership skills with the CISSP-ISSMP.

Recommended CISSP-ISSMP Online Practice Exams with EDUSUM.COM

This cybersecurity management certification shows you excel at establishing, presenting and governing information security programs. You also demonstrate deep management and leadership skills whether you’re leading incident handling and/or a breach mitigation team.

Download Your Free CISSP-ISSMP Exam Outline

4.1 Why Earn the CISSP-ISSMP

You’re on the leading edge of your craft. Here are just a few reasons to challenge yourself with this cybersecurity management certification:

◉ A demonstration of excellence. You want to stand out from your fellow CISSPs. This concentration proves you have an elite level of knowledge and expertise.
◉ New opportunities. The CISSP-ISSMP opens doors: from new career paths and jobs, to more exciting work.
◉ Growth and learning. This is an opportunity to dive deep and hone your craft. You’ll find new ways to grow and stay on the forefront of information security. And earning your concentration is a big challenge.
◉ Ease of continuing education and dues. As a CISSP, you already have a relationship with (ISC)². If you earn the CISSP-ISSMP, you only have to share your Continuing Professional Education (CPE) credits with one organization. You may apply your CISSP-ISSMP CPE credits toward your CISSP requirement (as long as these credits are specific to security management). And your dues are a lot less than if you pursue an advanced certification with a separate organization. You’ll make great use of your time, energy and money.

4.2 Should You Pursue the CISSP-ISSMP?

The CISSP-ISSMP is an excellent way to hone your craft. But is it right for you?

You’re a great fit for this cybersecurity management certification if you:

◈ Are a life-long learner who craves a new challenge.
◈ Want to go beyond the CISSP. You have a competitive spirit and want to stand out from your peers.
◈ Want to be seen as a subject matter expert and prove your knowledge in a more focused area.
◈ Are looking ahead in your career. A CISSP concentration will help you achieve an even higher level of success.
◈ Need a CISSP Concentration to move into a specific job.

The CISSP-ISSMP is ideal for those working in roles such as:

◈ Chief information officer
◈ Chief information security officer
◈ Chief technology officer
◈ Senior security executive

4.3 Mastering the Domains on the Exam

The CISSP-ISSMP exam tests your skills in five domains. The domains draw from a range of information security topics within the (ISC)² Common Body of Knowledge (CBK).

Here’s how the domains are weighted on the exam:

CISSP-ISSMP

Domains Weight 
1. Security Leadership and Management 38%
2. Security Lifecycle Management  21% 
3. Security Compliance Management  14% 
4. Contingency Management  12% 
5. Law, Ethics and Incident Management  15% 
Total  100% 


Security Leadership and Management

◈ Understand security’s role in the organization’s culture, vision and mission
◈ Align security program with organizational governance
◈ Define and implement information security strategies
◈ Manage data classification
◈ Define and maintain security policy framework
◈ Manage security requirements in contracts and agreements
◈ Develop and maintain a risk management program
◈ Manage security aspects of change control
◈ Oversee security awareness and training programs
◈ Define, measure and report security metrics
◈ Prepare, obtain and administer security budget
◈ Manage the security organization (e.g., define roles and responsibilities, determine FTEs, performance evaluation)
◈ Understand project management principles (e.g., time, scope and cost relationship; work breakdown structure)

Security Lifecycle Management

◈ Manage the integration of security into the system development lifecycle (SDLC)
◈ Integrate new business initiatives into the security architecture
◈ Define and oversee comprehensive vulnerability management programs (e.g., vulnerability scanning, penetration testing, threat analysis)

Security Compliance Management

◈ Validate compliance with organizational security policies and procedures
◈ Manage and document exceptions to the compliance framework
◈ Coordinate with auditors and assist with the internal and external audit process

Contingency Management

◈ Oversee development of contingency plans
◈ Guide development of recovery strategies
◈ Manage maintenance of the BCP and DRP plans (e.g., lessons learned, architecture changes)

Law, Ethics and Incident Management

◈ Understand the impact of laws that relate to information security
◈ Develop and manage the incident handling and investigation processes
◈ Understand management issues as they related to the (ISC)² Code of Ethics

GET YOUR FREE EXAM OUTLINE

4.4 Getting Training That’s Right for You

Prepare for your CISSP-ISSMP exam through a combination of training courses and individual study. And learn from (ISC)² — the creator of the CBK!

Simply choose the best training format for your schedule, needs and learning style.

In-Person Training Seminars


Classroom-Based Training

◈ Ideal for hands-on learners. The most thorough review of the CBK, industry concepts and best practices.
◈ Five-day training event delivered in a classroom setting. Eight hours a day.
◈ Available at (ISC)² facilities and through (ISC)² Official Training Providers worldwide.
◈ Led by authorized instructors.

GET DETAILS ON CLASSROOM-BASED TRAINING

Private On-Site Training

◈ A cost-effective and convenient training solution if your organization has 10 or more employees taking the exam.
◈ Tailored to your team’s schedule, budget and certification requirements.
◈ Conveniently taught in your office space or a local venue.
◈ Led by authorized instructors.

GET DETAILS ON PRIVATE ON-SITE TRAINING

Online Training Seminars


Instructor-Led Training

◈ Participate from the convenience of your computer. This saves you travel time and expense.
◈ Weekday, weekend and evening options to fit your busy schedule.
◈ Comprehensive review of the CBK, so you’re ready for this security management certification.
◈ Access to recordings of all course sessions for 60 days.
◈ Led by authorized instructors.

GET DETAILS ON INSTRUCTOR-LED SEMINARS

Training Course Overview


Our training helps you fully prepare for your CISSP-ISSMP exam. You will:

◈ Review, refresh and expand your knowledge.
◈ Identify areas you need to study for your exam.

You can expect an in-depth review of the domains of the CBK — including discussion of industry best practices and timely security concepts.

(ISC)² authorized instructors lead all our training. You’re learning from industry experts who understand you. They know how to make the content highly relatable. And they go through a rigorous process to teach to our CBK.

Plus, we use proven adult learning techniques to reinforce topics. This approach increases how much information you retain. Our techniques are highly interactive. They focus on real-world learning activities and scenarios, so you get the most out of training.

Self- Study Resources 


In addition to training, we offer resources to help you with self-study. Our resources include the:

Exam Outline
Official (ISC)² Guide to the CISSP-ISSMP CBK Textbook

GET YOUR FREE EXAM OUTLINE.

4.5 Taking Your CISSP-ISSMP Exam

Length of exam Up to 3 hours
Number of questions 125 questions 
Question format  Multiple choice 
Passing grade  A passing score is 700 out of 1000 points 
Exam language  English 
Testing center  Pearson VUE Testing Center

4.6 Maintaining Your Concentration

Once you have passed your CISSP-ISSMP exam and are certified, you need to recertify every three years. To do so, you simply need to:

◈ Earn 20 continuing professional education (CPE) credits each year. (You may apply these 20 credits toward your CISSP CPE requirement as long as these credits are specific to security management.)
◈ Pay a USD$35 Annual Maintenance Fee (AMF). This amount is in addition to the fee required for the CISSP.

«« Previous
Next »»

0 comments:

Post a Comment