CISSP History

July 1, 2019 by Infosec

CISSP History

During the late 1980s, the need for vendor-independent certification programs in the field of information security was high. As a result, the International Information Security Certification Consortium or (ISC came into existence in 1989. A non-profit organization, it has since then become famous for providing standardized information security certifications. The certified information systems security professional (CISSP) certification is the best-known certification of the many offered by the organization. Some other examples are: SSCP, CCSP, and the HCISPP. More details about these can be found on the Certifications page of the official (ISC) ² website.

The CISSP certification was launched back in 1994. It’s a state-of-the-art certification. After gaining it, the holder is recognized as a proven information security professional. Even though many have followed since then, CISSP in 2005 became the first credential from the field of information security to have met the requirements of the ISO/IEC Standard 17024.

The curriculum of the certification deals with concepts from a wide range of information security topics. The common body of knowledge (CBK) is what the CISSP exam is based on and the complete curriculum can be divided into the following eight domains:

  • Security and risk management
  • Communications and network security
  • Identity and access management
  • Security operations
  • Software development security
  • Asset security
  • Security engineering
  • Security assessment and testing

Before 2015, there were 10 such domains.

According to the official company website, the CISSP is ideal for people working in the following positions (among others):

  • Director of security
  • Network architect
  • Security consultant
  • Security manager
  • Security architect
  • Security analyst
  • Security systems engineer
  • Chief information security officer
  • IT director/manager
  • Security auditor

The exam for the CISSP certification is six hours long and contains a total of 250 questions. In order to pass the exam, you need to earn a minimum of 700 marks out of 1000. The testing center for the examination is the Pearson Vue testing center. If you want more information about CISSP, you can download the official CISSP brochure from this link.

CISSP Exam Changes

(ISC) ² is notorious for changing the curriculum and other things about CISSP time and time again. In 2015, several changes were made to the common body of knowledge for the CISSP credential. If you are in the middle of your planning and an update comes to a certification exam’s coverage, it can become a real problem for you. A lot of applicants faced this issue when the CISSP structure was changed in the early 2012/late 2011 time frame.

Generally, there is no fixed time period after which we can observe a change to the way the CISSP exam is structured or prepared. According to the official CISSP website, they make changes for the following reason:

Amidst the changes in technology and the evolving threat landscape occurring in the information security field, (ISC)² has an obligation to its membership to maintain the relevancy of its credentials. These enhancements are the result of a rigorous, methodical process that (ISC)² follows to routinely update its credential exams. This process ensures that the examinations and subsequent continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.”

In addition to this, the organization’s administration stresses the fact that the CISSP exams get updated to comply with the ever-changing, dynamic field of information security. They say, “Refreshed technical content has been added to the Official (ISC)² CISSP CBK to reflect the most current topics in the information security industry today.” The changes normally lead to the expansion and realignment of pertinent topics that fall under different domains. This helps in achieving their organizational objective of ensuring accurate reflections of managerial and technical brilliance that is expected of a vetted professional in the field of information security.

Most recently, the domains of CISSP were renamed to be able to describe the topics more articulately.

CISSP for Security Professionals

(ISC) ² has been striving to nurture the talent and the experience in the information security field for over two decades now and CISSP has been gaining more and more relevance with each passing year. As of now, there are over 70,000 CISSP certified professionals in the U.S. alone. The complete list of CISSP member counts across 160 countries can be seen here. After clinching the CISSP credential, security professionals are able to:

  1. Ratify the information security prowess, insight, and competence that they have gained through years of work in the field.
  2. Demonstrate their abilities, skills, and technical know-how to be able to develop sophisticated security infrastructures while complying with the standards that are accepted globally.
  3. Stand out against the competition when applying to job openings at big firms in the rapidly expanding information security market.
  4. Win handsome promotions and pay bumps from the organizations working in the diverse information security industry.
  5. Commit to the field of information security by earning more professional education and by comprehending (and getting used to) the best contemporary practices.

The (ISC) ² CISSP also benefits security professionals indirectly by helping their employers in:

  1. Protecting their organizations against security threats because CISSP certified professionals have the ability and the expertise needed to design, construct, and ensure maintenance of sound security infrastructures.
  2. Ensuring that their information security employees stay updated with the latest technologies, standards, regulations, emerging threats, and practices by gaining the CISSP certification.
  3. Ensuring that all employees use a universally acknowledged knowledge, avoiding ambiguity with industry-complied practices and terms.
  4. Increasing the credibility of the organization when dealing with vendors and clients.
  5. Increasing their own confidence by realizing that employees are all well-qualified and determined to comply with the standards and norms of the field of information security.

What are the various CISSP concentrations?

(ISC) ² produced three concentrations that can be taken on by CISSP-certified professionals to further nurture their knowledge and expertise in the field of information security. The three currently offered are:


The CISSP-information systems security architecture professional concentration is achievable by only those CISSP professionals that have at-least 2 years of experience in the architecture domain. The website lists the ISSAP certification to be especially beneficial for people working in the following positions:

  • System architect
  • Chief security officer
  • Chief technology officer
  • System and network designer
  • Business analyst

The ISSAP exam will cover concepts from these topics:

  • Access control systems and methodology
  • Cryptography
  • Technology related business continuity planning (BCP) and disaster recovery planning (DRP)
  • Physical security considerations
  • Communications and network security
  • Security architecture analysis

The exam lasts 3 hours, has 125 questions and is only available in the English language. This exam outline should give a detailed overview to those interested. The organization also holds regular seminars for information-spreading purposes.


The CISSP-information systems security engineering professional concentration was conceived by the organization in conjunction with the NSA (National Security Agency, U.S.). It equips a CISSP professional with the ability to incorporate security into applications, projects, business processes, and all information systems in general.

If you are a CISSP working in the following positions, the ISSEP concentration is ideal for you:

  • Senior security analyst
  • Information assurance systems engineer
  • Information assurance officer
  • Senior systems engineer
  • Information assurance analyst

The ISSEP exam covers concepts from the following topics:

  • Systems security engineering
  • S. Government information assurance related policies and issuances
  • Certification and accreditation (C&A) / risk management framework (RMF)
  • Technical management

Three hours are allotted to applicants to take the exam, which has 150 multiple choice questions and is currently available only in the English language. The exam outline is available at the official website. You can also attend official training seminars related to the ISSEP concentration.


The CISSP- information systems security management professional certification requires the candidate to have at least two years of experience in management “on a large enterprise-wide security model.” It encompasses deep elements from the field of management, such as risk management, project management, and the management of a business longevity planning program etc.

If you are a CISSP professional working in any of the following positions, the ISSMP certification can be ideal for you:

  • Chief information officer
  • Senior security executive
  • Chief information security officer
  • Chief technology officer

The ISSMP CBK revolves around the following topics:

  • Security compliance management
  • Contingency management
  • Security leadership and management
  • Security lifecycle management
  • Law, ethics, and incident management

The exam is three hours long and has 125 multiple choice questions. It is available only in the English language and, as with the other certifications, you need to score at least 70 percent marks to pass. A more detailed outline is available here. Information about ISSMP seminars can be found here.

Want live CISSP training? Fill out the form below for details.

What is the HealthCare Information Security and Privacy Practitioner (HCISSP)?

The healthcare industry has been facing ever-increasing challenges related to patient data protection and privacy. More and more credentialed and insightful privacy and security practitioners must be nurtured to ensure the security of sensitive information stored in healthcare organizations’ databases.

The candidate’s knowledge will be checked in the following 6 domains:

  • Regulatory environment
  • Privacy and security in healthcare
  • Information risk assessment
  • Third party risk management
  • Healthcare industry
  • Information governance and risk management

If you are working in any of the following positions, the HCISSP certification could be perfect for you:

  • Privacy officer
  • Compliance auditor
  • Risk analyst
  • Compliance officer
  • Information security manager
  • Health information manager
  • Practice manager
  • Medical records supervisor
  • Information technology manager
  • Privacy and security consultant

The exam for HCISSP is three hours long, has 125 multiple choice questions, and is available only in the English language. More information regarding the exam outline can be found here. To get more information about how you can clinch the HCISSP certification, visit this link.

Final Word

(ISC) ² has been working very hard to introduce certifications that nurture the talent in the field of information security. If you want to garner certified credibility and outshine your competition, then you should conduct the mind battles (like HCISSP vs CISSP) to find out which certification would be ideal for you.

Posted: July 1, 2019


We've encountered a new and totally unexpected error.

Get instant boot camp pricing

Thank you!

A new tab for your requested boot camp pricing will open in 5 seconds. If it doesn't open, click here.

Articles Author
View Profile