Cybersecurity
CISSP (ISC2)
Certified Information Systems Security Professional
Quick facts
| Provider | ISC2 |
|---|---|
| Exam code | CISSP |
| Level | expert |
| Format | Computerised Adaptive Testing (CAT) |
| Questions | 100–150 questions |
| Duration | 4 hours |
| Passing score | 700 / 1000 |
| Exam fee | $749 |
| Validity | 3 years (CPE credits) |
| Languages | EN |
Overview
CISSP is the best-known senior cybersecurity certification. It is broad rather than deep: the eight-domain Common Body of Knowledge spans risk management, architecture, operations, identity, and software security, viewed from a manager's perspective.
CISSP is not an entry-level exam. It requires five years of relevant paid experience to become fully certified (you can pass first and become an Associate of ISC2 while you accrue experience). It is frequently required for security leadership and government roles.
Who it is for
- Experienced security professionals moving into management
- Security architects and senior analysts
- People targeting roles that list CISSP as a requirement
Who it is not for
- Newcomers to security — CISSP needs five years of paid experience to certify (you can pass first as an Associate of ISC2).
- Hands-on specialists who want deep tooling skills rather than broad management-level breadth.
- Anyone needing a quick, cheap credential — this is a long, senior, costly exam.
Exam structure
| Security and Risk Management | 16% |
|---|---|
| Asset Security | 10% |
| Security Architecture and Engineering | 13% |
| Communication and Network Security | 13% |
| Identity and Access Management (IAM) | 13% |
| Security Assessment and Testing | 12% |
| Security Operations | 13% |
| Software Development Security | 10% |
How the exam is weighted
- Security & Risk Management 16%
- Asset Security 10%
- Security Architecture & Engineering 13%
- Communication & Network Security 13%
- Identity & Access Management 13%
- Security Assessment & Testing 12%
- Security Operations 13%
- Software Development Security 10%
Realistic study time
- Experienced security pro (5+ yrs) 60-100 hours over 2-3 months
- Mid-level, some domains new 120-180 hours over 3-5 months
- Career changer 200+ hours; consider Security+ first
Bars show relative effort, not a guarantee. Your time depends on background and study method.
What it really costs
| Exam fee | US$749 |
|---|---|
| Retake | Full fee again — after a waiting period |
| Study materials | US$0-400 — free outlines to paid books/courses |
| ISC2 annual maintenance fee | ~US$135 / year — to keep the cert active |
Fees change and vary by region. Confirm the current amount on the official site before you register.
Is it worth it?
For mid-to-senior security careers, CISSP is one of the highest-return certifications and is often a hard requirement for leadership and cleared roles. It is not worth rushing into early: without the five years of experience you can only hold Associate status, and the management-level material is hard to absorb without context.
What to do next
Already certified? Add a concentration (ISSAP/ISSEP/ISSMP), or compare CISSP with CISM to move toward security management. See the Cybersecurity Analyst career path.
FAQ
- Can I take CISSP without experience?
- You can sit and pass the exam, then become an Associate of ISC2 and have up to six years to earn the required five years of experience. Full CISSP status requires the experience.
- Is CISSP harder than Security+?
- Yes, considerably. Security+ is entry level; CISSP is an expert, management-oriented exam covering eight broad domains. Most candidates study three to six months.
- How do I keep CISSP valid?
- Earn Continuing Professional Education (CPE) credits and pay the annual maintenance fee. The cycle is three years.
Related exams
- CompTIA Security+ (SY0-701)— CompTIA
- CISM (ISACA)— ISACA