What is CISSP? – Eligibility, Domains and Job Functions


The CISSP (Certification for Information System Security Professional) is aimed towards validating the expertise of IT security professionals. The CISSP is issued by the ISC2 with an objective to scale the competency of professionals in a globally recognized standard. CISSP is accredited by ISO (International Standards Organization) 17024-2003 and ANSI (American National Standards Institutes). While information security technology is continuously going through evolution, CISSP ensures that candidates are completely updated on every subject matter of IT security systems.

What is CISSP Concentrations?

The CISSP subject matter goes through continuous changes and this led ISC2 to come up with guiding credentials that addresses specific needs of CISSP professionals. These credentials allowed professionals to concentrate are in three functional areas including engineering, architecture and management. Referred to as concentrations, these guidelines provide an incredible career path to ISC2 members. More so, these credentials come with better job responsibilities while being able to recognize special talents within the CISSPs. The concentrations are termed as:
Engineering (CISSP – ISSEP)
Architecture (CISSP – ISSAP)
Management ((CISSP – ISSMP)

CISSP – ISSEP is a guide established to incorporate security systems into applications, business processes, projects and every aspect of information system. CISSP – ISSEP is supposed to be an extremely relevant tool for any security professional in this globe. The certification takes the candidate through some standard established methodologies and best practices and prepares him/her for a world of systems security engineering and risk management. Security professionals this way have all the standard workable methodologies in grasp. The SSE model in the IATF (Information Assurance Technical Framework) course acts as a guiding light for the incorporation of security and every field of information management.

Job Functions – CISSP-ISSEP

    • IA Systems Engineer
    • Senior Security Analyst
    • Senior Systems Engineer
    • Information Assurance Officer
    • Information Assurance Analyst

Eligibility – CISSP-ISSEP

CISSP-ISSEP candidates are required to have a minimum of two years professional experience in the field of engineering. The certification was developed in collaboration with the US National Security Agency (NSA) and provides an invaluable degree for all Information security engineer


The CISSP-ISSEP covers four domains:

    1. Systems Security Engineering – governs all IATF processes and generates a framework for the design and protection of engineering systems addressing a variety of needs. It also governs topics like risk assessment, systems lifecycle and other concepts of defense.
    2. Technical Management – develops system models that relates to security tasks
    3. Risk Management Framework (RMF) – documentation and access of system security designs and including jobs such as risk management and information access.
    4. U.S. Government Information Assurance Related Issuances and Policies – identify, understand and application of security practices as recognized by US Government Information Assurance regulations.


CISSP-ISSAP is a standardized validation for all security architects and analysts who may be working as independent consultants or in any similar capability within the organization. Security architecture professional play a very important role in every modern organization and their functions fit between C-suite and the upper managerial levels of security program implementation. Professionals are expected to be able to design, develop and analyze the security play of the business. While the role seems to be typically tied to technical aspects, it is fundamentally consultative.

Job Functions – CISSP-ISSAP

    • Systems Architect
    • Chief Technology Officer
    • System and Network Designer
    • Business Analyst
    • Chief Security Officer

Eligibility – CISSP-ISSAP

The CISSP-ISSAP requires candidates to have a minimum two years of working experience in system architecture roles.


The CISSP-ISSAP covers six domains:

    1. Access Control System and Methodology – establishes the critical requirements for effective and adequate access control restrictions. This further includes access of physical infrastructure, data, and personnel to better maintenance of availability, confidentiality and integrity.
    2. Cryptography – requires security professionals to realize cryptographic methods for secure data storage and communication. It helps fight misuse of data.
    3. Communications and Network Security – addresses all security concerns related to telecommunications and networking in distributed IT environments. The professional is expected to understand risk to networks across multimedia, voice and data.
    4. Security Architecture Analysis – provides the evaluation of a variety of architectures while understanding the risk involved with each.
    5. Physical security – recognizes the role of personnel controls and physical security in all system security models.
    6. Technology related Disaster Recovery Planning (DRP) and Business Continuity Planning (BCP) – this involves identification of risk situations that can threaten an organization’s ability of normal operations. Security professionals recognize all counter measures that reduce all such incidents.


CISSP –ISSMP establishes, governs and presents IS programs that demonstrate management and leadership abilities. These job roles will be geared towards a more responsible information security framework and defines all means for achieving the same. Professionals certified under CISSP – ISSMP have well rounded information security comprehension as opposed to common management credentials.

Job Functions – CISSP-ISSMP

    • Chief Information Officer
    • Chief Technology Officer
    • Enterprise Security Manager
    • Chief Information Security Officer
    • Senior Security Executive

Eligibility – CISSP-ISSMP

The CISSP – ISSMP requires candidates to have a minimum of two years experience in IT management and establishing it in larger enterprise security frameworks. The ISSP certification course contains deep managerial elements like risk management, incident response, BCP, DRP, security awareness and others.


    1. Security Leadership and Management – helps management of IS programs within organizations. The concepts are built upon organizational perspectives and harps upon IS role in all organizational processes.
    2. Security Compliance Management – establishes, manages and oversees process and helps access, monitors and enforces security policy procedures and policies. The concepts include managerial metrics, report status and identify acceptable exceptions.
    3. Security Lifecycle Management – integrates IS principles into new business initiatives while taking care of the SDLC (System Development Life Cycle) and includes maintenance, operation and disposal phases.
    4. Contingency Management – plan and implementation of IS processes to minimize adverse event including both natural and manmade disasters, equipment failure and virus outbreak.
    5. Law, Ethics and Incident Management – understanding state regulations and implications of non-compliance. The role will be to coordinate with legal and law enforcement authorities while identifying ethical guidelines and keeping the management informed.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s