CISSP - Certified Information Systems Security Professional

Prepare for the CISSP certification with CISO Plus.
Access study guides, tips, and resources to help you succeed in your certification journey

Page Overview

Here, you’ll find everything you need to know about the CISSP certification.

We’ve gathered comprehensive information about the certification itself, the exam, and exclusive study materials you won’t find anywhere else.

Page Overview​

Here, you’ll find everything you need to know about the CISSP certification. We’ve gathered comprehensive information about the certification itself, the exam, and exclusive study materials you won’t find anywhere else.

CISSP Certification

What is the CISSP Certification?

The CISSP (Certified Information Systems Security Professional) certification is a private certification that has been available since 1994 in the field of information security, awarded by ISC2, an international consortium for certifications in the field of information systems security.

In many countries around the world, this certification is considered prestigious and even mandatory for certain positions in specific institutions. It is also equivalent to a master’s degree (in Europe, EQF Level 7), and in the U.S., it is regarded as the “gold standard” in information security management and is recognized by the U.S. Department of Defense under standard U.S. DoDM 8140.03.

CISSP is considered to be highly prestigious and very difficult to obtain and in high demand in the job market where it provides a significant advantage, especially for senior positions.

Although it is not considered a “technical” certification but one that is intended for managers in the field, it does cover a considerable number of technical topics.

CISSP Exam

About the exam

Main Points of the Exam:

The exam consists of 100 to 150 questions (mainly multiple-choice, but not only) and lasts 3 hours.

To pass, the candidate must achieve a score of 700 out of 1000.

The exam is Computer Adaptive, meaning a computer algorithm decides in real-time, based on the candidate’s previous answers, which questions to present next, how many questions the candidate will be asked in total, and whether they have passed or failed the exam.

The exam covers 8 domains, each representing a different area within the field of information security.

Domains and Weight. Source ISC2

Who is eligible?

There are no specific restrictions, but it is important to know that even if you take and pass the exam, you are not yet a CISSP.

To receive the title, in addition to passing the exam, you must prove 5 years of experience in the field of information security (from the domains of the exam).

There is an option to substitute one year of experience with a recognized degree or certification by ISC2.

If you pass the exam and do not have the required experience, you can receive an “intermediate status” until you gain the necessary experience, after which you can apply to become a CISSP.

How to register?

To register for the exam, you will need to fill out a form and pay for the exam.

Please note that is not an online proctored exam. You will need to take the exam in person.

The Exam Itself

Before the exam

Dedicate about 3 hours a day for approximately 3 months to study for the exam.

Less than this will likely not be enough to cover all the material, and more than this might lead to forgetting what you learned at the beginning.

Practice at least 2,000 questions!

A significant portion of the questions is meant to practice the material itself, and another portion is for internalizing the guiding principles. Aim for about 4,000 – 5,000 questions.

Choose to take the exam in English, even if you speak another language in which the exam is available!

Just as the professional language in cooking is French, the professional language here is English, and taking the exam in English will make it easier to understand the context.

It’s important to note that good English is critical for the exam! Ensure you feel comfortable with reading comprehension in English, especially technical English, as the questions are formulated in English intended for native speakers.

During the exam

Don’t try to calculate your score or how well you’re doing – although it’s possible to gauge based on the difficulty of the questions and your overall feeling, in reality, it’s very difficult to get a good indication, and it’s a complete waste of time and unnecessary energy.

Don’t overthink each question – it’s important to read each question carefully and not answer hastily, but remember that among the exam answers, there are distractors meant to divert you from the correct answer, whether you didn’t think enough or if you overthought it.

As mentioned, the exam consists of at least 100 questions, and when you reach the 100th question, the computer will decide whether the exam needs to continue.

The computer may decide that the 100 questions were enough to pass or fail you, or it may want to test you further and in such a case will give you more questions (up to 50) before making a final decision.

In any case, continue answering the questions to the best of your ability until the computer stops presenting questions.

After the exam

The letter you receive after you pass the exam

After answering the last question, a message will be displayed asking you to go to the administration office, where you will receive a paper stating whether you passed or failed (raise your hand and wait for the exam proctor to take you out of the room).

You Passed!

If the paper says you passed, you will have to wait a few days until ISC2 officially confirms that your exam was valid, after which you can start the CISSP acceptance process or the intermediate status we mentioned earlier.

You Didn’t Pass…

If you didn’t pass, you can request to retake the exam – the waiting time between exams depends on the number of exams you’ve taken up to that day.

Tips and Study Materials

One of the important aspects of the exam is how you approach each question. It’s not just about reading comprehension (as important as that may be), but about your priorities, the perspective you bring, understanding the ultimate goal, and of course avoiding distractors in the question that aim to steer you away from the most important part as a CISSP.

Here, we have provided the principles themselves. Examples and explanations for questions can be found on the CISO Plus question page.

“American” Thinking – Remember that the exam is designed for Americans, so there’s no room for cutting corners, adopting a “it will be fine” attitude, or thinking “our organization is too small for this.”

Human Life Comes First – A golden rule is that human life takes precedence over everything, but this principle will be well hidden in the questions. Look for the answer that seems correct but endangers human life and eliminate it.

The Business Comes Before Security – Don’t forget that in the end, there is a business that needs to operate, and it cannot reach a situation where the business is secure but cannot conduct business. Keep this in mind.

Beware of Vendor-Based Solutions – One of the disadvantages of those who come with field experience is that part of our knowledge comes from what we learned from various security manufacturers. In the exam, you will be required to talk about functions, not about a specific marketing term.

Look for the Required End Game Result – You may receive several correct answers, but remember to look for the required value, not parts of the way to get there.

Think Like a Manager or a Consultant – Remember that you need to look at the problem or question presented to you from a top-level perspective.

Don’t Get Bogged Down in Technical Details – A manager doesn’t solve technical problems! Maybe in Israel, it’s customary and even sometimes required, but not in the exam.

Address the Root Cause (Not Just the Actual Problem) – As managers, it’s important that the solution you propose addresses not just the symptom but the essence of the problem and its root cause.

Information Security is Not Just Technical – Don’t rush to technical solutions! Physical security is no less important, as are administrative procedures.

Practice Questions

We have gathered several sources for paid practice questions.

In addition, you can take the CISO Plus exam questions for free.

Courses and Study Books

There are many knowledge sources related to the exam, but there is no substitute for a book that contains the substantial amount of information you’ll need for the exam.

No single book will contain everything you need to know, and in the end, this is an exam that also requires knowledge from field experience. However, we have compiled the most well-known books in the field for you:

Maintaining The Certification

How to maintain the certification in good standing?

To continue holding the certification in good standing, you will be required to pay an annual membership fee (AMF) and submit a CPE report every three years.