1、CISSP Professional Experience RequirementNote: Effective 1 October 2007, professional work experience requirements for the CISSP will increase from four to five years, and direct full-time security professional work experience will be required in two or more of the ten CISSP CBK domains. A new endor
2、sement policy will also be in effect, requiring anyone who passes a CISSP, CAP, or SSCP exam to have their qualifications endorsed by another (ISC) credential holder. These changes will not affect those who sit for an examination on or before 30 September 2007. For more information, please refer to
3、the Experience Requirement Change FAQs. Applicants must have a minimum of four years of direct full-time security professional work experience in one or more of the ten domains of the (ISC) CISSP CBK. CISSP professional experience includes: Work requiring special education or intellectual attainment
4、, usually including a liberal education or college degree. Work requiring habitual memory of a body of knowledge shared with others doing similar work. Management of projects and/or other employees. Supervision of the work of others while working with a minimum of supervision of ones self. Work requ
5、iring the exercise of judgment, management decision-making, and discretion. Work requiring the exercise of ethical judgment (as opposed to ethical behavior). Creative writing and oral communication. Teaching, instructing, training and the mentoring of others. Research and development. The specificat
6、ion and selection of controls and mechanisms (i.e. identification and authentication technology) (does not include the mere operation of these controls). Applicable titles such as officer, director, manager, leader, supervisor, analyst, designer, cryptologist, cryptographer, cryptanalyst, architect,
7、 engineer, instructor, professor, investigator, consultant, salesman, representative, etc. Title may include programmer. It may include administrator, except where it applies to one who simply operates controls under the authority and supervision of others. Titles with the words coder or operator ar
8、e likely excluded. The applicant must meet the following requirements to qualify to sit for the examination: A. Subscribe to the (ISC) Code of Ethics; and B. Have a minimum four years* of direct full-time security professional work experience in one or more of the ten domains of the information syst
9、ems security CBK . Waiver of Experience: If certain circumstances apply and with appropriate documentation, candidates are eligible to waive a maximum of two years of professional experience* as follows: One year waiver of the professional experience requirement for education. Candidates can substit
10、ute a maximum of one year of direct full-time security professional work experience described above if they have a four-year college degree OR Masters Degree in information security from a U.S. National Center of Academic Excellence in information Security (CAEIAE) or regional equivalent. If you hol
11、d both a four-year degree and a Masters degree, you may only apply for a one year waiver of experience. One-year waiver of the professional experience requirement for holding an additional credential on the (ISC) approved list. Valid experience includes information systems (IS) security-related work
12、 performed as a practitioner, auditor, consultant, investigator or instructor, that requires IS security knowledge and involves the direct application of that knowledge. The four years of experience must be the equivalent of actual fulltime IS security work (not just IS security responsibilities for
13、 a four year* period); this requirement is cumulative, however, and may have been accrued over a much longer period of time.PurposeTo recognize the efforts of any candidate who has received any credential deemed as approved, and apply such credential and associated requirements, toward a waiver of e
14、xperience. PolicyA candidate shall be permitted a waiver of one (1) year experience for any credential on the approved list below.Approved Credentials for Experience Waiver: CERT Certified Computer Security Incident Handler (CSIH) Certified Business Continuity Planner (CBCP) Certified Computer Crime
15、 Investigator (Advanced) (CCCI) Certified Computer Crime Prosecutor Certified Computer Examiner (CCE) Certified Fraud Examiner (CFE) Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified Internal Auditor (CIA) Certified Protection Professional (CPP) Cer
16、tified Wireless Security Professional (CWSP) CompTIA Security+ Computer Forensic Computer Examiner (CFCE) GIAC Security Essentials Certification (GSEC) GIAC Certified Firewall Analyst (GCFW) GIAC Certified Intrusion Analyst (GCIA) GIAC Certified Incident Handler (GCIH) GIAC Certified Windows Securit
17、y Administrator (GCWN) GIAC Certified UNIX Security Administrator (GCUX) GIAC Certified Forensic Analyst (GCFA) GIAC Information Security Officer (GISO) GIAC IT Security Audit Essentials (GSAE) GIAC Security Expert (GSE) GIAC Certified ISO-17799 Specialist (G7799) GIAC Security Leadership Certification (GSLC) GIAC Systems and Network Auditor (GSNA) GIAC Certified Security Consultant (GCSC) Microsoft Certified Systems Administrator (MCSA) Microsoft Certified Systems Engineer (MCSE) Master Business Continuity Planner (MBCP) System Security Certified Practitioner (SSCP)
