Over our 26-year history, (ISC)² has earned a reputation for providing gold standard information security credentials. Maintaining the relevancy of those credentials amidst the changes in technology and the evolving threat landscape occurring in this industry is a core strategy upon which this organization was built.



As a result of a rigorous, methodical process that (ISC)² follows to routinely update its credential exams, I’m pleased to announce that enhancements will be made to both the Certified Information Systems Security Professional (CISSP) and Systems Security Certified Practitioner (SSCP) credentials, beginning April 15, 2015. We conduct this process on a regular basis to ensure that the examinations and subsequent training and continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.



Both credentials reflect knowledge of information security best practices, but from different facets. SSCPs are typically more involved in hands-on technical, day-to-day operational security tasks. Core competencies for SSCPs include implementing, monitoring and administering IT infrastructure in accordance with information security policies, procedures and requirements that ensure data confidentiality, integrity, and availability. CISSPs, while also technically competent, typically design, engineer, implement and manage the overarching enterprise security program.

SSCPs and CISSPs speak the same information security language with unique perspectives that complement each other across various IT departments and business lines.

The content of the official (ISC)² SSCP CBK has been refreshed to reflect the most pertinent issues that security practitioners currently face, along with the best practices for mitigating those issues. The result is an exam that most accurately reflects the technical and practical security knowledge that is required for the daily job functions of today’s frontline information security practitioner.



The domain names have been updated as follows to describe the topics accurately:

SSCP Domains, Effective April 15, 2015

Access Controls Security Operations and Administration Risk Identification, Monitoring, and Analysis Incident Response and Recovery Cryptography Networks and Communications Security Systems and Application Security

Refreshed technical content has been added to the official (ISC)² CISSP CBK to reflect the most current topics in the information security industry today. Some topics have been expanded (e.g., asset security, security assessment and testing), while other topics have been realigned under different domains. The result is an exam that most accurately reflects the technical and managerial competence required from an experienced information security professional to effectively design, engineer, implement and manage an organization’s information security program within an ever-changing security landscape.



The domain names have been updated as follows:



CISSP Domains, Effective April 15, 2015

Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity) Asset Security (Protecting Security of Assets) Security Engineering (Engineering and Management of Security) Communications and Network Security (Designing and Protecting Network Security) Identity and Access Management (Controlling Access and Managing Identity) Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery) Software Development Security (Understanding, Applying, and Enforcing Software Security)

Some candidates may be wondering how these updates affect training materials for the CISSP and SSCP credentials. As part of the organization’s comprehensive education strategy and certifying body best practices, (ISC)² training materials do not teach directly to its credential examinations. Rather, (ISC)² Education is focused on teaching the core competencies relevant to the roles and responsibilities of today’s practicing information security professional. It is designed to refresh and enhance the knowledge of experienced industry professionals.



The content within (ISC)² training materials will be revised to align with the updated CISSP and SSCP domains, according to the schedule provided in the FAQs. If candidates have recently participated in or plan to soon participate in an (ISC)² training course for the CISSP or SSCP, we encourage them to go ahead and schedule their examination at a Pearson VUE testing center for a date prior to April 15, 2015. If candidates are currently in a training course or are unable to sit for the CISSP or SSCP credential examination prior to April 15, 2015, I believe that an (ISC)² training course is still a beneficial step in their study plan.

I am confident that these updates positively reflect on our commitment to ensure that our certifications remain relevant to the industry today and continue to earn the gold standard reputation.

For more information, please refer to the FAQs on our website. And as always, our global Member Services Department is available to answer any additional questions at membersupport@isc2.org or directly via phone in accordance with your respective region at https://www.isc2.org/contactus/default.aspx.