Home
Certification Preparation
(ISC)²
CISSP
CISSP experience requirements and endorsement
SBA
Hello all,
I am an IT auditor with around 4,5 years of external IT audit experience in big fours (ITGCs and IT dependencies audit) as well as nearly a year of IT internal audit experience. I would please like to ask if any of you had an exclusively IT general audit background and passed CISSP ? Also I do not know an ISC member in my current position, does any of you have experience with endorsement process by ISC?
I would please like to be sure I can get the certification with my current experience before investing in the exam costs
Thanks a lot in advance for your help
Find more posts tagged with
Comments
E Double U
As an IT auditor, you might have gained enough knowledge to be able to understand the domains just fine. If I had to guess, you would probably feel comfortable with the following domains:
1: security & risk mgmt
2: asset security
6: security assessment & testing
Keep in mind that you are only required to have experience in two of the eight domains. Reference
https://www.isc2.org/Certifications/CISSP/experience-requirements
for certification requirements and
https://www.isc2.org/Endorsement
for the endorsement process. (ISC)2 itself can act as your endorser.
Have you considered ISACA credentials? CISA would be a no-brainer if you do not already have it. Plus it can be used to substitute one year of experience.
SBA
Thanks for your reply E Double U
Indeed when I pass through the content I did not find yet blocking points, knowledge is not problem. I have CISA and considered CISM, but I find CISSP also has a technical emphasis which can be certainly valuable in security processes audits.
What I wonder is whether ISC² accept experience solely as an auditor assessing security risks and controls, or whether they require necessarily hands-on security controls design/implementation/operation experience.
E Double U
If no one else here with your background can chime in then I would recommend that you contact (ISC)2 directly. I assume that they will have no problem allowing someone to take their exam as that plus the annual maintenance fees benefits them financially
SBA
Thanks I agree, they can allow but the problem is they can provide status as "associate of ISC²" (provided annual fee is paid) without the certification, so will check directly with them to know clearly if experience applies
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
