IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Cyber security certification overhaul brings new questions and longer exams

Fresh changes to the examination format of the prestigious CISSP exam will come into effect later this year

Cyber security industry body and issuer of the Certified Information Systems Security Professional (CISSP) exam has announced an overhaul to the way the exam will be run this year.

Starting 1 June 2022, CISSP exam participants using the Computerised Adaptive Testing (CAT) format will be exposed to double the number of ‘dummy questions’ in the exam paper - experimental questions that are unscored but are used to inform the suitability of questions in future exam papers.

The International Information System Security Certification Consortium, commonly referred to as (ISC)², said the exam will now have an additional 25 pretest questions, bringing the total to 50.

Experts have said the move could bring a positive change to the exam, including more accurate testing.

"Setting fair examinations is an art in itself, so the introduction of ‘dummy’ questions can potentially lead to more accurate results," said Kevin Curran, IEEE senior member and professor of cyber security at Ulster University.

“The exam has been ‘fluid’ for many years as it raises the difficulty level for each person taking the exam in response to questions which have previously been answered,” he added. “There is also a need to combat any techniques used by those taking the exam remotely, so approaches like this could perhaps be adopted by other professional certification authorities in the future.”

Other exam bodies, such as ISACA and CompTIA, have moved to remote testing in recent years after candidates said it was more convenient for them than travelling to a testing centre, and due to social distancing measures brought on by the pandemic.

(ISC)² has also recently begun online proctoring its remote examinations - a process involving an exam supervisor watching the exam-taker via a webcam link and monitoring for things like on-screen assistance software using screen-sharing technology.

Related Resource

Successful WAN and security transformation powers the digital enterprise

Applications are delivered in the cloud - security should be too

Dark grey whitepaper cover with white title and circular graphics in pink stripes and a lighter greyFree Download

The latest change can be seen as one that targets testing development rather than the candidates themselves, said Adam Seamons, systems and security engineer at GRC International Group.

The minimum and maximum number of questions participants will have to answer will be raised from 100-150 to 125-175, and the exam’s maximum duration will be extended by an hour to four hours-long to accommodate the additional questions. The domains and domain weights contained within the CISSP exam outline have not changed.

“Pretest items enable (ISC)² to continue expanding our item bank to strengthen the integrity and security of the CISSP for all those who earn the certification,” said the industry body.

“The additional 25 pretest items will be evaluated for inclusion as operational (scored) items in future exams. The pretest items will be indistinguishable from operational (scored) items and should be considered carefully to select the best possible answer.”

There have been complaints in the past that the wording and expected answers could, at times, be difficult to interpret, so a more comprehensive screening of questions could lead to a reduction in this, said Phil Robinson, principal consultant and founder at Prism Infosec.

“If (ISC)² is planning an extensive question refresh, then it is a positive that they are conducting analysis on questions and answers to minimise ambiguity and ensure a sufficient percentage of candidates can make the correct choice, prior to rolling them out into live question sets,” he told IT Pro.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022