Cyber security certification overhaul brings new questions and longer exams
Fresh changes to the examination format of the prestigious CISSP exam will come into effect later this year
Cyber security industry body and issuer of the Certified Information Systems Security Professional (CISSP) exam has announced an overhaul to the way the exam will be run this year.
Starting 1 June 2022, CISSP exam participants using the Computerised Adaptive Testing (CAT) format will be exposed to double the number of ‘dummy questions’ in the exam paper - experimental questions that are unscored but are used to inform the suitability of questions in future exam papers.
The International Information System Security Certification Consortium, commonly referred to as (ISC)², said the exam will now have an additional 25 pretest questions, bringing the total to 50.
Experts have said the move could bring a positive change to the exam, including more accurate testing.
"Setting fair examinations is an art in itself, so the introduction of ‘dummy’ questions can potentially lead to more accurate results," said Kevin Curran, IEEE senior member and professor of cyber security at Ulster University.
“The exam has been ‘fluid’ for many years as it raises the difficulty level for each person taking the exam in response to questions which have previously been answered,” he added. “There is also a need to combat any techniques used by those taking the exam remotely, so approaches like this could perhaps be adopted by other professional certification authorities in the future.”
Other exam bodies, such as ISACA and CompTIA, have moved to remote testing in recent years after candidates said it was more convenient for them than travelling to a testing centre, and due to social distancing measures brought on by the pandemic.
(ISC)² has also recently begun online proctoring its remote examinations - a process involving an exam supervisor watching the exam-taker via a webcam link and monitoring for things like on-screen assistance software using screen-sharing technology.
Successful WAN and security transformation powers the digital enterprise
Applications are delivered in the cloud - security should be tooFree Download
The latest change can be seen as one that targets testing development rather than the candidates themselves, said Adam Seamons, systems and security engineer at GRC International Group.
The minimum and maximum number of questions participants will have to answer will be raised from 100-150 to 125-175, and the exam’s maximum duration will be extended by an hour to four hours-long to accommodate the additional questions. The domains and domain weights contained within the CISSP exam outline have not changed.
“The additional 25 pretest items will be evaluated for inclusion as operational (scored) items in future exams. The pretest items will be indistinguishable from operational (scored) items and should be considered carefully to select the best possible answer.”
There have been complaints in the past that the wording and expected answers could, at times, be difficult to interpret, so a more comprehensive screening of questions could lead to a reduction in this, said Phil Robinson, principal consultant and founder at Prism Infosec.
“If (ISC)² is planning an extensive question refresh, then it is a positive that they are conducting analysis on questions and answers to minimise ambiguity and ensure a sufficient percentage of candidates can make the correct choice, prior to rolling them out into live question sets,” he told IT Pro.
Activation playbook: Deliver data that powers impactful, game-changing campaigns
Bringing together data and technology to drive better business outcomesFree Download
In unpredictable times, a data strategy is key
Data processes are crucial to guide decisions and drive business growthFree Download
Achieving resiliency with Everything-as-a-Service (XAAS)
Transforming the enterprise IT landscapeFree Download
What is contextual analytics?
Creating more customer value in HR software applicationsFree Download