The ISSMP Certification is defined by (ISC)2 as the CISSP concentration area that is designed to denote competence and expertise in information security management.
To qualify for and obtain the ISSMP certification, the candidate must possess the CISSP credential, sit for and pass the ISSMP examination, and maintain the ISSMP credential in good standing.
The ISSMP examination is similar in format to that of the CISSP examination. The questions are multiple choice, with the examinee being asked to select the best answer of four possible answers. The examination comprises 150 questions, 25 of which are experimental questions that are not counted. The candidate is allotted 3 hours to complete the examination.
The ISSMP certification and examination cover the following five primary areas:
Enterprise security management—Focuses on the fundamental aspects of a security program from an enterprise perspective. This domain deals with policies, business objectives, risk management, change control, the value of certification and accreditation, and security awareness.
Enterprise-wide systems development practices—Concerned with incorporating security in system development models and configuration management, integrating application and network security controls, and developing processes to identify system threats and vulnerabilities.
Overseeing compliance of operations security—Details security requirements ...