IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Cyber security certification overhaul brings new questions and longer exams

Fresh changes to the examination format of the prestigious CISSP exam will come into effect later this year

Cyber security industry body and issuer of the Certified Information Systems Security Professional (CISSP) exam has announced an overhaul to the way the exam will be run this year.

Starting 1 June 2022, CISSP exam participants using the Computerised Adaptive Testing (CAT) format will be exposed to double the number of ‘dummy questions’ in the exam paper - experimental questions that are unscored but are used to inform the suitability of questions in future exam papers.

The International Information System Security Certification Consortium, commonly referred to as (ISC)², said the exam will now have an additional 25 pretest questions, bringing the total to 50.

Experts have said the move could bring a positive change to the exam, including more accurate testing.

"Setting fair examinations is an art in itself, so the introduction of ‘dummy’ questions can potentially lead to more accurate results," said Kevin Curran, IEEE senior member and professor of cyber security at Ulster University.

“The exam has been ‘fluid’ for many years as it raises the difficulty level for each person taking the exam in response to questions which have previously been answered,” he added. “There is also a need to combat any techniques used by those taking the exam remotely, so approaches like this could perhaps be adopted by other professional certification authorities in the future.”

Other exam bodies, such as ISACA and CompTIA, have moved to remote testing in recent years after candidates said it was more convenient for them than travelling to a testing centre, and due to social distancing measures brought on by the pandemic.

(ISC)² has also recently begun online proctoring its remote examinations - a process involving an exam supervisor watching the exam-taker via a webcam link and monitoring for things like on-screen assistance software using screen-sharing technology.

Related Resource

Successful WAN and security transformation powers the digital enterprise

Applications are delivered in the cloud - security should be too

Dark grey whitepaper cover with white title and circular graphics in pink stripes and a lighter greyFree Download

The latest change can be seen as one that targets testing development rather than the candidates themselves, said Adam Seamons, systems and security engineer at GRC International Group.

The minimum and maximum number of questions participants will have to answer will be raised from 100-150 to 125-175, and the exam’s maximum duration will be extended by an hour to four hours-long to accommodate the additional questions. The domains and domain weights contained within the CISSP exam outline have not changed.

“Pretest items enable (ISC)² to continue expanding our item bank to strengthen the integrity and security of the CISSP for all those who earn the certification,” said the industry body.

“The additional 25 pretest items will be evaluated for inclusion as operational (scored) items in future exams. The pretest items will be indistinguishable from operational (scored) items and should be considered carefully to select the best possible answer.”

There have been complaints in the past that the wording and expected answers could, at times, be difficult to interpret, so a more comprehensive screening of questions could lead to a reduction in this, said Phil Robinson, principal consultant and founder at Prism Infosec.

“If (ISC)² is planning an extensive question refresh, then it is a positive that they are conducting analysis on questions and answers to minimise ambiguity and ensure a sufficient percentage of candidates can make the correct choice, prior to rolling them out into live question sets,” he told IT Pro.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022