Certified in Cybersecurity
Validates foundational knowledge, skills, and abilities for entry-level and junior cybersecurity roles. Covers five domains: security principles, business continuity and disaster recovery, access controls, network security, and security operations. No prior work experience required, making it accessible to IT professionals, career changers, and recent graduates. ISC2 offers free exam and training through the One Million Certified in Cybersecurity initiative. Accredited under ISO/IEC 17024.
Exam domains
- Security Principles26%
Understand the security concepts of information assurance (confidentiality, integrity, availability - CIA triad; authentication - single-factor/multi-factor; non-repudiation; privacy). Understand the risk management process (risk management - threats/vulnerabilities/likelihood/impact; risk identification, assessment, and treatment). Understand security controls (technical controls - safeguards or countermeasures; administrative controls; physical controls). Understand the ISC2 Code of Ethics (professional code of conduct). Understand governance processes (policies, procedures, standards, regulations and laws). NIST CSF (Cybersecurity Framework) and NIST SP 800-12 (An Introduction to Information Security) provide authoritative foundational references.
- Network Security24%
Understand computer networking (networks - OSI model/TCP-IP model, IPv4/IPv6, WiFi, ports, applications). Understand network threats and attacks (types of threats - DDoS/virus/worm/Trojan/MITM/side-channel; identification - IDS/HIDS/NIDS/SIEM; prevention - antivirus/scans/firewalls/IPS). Understand network security infrastructure (on-premises - data centers, cloud, network design - network segmentation/DMZ/VLAN/VPN/micro-segmentation, IoT - internet of things, secure design principles - defense in depth/zero trust). IETF RFCs (TCP/UDP/IPv4/IPv6/TLS/DNS) and NIST SP 800-41 (Firewalls) provide authoritative reference.
- Access Controls Concepts22%
Understand physical access controls (physical security controls - badge systems/gate entry/environmental design, monitoring - cameras/logs/alarms, authorized vs unauthorized personnel). Understand logical access controls (principle of least privilege; segregation of duties - SoD; discretionary access control - DAC; mandatory access control - MAC; role-based access control - RBAC). NIST SP 800-162 (ABAC) and SP 800-63 (Digital Identity Guidelines) provide authoritative reference.
Sources
Questions are grounded in 50 references from official and authoritative materials.