Select Page

CISS™ – Certified Information Security Specialist™

A Cybersecurity Certification by CorpSecurity International

From Physical to Cyber—Specialist Certification for the Real-World Defender

The Certified Information Security Specialist™ (CISS™) credential is the latest addition to the professional certification portfolio of CorpSecurity International, a globally recognized certification authority in physical security, business continuity, and organizational resilience.

As threats evolve from the physical to the digital domain, CISS™ empowers today’s security professionals to develop advanced, actionable expertise in protecting IT infrastructure, digital assets, and networks.

About CorpSecurity International

CorpSecurity International is an independent certification body with a mission to certify real-world readiness across the security spectrum. Since our inception, we’ve certified professionals in:

Physical Security & Protective Operations

Business Continuity & Crisis Management

Organizational Resilience

Cybersecurity & Information Security (New)

Our certification framework is designed to address practical risks and real-world roles, aligning with global standards but grounded in operational realities.

CISS™ is our dedicated response to the increasing need for technically skilled cyber defenders across industries and regions.

Know More

What is CISS™?

CISS™ (Certified Information Security Specialist™) is a role-focused, vendor-neutral cybersecurity certification for hands-on professionals tasked with defending digital environments.

Unlike governance-based certifications, CISS™ validates practical expertise in areas like:

Z

Network security

Z

Endpoint protection

Z

Threat detection

Z

Incident response

Z

Security architecture and monitoring

CISS™ is for practitioners, not policy-makers.

Domains Covered in CISS™

  1. Cybersecurity Architecture & Infrastructure
  2. Threat Intelligence & Incident Response
  3. Network & Endpoint Defense
  4. Access Control & Identity Management
  5. Security Operations & Monitoring

These domains reflect industry frameworks including NIST, MITRE ATT&CK, and ISO/IEC 27001.

Domain 1: Cybersecurity Architecture & Infrastructure (20%)

Objective: Test the candidate’s ability to design, implement, and evaluate secure network and system architectures.

Key Topics:

  • Security design principles (least privilege, segmentation, defense in depth)
  • Secure network design (DMZs, firewalls, VLANs, microsegmentation)
  • Network protocols & secure communication (TLS, SSH, IPsec, VPNs)
  • Zero Trust architecture (ZTA) design and implementation
  • Infrastructure as Code (IaC) security considerations
  • Secure configuration of servers, databases, routers, and switches
  • Cloud and hybrid infrastructure security (AWS, Azure, GCP)
  • Virtualization & container security (Docker, Kubernetes)
  • On-prem vs cloud workload risk comparison

Domain 2: Threat Intelligence & Incident Response (20%)

Objective: Evaluate the candidate’s knowledge of threat intelligence life cycles, tools, and effective response strategies.

Key Topics:

  • Cyber threat intelligence (CTI) fundamentals (TTPs, IoCs, STIX/TAXII)
  • Threat classification and attribution (APTs, malware types)
  • MITRE ATT&CK framework
  • Indicators of Compromise (IoCs) analysis
  • Digital forensics principles (chain of custody, data preservation)
  • Incident response lifecycle (NIST SP 800-61)
  • Triage, containment, eradication, recovery procedures
  • Communication plans & regulatory disclosure during incidents
  • Post-incident reviews and root cause analysis
  • Using SIEM tools for correlation and analysis (Splunk, ELK, etc.)

Domain 3: Network & Endpoint Defense (20%)

Objective: Ensure mastery of practical controls, detection systems, and defense strategies across network and endpoint layers.

Key Topics:

  • Firewalls, IDS/IPS, proxy servers – configuration and tuning
  • Endpoint protection platforms (EPP), EDR, XDR tools
  • Malware prevention & behavioral detection
  • Secure network protocols (HTTPS, SNMPv3, RADIUS/TACACS+)
  • VPN technologies and split tunneling risks
  • Common attacks (DDoS, spoofing, port scanning) and defenses
  • Wireless security (WPA3, rogue AP detection)
  • Patch management and vulnerability scanning (Nessus, OpenVAS)
  • Log management & audit trail configuration
  • Endpoint hardening: host-based firewalls, OS configurations

Domain 4: Access Control & Identity Management (20%)

Objective: Assess knowledge of access control models, authentication methods, and IAM implementations.

Key Topics:

  • AAA concepts (Authentication, Authorization, Accounting)
  • Identity and Access Management (IAM) architectures
  • Access control models: RBAC, ABAC, DAC, MAC
  • MFA implementation strategies (SMS, biometrics, token-based)
  • Federation and SSO (SAML, OAuth, OpenID Connect)
  • Privileged Access Management (PAM)
  • Credential lifecycle management
  • Directory services (Active Directory, LDAP)
  • Identity governance and audit
  • User provisioning and deprovisioning workflows

Domain 5: Security Operations & Monitoring (20%)

Objective: Validate the candidate’s ability to maintain, monitor, and improve operational security.

Key Topics:

  • Security Operations Center (SOC) workflows and tiers
  • Log collection and centralized monitoring (Syslog, SIEM)
  • Use case development and rule tuning
  • Baseline behavior analysis and anomaly detection
  • Alert triage and false positive reduction
  • Metrics, KPIs, and reporting dashboards
  • Vulnerability management process (CVSS, remediation timelines)
  • Change management and configuration control
  • Threat modeling and risk assessments
  • Business continuity integration with operations

CISS™ Certification Eligibility

To qualify for the Certified Information Security Specialist™ (CISS™), candidates must meet one of the following:

1. Experience-Based Path

  • 2+ years in a hands-on cybersecurity role (e.g., SOC analyst, incident responder, red teamer).
  • Must have worked in at least 2 of the 5 CISS™ domains.

2. Education + Entry-Level Experience

  • A degree or diploma in cybersecurity or a related field.
  • 6+ months of experience (employment or internship) in a security operations or defense role.

3. Certification-Based Path

  • Hold a recognized certification (e.g., Security+, CySA+, CEH, SSCP).
  • Must submit a brief Statement of Practical Exposure

Why Choose CISS™ by CorpSecurity

  • From an Established Security Certification Body
    We’ve certified professionals across physical and digital domains.
  • Role-Specific, Real-World Focus
    CISS™ is built around what cyber defenders actually do—not what managers oversee.
  • Globally Applicable and Vendor-Neutral
    Use skills across any platform or technology stack.
  • Open Access & Modern Delivery
    Exams are delivered remotely with secure online proctoring.

What You’ll Get

  • CISS™ Official Certification & Digital Badge
  • Listing in the CorpSecurity Certified Directory
  • Access to Continuing Professional Education (CPE) resources
  • Early updates on threat research and best practices
Enquire Now