Certified Information Systems Security Tester (CISST)

Certification Overview

Certified Information Systems Security Tester (CISST)

Exam Code: CISST-001

Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical).

Information Security Testing and Assessment is a process of identifying different security vulnerabilities in your technology infrastructure. The risks found in the vulnerability assessment are issues that may be exploited by a malicious individual or program to gain access to your confidential and proprietary data.

Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing security testing is not an indication that no flaws exist or that the system adequately satisfies the security requirements.

Typical security requirements may include specific elements of confidentiality, integrity, authentication, availability, authorization and non-repudiation. Actual security requirements tested depend on the security requirements implemented by the system. Security testing as a term has a number of different meanings and can be completed in a number of different ways. As such a Security Taxonomy helps us to understand these different approaches and meanings by providing a base level to work from.

E-Course Duration: 30 to 35 Hours

Exam Information

The exam comprises of 100 Multiple Choice Questions out of which the candidate needs to score 70% (70 out of 100 correct) to pass the exam.

Exams are online and proctored based, using a webcam and a reliable internet connection exams can be taken anywhere and anytime.

The total duration of the exam is 2 hours (120 Minutes).

No external sources of information may be accessed during the exam via ProctorU. Further details of the materials permitted are provided:

  • Identification Proof
  • If a Candidate does not pass the exam in the second (2nd) attempt, the candidate must wait for a period of at least fourteen (14) calendar days from the date of their attempt to retake the exam for third (3rd) time or any subsequent time.
  • The exam can be taken any number of times.

The Certified Information Systems Security Tester (CISST)® is valid for life.

CISST® is a Registered Trademark of GAQM.


Note: The Certified Information Systems Security Tester (CISST)® Certification requires a mandatory E-Course completion requirement. Once the candidate completes the E-Course, they will receive a GAQM Learner ID. 

Course Outline

Module Information - 1

  • Module 1 - Security Risks
  • Module 2 - Asset Identification
  • Module 3 - Assessing Risk Analysis Effectiveness
  • Module 4 - Information Security Policies and Procedures
  • Module 5 - Analysis of Information Security Policies and Procedures
  • Module 6 - Security Auditing and Its Role in Security Testing
  • Module 7 - Security Risk Assessment
  • Module 8 - Security Triad
  • Module 9 - Introduction to Security Testing
  • Module 10 - The Purpose of Security Testing
  • Module 11 - The Organizational Context
  • Module 12 - Security Testing Objectives
  • Module 13 - The Difference between Information Assurance and Security Testing
  • Module 14 - The Scope and Coverage of Security Testing Objectives
  • Module 15 - Analysis of Security Approaches
  • Module 16 - Analysis of Failures in Security Test Approaches
  • Module 17 - Stakeholder Identification

Module Information - 2

  • Module 18 - Improving the Security Testing Practices
  • Module 19 - Security Test Process Definition
  • Module 20 - Lifecycle Alignment and Security Testing Tasks
  • Module 21 - Security Test Planning
  • Module 22 - Security Test Design
  • Module 23 - Implementing Policy-Based Security Tests
  • Module 24 - Security Test Execution
  • Module 25 - Security Test Evaluation
  • Module 26 - Security Test Maintenance
  • Module 27 - Role of Security Testing in a Lifecycle
  • Module 28 - The Role of Security Testing in Design
  • Module 29 - The Role of Security Testing in Implementation Activities
  • Module 30 - Component Test Analysis & Design
  • Module 31 - Analyzing Component Test Results
  • Module 32 - Component Integration Test Analysis & Design
  • Module 33 - The Role of Security Testing in System and Acceptance Test Activities
  • Module 34 - Definition of Security-Oriented Acceptance Criteria

Module Information - 3

  • Module 35 - The Role of Security Testing in Maintenance
  • Module 36 - Testing the Effectiveness of System Hardening
  • Module 37 - Authentication and Authorization
  • Module 38 - Firewalls and Network Zones
  • Module 39 - Encryption, Intrusion Detection, Malware Scanning and Data Obfuscation
  • Module 40 - Training
  • Module 41 - Security Awareness
  • Module 42 - Attack Motivations
  • Module 43 - Social Engineering and Security Awareness
  • Module 44 - Revising Security Expectations
  • Module 45 - Security Test Reporting
  • Module 46 - Reporting Security Test Status
  • Module 47 - Reporting Security Test Results
  • Module 48 - Types and Purposes of Security Test Tools
  • Module 49 - Tool Selection
  • Module 50 - Open Source Tools
  • Module 51 - Benefits of Standards
  • Module 52 - Applying Security Standards

Target Audience

  • This certification is the most advanced information systems testing training in Information Security industry for IT managers, security consultants, security analysts, IT professionals, network engineers and anyone having prior ethical hacking knowledge.
  • People in managerial positions related to PCI DSS compliance, Project managers, Fraud management and prevention staff, Information security managers and officers, payment application vendors.

Registration Process for E-Course and Exam

Premium Package
(E-Course Version)

  • Self Explanatory
  • Valid for 40 days
  • The Package also includes E-Voucher/Access Key for Certification Exam
  • The E-Voucher/Access Key can be used via ProctorU Globally.
  • Includes E-certificate and Digital Badge if you qualify in the exam.
  • Course Duration: 40 Days
  • Price: 230 USD


  • Validity: 240 Days
  • Price: 170 USD
  • Please Read Carefully:

    1) Please Purchase the Second Voucher from our Voucher Store to Schedule the exam via ProctorU.

    2) One Voucher can be used by one person, one time, for one exam discount/fee only.

Visit E-Voucher Store

Exam Registration

  • To Register for an Exam
Click Here