What Is ISC2 Certified in Cybersecurity? 2025 Overview 

Certified in Cyber Security

You may have wondered how to get your feet wet in cyber security. But is there such a thing as a low-hanging fruit among entry-level cyber security certifications? Maybe.

ISC2 Certified in Cybersecurity (CC) seems to be a promising low-cost beginner’s certification to kickstart your cyber security journey. But what is Certified in Cybersecurity? 

Since you may have more questions than answers and a lot on your plate, we’ve researched this little-known certification and got you covered. 

In this article, we’ll talk about what ISC2 Certified in Cybersecurity is, how much the Certified in Cybersecurity exam costs, how to get the Certified in Cybersecurity certification, and why you’d want to consider it.

Are you ready? Let’s start.

What Is ISC2 Certified in Cybersecurity (CC)?

ISC2 is the abbreviated form of the nonprofit International Information System Security Certification Consortium on the cyber security industry and education. 

Its most well-recognized certification is CISSP (Certified Information Systems Security Professional), which is popular in many cyber security job ads. Meanwhile, CSSP (Certified Cloud Security Professional) is also gaining traction.

Instead, Certified in Cybersecurity (CC) targets IT and software professionals aspiring to enter the field. ISC2 launched it in August 2022, and its content overlaps so much with CompTIA Security+ that if you pass the latter, CC becomes a piece of cake. 

What Does the ISC2 Certified in Cybersecurity Exam Cover?

The ISC2 Certified in Cybersecurity exam comprises five domains:

  1. Security Principles (26%)
  2. Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts (10%)
  3. Access Controls Concepts (22%)
  4. Network Security (24%)
  5. Security Operations (18%)

We’re breaking them down one by one.

Security Principles

This domain lays the foundation for everything else related to cyber security. 

The CIA Triad is at the top of your list of things to understand, followed by authentication, non-repudiation, and privacy.

You’ll need to be familiar with the risk management process, which includes identification, assessment, and treatment. Technical, administrative, and physical security controls are next.

The ISC2 code of ethics and the professional code of conduct in cyber security are mandatory in this domain, as are governance processes concerning cyber security, such as relevant policies, procedures, standards, regulations, and laws.

Incident Response, Business Continuity (BC) and Disaster Recovery (DR) Concepts

To pass the exam, you must know the purpose, importance, and components of incident response, business continuity, and disaster recovery.

Access Controls Concepts

This domain covers physical and logical access controls.

Physical security controls include badge systems, gate entry, and environmental design. Examples of monitoring are security guards, closed-circuit television (CCTV), alarm systems, and logs, or being able to distinguish between authorized and unauthorized personnel.

By logical access controls, we mean the following concepts:

  • Principle of least privilege
  • Segregation of duties
  • Discretionary access control (DAC)
  • Mandatory access control (MAC)
  • Role-based access control (RBAC)

Network Security

This domain covers computer networks, ports and applications, network threats and attacks, and network security infrastructure.

Important computer networking items are:

The types of threats covered include distributed denial-of-service (DDoS), viruses, worms, trojans, man-in-the-middle (MITM), and side-channel attacks.

Some methods to identify threats include intrusion detection systems (IDS), host-based intrusion detection systems (HIDS), and network intrusion detection systems (NIDS). In contrast, some ways to prevent and contain threats include antivirus scans, firewalls, and intrusion prevention systems (IPS).

To earn this certification, you must know about on-premises infrastructure, including:

  • Power
  • Data center/closets
  • Heating, Ventilation, and Air Conditioning (HVAC)
  • Environmental concerns
  • Fire suppression
  • Redundancy
  • Memorandum of understanding (MOU)/Memorandum of agreement (MOA)

For this purpose, you must learn about the design of network infrastructure and become familiar with concepts such as network segmentation (demilitarized zone (DMZ), virtual local area network (VLAN), virtual private network (VPN), micro-segmentation), defense in depth, Network Access Control (NAC), segmentation for embedded systems, and Internet of Things (IoT).

Cloud concepts fall under this domain. Remember what is a service-level agreement (SLA), a managed service provider (MSP), Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and the notion of a hybrid cloud.

Security Operations

Data security, system hardening, and best practice security policies are a big part of this domain.

Regarding data security, you’ll need to know about symmetric and asymmetric encryption and hashing. Data handling—including the destruction, retention, classification, and labeling of data—is another vital aspect of this domain, as are logging and monitoring security events.

System hardening refers to configuration management practices, such as baselines, updates, and patches, which apply to operating systems and applications.

CC’s best practice security policies are:

  • Data handling policy
  • Password policy
  • Acceptable Use Policy (AUP)
  • Bring your own device (BYOD) policy
  • Change management policy (such as documentation, approval, and rollback) 
  • Privacy policy

Finally, you must understand the purpose, concepts, and importance of security awareness training, such as social engineering and password protection.

How Do I Become CC Certified?

ISC2 offers three options to get CC certified:

  • Self-Paced + exam: As part of ISC2’s campaign to give a million CC holders free training and exams, this option is free as of writing. Once you pass the exam, you can join ISC2 for a yearly subscription of $50 USD, called the “Annual Maintenance Fee” (AMF). It’s not a must, though.
  • Self-Paced + exam + extras: This package costs $199 USD and includes two chances to pass the CC exam, 180 days of access to CC course content, and a waiver of the first year’s AMF.
  • Live Online + exam + extras: Currently, it’s at $804 USD, including all items in the $199 option and a live virtual classroom learning experience led by an ISC2 Authorized Instructor.

CC is comparable to Security+ in difficulty. If you’ve recently prepared for the Security+ exam, taking the CC exam next is a brilliant idea.

You must attend the CC exam in person at your selected Pearson VUE Testing Center. It contains 100 multiple-choice questions and lasts for two hours, and once you begin the exam, you cannot review previous questions. 

The passing score is 700 out of 1000 points, and it’s available in English, Chinese, Japanese, Korean, German, and Spanish.

To renew the CC certification, you must earn 45 continuing professional education credits during the three years of your ISC2 certification cycle and pay $50 USD each year.

Why Would I Pursue ISC2 Certified in Cybersecurity?

When considering whether to acquire the CC certification, you can ponder the following reasons.

Is CC Worth It?

As of now, your training and first exam attempt are free. 

It would be prudent to seize this golden window of opportunity to gain the knowledge expected of an entry-level cyber security professional. It’ll give you a foot in the door of cyber security, at least on the level of essential cyber security knowledge, if not a direct career opportunity (yet).

As you’ll see later in this article, it lays the groundwork for higher and better-recognized ISC2 certifications such as CISSP. Unlike CC, the career prospects for CISSP are vast, lucrative, and well-documented.

The $50 USD annual fee grants you access to ISC2 member-only opportunities such as events, seminars, and internships. These opportunities allow you to network with other cyber security professionals and progress in your cyber security journey.

Job and Salary Prospects

ISC2 admits that, as of May 2024, the data for CC holders’ job prospects are unavailable. We have yet to gather concrete salary statistics and information on immediate career prospects, as it’s too early to say whether the CC certification on its merit leads to higher pay.

Nevertheless, according to Glassdoor, certifications carrying the ISC2 namesake are desirable.

Indeed.com has a few job openings for queries on “ISC2 Certified in Cybersecurity,” and queries for “ISC2” alone turn out to require SSCP or CISSP:

CyberSecurityJobs.com mentions CISSP and an ISC2 certification known as Certified Cyber Forensics Professional (CCFP). 

LinkedIn has been the least helpful, with the best match being a job ad from ISC2 itself.

The verdict is that the impact of CC remains unknown in the workforce, but the ISC2 brand has established credibility. As more people get CC certified, the job prospects may change.

Ultimately, your career goals, location, job market, and potential employers’ requirements will determine the value and future direction of CC, and we’ll update this article accordingly.

Educational Value and Preparation for Further Certifications

All in all, the CC certification covers essential cyber security fundamentals without overwhelming you with advanced topics and helps boost your confidence in taking further ISC2 certification exams. 

CC overlaps with Security+ in content, which may aid you in your Security+ study plans. Most notably, CC exam topics carry over to CISSP

Here’s an infographic showing how they compare with each other:

CC Benefits

For a limited time, your training and first exam attempt are free.
It has no prerequisites.
It has a similar difficulty as Security+ but costs less to attain and maintain.
It relies on the established reputation of the ISC2 brand.
It lays the foundation for the more popular ISC2 certification CISSP.

CC Drawbacks

At present, it has less recognition than the comparable Security+.
No one’s asking for it on job boards.
It may lead to a lower salary than Security+ or CISSP.

Considering everything we said, the CC certification is still worth it, especially for those who want to enter cyber security and are apprehensive of overinvesting themselves in an entry-level certification. 

It’s a great first certification for beginners, but note the following:

  1. If you’re pressed for time and urgently need a cyber security job, you might consider getting Security+ instead, as it’s better known.
  2. If you’re serious about a career in cyber security and have already had some years of education and experience in IT, networking, or cyber security, consider the CISSP.

Conclusion

We’ve shown you an overview of the ISC2 Certified in Cybersecurity (CC) certification, what it is, what the CC exam is about, and how to earn it. You now have a clearer picture of what to expect in the ISC2 Certified in Cybersecurity exam and why it’s worth pursuing.

Since you’re still here, we’d like to invite you to take advantage of our training courses, study groups, and career resources that’ll help you get your foot in the door of the advantageous IT industry, along with a supportive and like-minded community rooting for your continued success in it.

Join our StationX Accelerator Program today!

Frequently Asked Questions

Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Cassandra Lee

    Cassandra is a writer, artist, musician, and technologist who makes connections across disciplines: cyber security, writing/journalism, art/design, music, mathematics, technology, education, psychology, and more. She's been a vocal advocate for girls and women in STEM since the 2010s, having written for Huffington Post, International Mathematical Olympiad 2016, and Ada Lovelace Day, and she's honored to join StationX. You can find Cassandra on LinkedIn and Linktree.

>

StationX Accelerator Pro

Enter your name and email below, and we’ll swiftly get you all the exciting details about our exclusive StationX Accelerator Pro Program. Stay tuned for more!

StationX Accelerator Premium

Enter your name and email below, and we’ll swiftly get you all the exciting details about our exclusive StationX Accelerator Premium Program. Stay tuned for more!

StationX Master's Program

Enter your name and email below, and we’ll swiftly get you all the exciting details about our exclusive StationX Master’s Program. Stay tuned for more!