cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Alec
Newcomer II

CISSP: Group B credits

I've got my CISSP earlier this year and decided to be proactive in earning CPEs from day one. While there is enough information and recommendations on Group A credits I'm a bit unsure about practical ways to earn Group B credits. The list of suggested activities on ISC(2) website provides some guidance, but besides "Technical skills not in information security" - which includes things like programming languages - other options seem to be more management-oriented. I wonder what other fellow CISSPs would recommend as feasible options to earn Group B credits for someone in a security engineer position. Thanks!
21 Replies
Badfilemagic
Contributor II

I think that the idea behind group B credits is that in order to be really successful in the type of role where, say, a CISSP is required, it's helpful to have a good understanding of the fundamentals of the business you work for, and you should get credits for seeking education to that end.

 

I've used things from Coursera before, like a business analytics course I did on there. If you take community college classes for credit, that's probably another good way to get type B credits, too. You may even be able to get your company to pay for something like for-credit courses at an accredited school. If you're already pursuing a masters degree, that should work as well, I would think.

-- wdf//CISSP, CSSLP
Early_Adopter
Community Champion

In addition to @Badfilemagic's excellent advice, I would say that CPEs in group B can work as part of your learning an development plan if you have one. As long as its valuable, related in some way to being a security professional and you can write it down and you can justify it to yourself and another reasonable person. Example  - my Molecular gastronomy appreciation course doesn't count, psychology short course probably would as it's related to how people behave generally.

 

For example I did toe courses on Privacy this year one with IT Governance(which surprise-suprise was mostly about the practice of audit :P), the other was with IAPP which was heavily slanted to legal.

 

I put the IT Governance course into group A, and the IAPP course into group B - personally I think I could argue for either, but you only use them one and I went for what I felt was the best fit.

 

Here's a good blog post on this, and the official guidelines.

 

http://blog.isc2.org/isc2_blog/2014/01/free-ways-to-earn-continuing-professional-education-cpe-credi...

 

https://downloads.isc2.org/certifications/cpe-guidelines.pdf

 

 

Alec
Newcomer II

Thank you, Badfilemagic and Early_Adopter, your suggestions shed some light!
Alec
Newcomer II

Hmm, I just found an ISC(2) blog post on 2015 changes and the following quote drew my attention:

"Group B CPEs remain optional and may be substituted by Group A CPEs".

 

Here's the link to the post:

http://blog.isc2.org/isc2_blog/2015/01/cpe-policy-changes-for-isc%C2%B2-members-start-this-month.htm...

 

So, am I correct assuming that earning 40 or more group A credits within a year will satisfy the requirement?

Early_Adopter
Community Champion

That's correct, yes.

 

Group B just gives you a wider pool of learning/activities to select from.

 

Also - 'All work and no play makes x/y a dull boy/girl.' Its nice to be cross functional, no one ever accuses ISC2 of being over specialized, but depth of interest is good.

 

Here's the table from the PDF, operator is OR. Not the lower annual requirement in group A(group A has a need for every year)  plus you have an option to do a lot of the A+B in over the three years(I sat the CISSP twice as I couldn't be bothered to submit CPEs so let it lapse - my advice is not to do that as it's expensive compared to record keeping).

 

Screen Shot 2017-12-19 at 8.59.55 AM.png

Alec
Newcomer II

I think you posted an old version of the requirements, here's the current breakdown. 

 

 

Capture.JPG

Early_Adopter
Community Champion

Thanks Alec, Sorry so I did, here's what I meant to post -the annual requirement for A was upped - presumably to stop CPE rushes in year three:

 

Screen Shot 2017-12-19 at 9.22.06 AM.png

 

 

Alec
Newcomer II

One more question - CPE rollovers. Here's what the section Rollover CPE Credits says:


"CPE rollover credits are limited to the total CPEs required each year. For example, CISSPs will only be able to roll over up to 40 Group A credits earned in the last 6 months of your three year certification cycle. CPEs do not rollover from cycle year to cycle year. Rollover CPEs are calculate at the time of renewal."

 

Does that mean I can only earn extra CPEs within the last 6 months of the 3d year? Should I really limit my CPE accrual to 40 credits within years 1 and 2 of each certification cycle because I would lose any extra CPEs anyway?

 

 

 

Early_Adopter
Community Champion

I take it to mean extra CPEs *ONLY* in the last 6 months of the 3d year of the certification cycle.

 

I would say that you'll already be earning more than you need, so I wouldn't limit its just a case of writing it up.

 

I would also recommend having some slack as hedge as well. It's better to have more than you need so that if you do get audited you don't have to remember what you did potentially 2-3 years ago to map activities to CPEs.

 

If I was an auditor, I might well choose audit those with the minimum CPE counts - especially if I saw some of these were in year one B Group for "The Applied Philosophy of Poodle Grooming"... 😉