The Certified Security Compliance Specialist (CSCS) exam validates knowledge and skill sets in information security for the following legislations, standards and frameworks:
- Financial Regulations (e.g. SOX, COBIT, PCI DSS) --- (20% of exam)
- Digital Healthcare & Security (e.g. HIPAA, ISO 27799) --- (20% of exam)
- International Security Standards (e.g. ISO 27000, Other International) --- (20% of exam)
- U.S. National and State Standards (e.g. FISMA, State laws) --- (20% of exam)
- Business Continuity Planning (e.g. BIA, NIST guidelines) --- (20% of exam)
The first four sections of the CSCS exam focus in the area of "security" for regulatory compliance. The last section of the exam emphasizes the "availability" principle that is required by legislations.
CSCS exam questions are developed with the intent of measuring and testing practical knowledge and application of general concepts and standards in the area of regulatory compliance and information security. All questions are multiple choice and are designed with one BEST answer.
Every CSCS exam question has a stem (question) and five options (answer choices). The candidate is asked to choose the correct or best answer from the options. The stem may be in the form of a question or incomplete statement. In some instances, a scenario or description problem may be included. These questions normally include a description of a situation and require the candidate to answer one or more questions based on the information provided.
The candidate is cautioned to READ the question carefully. Many times a CSCS exam question will require the candidate to choose the appropriate answer that is MOST LIKELY or BEST. In each instance, the candidate is required to read the question carefully, eliminate known incorrect answers and then make the best choice possible.
All questions should be answered. There are no penalties for incorrect answers. Grades are based solely on the number of questions answered correctly; so do not leave any questions blank. At the conclusion of each exam, test questions are reviewed. Questions identified as being ambiguous or having technical flaws will either not be used in the grading process or will be given multiple correct answer keys.