[spydum]

Have you actually looked at the CISSP material recently?

It's a hodge-podge of everything under the sun. The only thing it's able to prove is that

a) you have endurance and spare time to sit for a 4-6 hour multiple choice test

b) you can commit to rote memory a bunch of meaningless material which you are unlikely to encounter in real security/risk management role

It truly is the worst of the bunch, but for reasons yet explained, it's the defacto "must have" by bigCorps - which is why it gets picked on by so many folks: everyone knows it's bad, yet most people end up picking it up.

[intern4tional]

I haven't looked at it in years, but that hodge-podge of material was more than enough to provide an executive with the basics that they needed to know to manage an IS organization which IMO is the goal of the certificate. As others have mentioned, it is a management cert, not one for normal use.

There are plenty of worse certificates out there - I would argue that the CEH is probably the worst one at the moment (although they are making some changes to improve)