The people I personally know that have it perform network security evaluations for banks, insurance companies, etc.
Unlike most certifications, CISSP actually requires real expertise and experience. There is an exam but that isn't the only requirement, You need 5 years experience as a security professional, and they do have a list of what does and what doesn't count. If you have a BS or MS related to IS that counts as 1 year. And you need to get an existing CISSP to sign off on your application, then you can take the test. Not only that every three years you have to re-certify.
This is the field I am studying in my MS in CS program. From people in industry that I have talked to, this is the one cert that seems to be required. This cert is what I am shooting for.
If you want to work as a network security person it is worth it, otherwise it is a lot of effort for not much gain. If you are just fishing around and don't have a passion for security than I wouldn't think this is a good cert to try and get.
"Computer science is no more about computers than astronomy is about telescopes" - Edsger Dijkstra
Villains always have antidotes. They're funny that way. Here's an antidote disguised as a tiny ad: