“I am new to studying for the CISSP. Can anyone please advise where to start and what books and materials to use?” - The #1 question regarding the CISSP.
For those who are already 3 months deep into their studies, this question may seem novice and effortless.
But I can understand why this question is being asked…it’s an exhaustive amount of material to study for the exam! It can be difficult to figure out where to even begin studying.
For those new to CISSP, you hear names like Shon Harris, Sybex, Conrad, Fourth Edition, 7th Edition etc. etc. It’s a lot of resources to study, and sometimes we all just need some direction from those who have been there.
Below is a high level overview of a way to just start studying for the CISSP. It's not a comprehensive overview. If you'd like to read testimonials of all the different ways and techniques successful CISSPs have used to pass the exam, click here: CISSP Study Experiences
Know what you’re getting into. If you’re good at taking exams, dedicating yourself to a project, and have had extensive information security experience, you can most likely pass the CISSP in 3 months.
If you want to gauge where you’re at with each of the CISSP domains, go through and take each of these quizzes: McGraw Hill CISSP Questions
Don’t worry if you do terribly at these questions the first time around without any studying, these are difficult questions! I took these questions 4 weeks before the exam to see how I score. I got above 80% on most of them, and I truly believe it helped me gain more confidence before taking the actual exam.
Your goal with these questions is to answer to yourself if you’re ready. Are the questions somewhat, kind of, or pretty easy? Or are they so out of your league that you don’t feel like you have any business answering these questions?
If you feel like you’ve never seen any of the terms in the quizzes, and had to guess at every answer, you’re going to need to study a lot more than 3 months.
If you did decent in the quizzes, say scoring a 68% or higher, you might not need to study that much, but you still do have a long way to go.
If you score above 85% on each of the quizzes, you can probably pass the CISSP in 3 months with some laser focused studying.
Okay, now you’ve made the choice whether to continue studying or just abandoning the notion of the CISSP altogether.
Join the Facebook study group: CISSP Exam Preparation – Study Notes and Theory
The group has a great dynamic. Prospective CISSP students and current CISSP holders all provide input. Some post questions from different sources and spurn conversation around them. With different opinions about a question from so many different people, it really helps to get some different perspectives.
Decide On a Book
Your first CISSP book should be the size of a dictionary. At the beginning of your studies there is no need to get books like the 11th Hour CISSP Study Guide by Eric Conrad, or other “quick” CISSP books. Your first book should be heavy in weight, and take up a presence in your household.
Some of these books include:
CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide by Sybex
CISSP All-in-one Study Guide by Shon Harris 7th Edition
Official CISSP Guide to the CBK Fourth Edition
The Official CISSP Guide to the CBK Fourth Edition released by the ISC2 does not expand on topics. The book already expects you to know terms and concepts beforehand, which is why I suggest the two books above it to begin your studies. However, if you want to know exactly what topics are going to be on the exam, then the Official Fourth Edition book by the ISC2 would be the way to go.
Now you’ve joined the group and bought a book, and hopefully your studies have begun.
You should by now start to have a good feel of what domains are your strongest, and what you need to work on.
In Phase 3 you start to focus on your weak domains. You start to realize that this exam is going to happen, and you are going to pass it through hard work and dedication.
A couple of weeks before the exam, go BACK to those McGraw Hill CISSP practice questions from Phase 1 and take them again. See how you do. I bet you’ll be a lot more confident about your answers, and score a higher number than when you took it in Phase 1.
Try to figure out not only why you got the answers correct, but why the other choices were incorrect. When you’re confident of your grasp of concepts, schedule the exam and pass it.
If you need some additional sources, check out:
CISSP Study Plan Questions