“Studying for the CISSP is hard. Life without a CISSP is hard. You pick.”

– Luke Ahmed

It is Day 52 of Yani’s CISSP study plan. Only 3 days to go for what may be the defining moment of his cybersecurity career. But is he thinking about all his life's problems and pressures? Or is he just focused on his studies making sure all gaps are covered? Making sure he knows the difference between BCP/DRP and IRP? Or absolutely knowing all the layers of the OSI Model?

The answer is probably all of the above.

The Precision Phase

Three days out, your study must be surgical. Try not to add and new books, random YouTube rabbit holes, or any other resources you heard somebody mention. Just trust what you have at this point.

Instead, review weak areas exposed by practice exams, revisit highly-testable concepts like risk, BCP/DRP, access control, crypto basics, network security, and practice elimination of wrong choices on question. You should now be able to read a question and immediately remove at LEAST one wrong answer.

CISSP Study Plan – Highly-Testable Topics

In these final days, focus on:

• Risk management process (Identify → Analyze → Respond → Monitor)

• BCP/DRP metrics (MTD, RTO, RPO, WRT)

• Access control models (DAC, MAC, RBAC, ABAC)

• Incident response phases

• Control types (Preventive, Detective, Corrective)

• Cloud shared responsibility basics

If these won't be on the exam then I don't know what will be. Like really, I actually have no idea. These are just the recommended best topics to know that I've provided students who have successfully passed.

If you are eliminating two answers quickly and debating between two strong choices, you are on track. If you are completely lost often, tighten weak domains immediately. Confidence is earned through repetition. I know you will earn it!

Rymar Tech conducts a Business Impact Analysis and determines the Maximum Tolerable Downtime (MTD) for its online trading platform is 8 hours. Management asks the security team to define appropriate recovery objectives.

CISSP PRACTICE QUESTION

Which of the following BEST aligns with CISSP risk-based thinking?

A. Set the RTO to 10 hours to reduce infrastructure costs

B. Set the RPO to 12 hours because backups are expensive

C. Establish an RTO of 6 hours and an RPO of 1 hour

D. Focus only on restoring systems quickly and address data loss later.

❌ A. Set the RTO to 10 hours to reduce infrastructure costs

An RTO that exceeds the 8-hour MTD violates the business’s survival threshold. Recovery time must never exceed MTD.

❌ B. Set the RPO to 12 hours because backups are expensive

RPO defines acceptable data loss. Allowing 12 hours of potential data loss for a trading platform likely exceeds business tolerance and introduces major financial risk.

❌ D. Focus only on restoring systems quickly and address data loss later

Recovery time and data loss objectives must both align with business requirements. Ignoring RPO creates unacceptable operational risk.

DO NOT make the above mistakes on the real exam.

✅ Correct Answer: C. Establish an RTO of 6 hours and an RPO of 1 hour

The RTO must be less than the MTD (8 hours). The RPO must reflect how much data the business can afford to lose. CISSP thinking prioritizes business continuity and ensures recovery objectives support organizational survival.

Remember:

• MTD is the outer limit.

• RTO must not exceed MTD.

• RPO defines acceptable data loss.

At a high-level, CISSPs must be about protecting business viability.

Yani’s Resources Used

• All-In-One Study Guide by Shon Harris 

• Sybex 10th Edition 

• Official CISSP Practice Tests, 4th Edition by Mike Chapple & David Seidl 

• How To Think Like A Manager for the CISSP Exam 

• Luke's CISSP Course 

• Constant communication with Luke

Yani and I worked closely together throughout his CISSP study plan, mostly over Telegram messages and then TikTok direct message. When something didn’t make sense, we addressed it immediately. When a domain felt weak, we reinforced it before it became a liability and snowballed into something bigger. At some point I could sense he was getting frustrated at my course practice questions, but he didn't give up!

Observing's Yani's dedication was fascinating from my point of view. How could someone with such limited time and resources, halfway across the globe, be this focused with dedication? It was my privilege to help Yani actually. I learned a lot from him.

Why couldn't everyone do this? Maybe I could help them do the same.

That idea has now evolved into Luke’s 90-Day CISSP Exam Accelerator Program.

Luke's 90-Day Exam Accelerator

Accountability. Commitment. Discipline.

For 90 days, we study side-by-side. We break down tough domains, expose weak areas early, and refine your reasoning until CISSP logic becomes instinct.

Month 1 – Completion

Identify strengths and weaknesses quickly.2× Live Sessions + Weekly Videos

Month 2 – Reinforcement

Practice question breakdowns. Real CISSP thinking.2× Live Sessions + Weekly Videos

Month 3 – Mastery

High-yield review. Exam-day mindset sharpening.2× Live Sessions + Weekly Videos

Only 10 students per cohort. Cohort-1 is already underway,

Cohort-2 registration will begin soon.

👉 Join the Accelerator email list here.

Give me 90 days of focus, and the rest of your career changes.

— Luke Ahmed