This Self-Assessment section enables you to evaluate your readiness to take the CISSP certification exam. It should also help you understand what's required to obtain the CISSP certification. Are you ready?
Security continues to be on everyone's mind. The CISSP certification has again topped the list as one of the most sought-after security certifications. Increasing numbers of people are studying for and obtaining their CISSP certifications. Congratulations on making the decision to follow in their footsteps. If you are willing to tackle the process seriously and do what it takes to obtain the necessary experience and knowledge, you can pass the exam on the first try.
The ideal CISSP candidate is likely to have a 4-year college education and have at least 5–7 years experience in one or more of the 10 CISSP domains. The most applicable degree is in computer science or perhaps a related field. A degree is not a prerequisite for taking the test. However, the 4 years of experience is a prerequisite. Don't be lulled into thinking that this is an easy test. Some words of caution might be in order:
The CISSP exam requires the candidate to absorb a substantial amount of material. The test is 6 hours long and consists of 225 graded questions. Unlike Microsoft exams and most other IT vendor exams, it is not a computer-generated test.
The pass mark is set high, at 700 points. The individual questions are weighted, which means that harder questions are worth more than easier ones.
Most of the individuals attempting the exam are familiar with one to three of the domains. This means that studying for the exam can be overwhelming because there is so much material to cover. This book can help by guiding you to the areas in which you are weak or strong.
To be eligible for the CISSP exam, students are required to have 4 years of experience, or 3 years of experience and a college degree.
In this section, you answer some simple questions. The objective is for you to understand exactly how much work and effort you must invest to pass the CISSP certification exam. The simple answer to this question is this: The experience and education you have will dictate how difficult it will be for you to pass. Be honest in your answers, or you will end up wasting $500 or more on an exam you were not ready to take. From the beginning, two things should be clear:
Any educational background in computer science will be helpful, as will other IT certifications you have achieved.
Hands-on actual experience is not only essential, but also required to obtain this certification.
Do you have a computer science degree?
You'll have a good base knowledge needed for 3 or more of the 10 domains, assuming that you finished your degree and your schooling and have some fairly sophisticated computer skills. Subject areas such as application development, networking, and database design are a great help.
Did you attend some type of technical school or computer cram course?
This question applies to low-level or short-term computer courses. Many of these courses are extremely basic or focused in one particular area. Although the CISSP exam is not platform specific, training classes that focused on networking, security, hacking, or database design will help you pass the exam.
Have you developed any security policies, performed security audits, performed penetration tests, or developed response plans?
If yes, you will probably be able to handle about half of the CISSP exam domains.
Do you have a photographic memory?
If yes, you might have a vague chance of passing simply by reading this book, taking some practice exams, and using the Internet to brush up on the subjects you are weak in. However, the goal here is to gain a real understanding of the material. As a CISSP, you might be asked to lead, plan, organize, or control your organization's security operations; if that happens, you'll need a real understanding of how the various technologies and techniques work. Don't cheat yourself or gamble with your career.
Again, the education and requirements given here are by no means absolute. Still, an education can give you a very good grounding in any endeavor—the higher the level of education, the better.
Whether you attend a training class, form a study group, or study on your own, preparing for the CISSP exam is essential. The exam will cost you about $500, depending on where you are located, so you'll want to do everything you can to make sure you pass on the first try. Reading, studying, and taking practice exams are the best ways to increase your readiness. Practice exams help in a number of ways:
Practice exams highlight weak spots for further study.
Practice exams give you a general perspective on the question format. Practicing the questions the way they are asked can help enormously on the actual testing day.
Two full-length practice exams are provided with this book. Exam Cram 2 also publishes a second book, CISSP Practice Questions Exam, with more than 500 practice CISSP test questions; it is an excellent supplement to this book.
After you have passed the exam, you will need to gain continuing education credits each year to maintain your certification. Your certification will come up for renewal every three years, so you'll need to obtain 120 continuing education credits (CPE) or retake the exam. Retaking the exam is probably not a likely choice. These are some ways to gain CPEs to keep your certification current:
Write a book.
Read a book. (Only one per year can be used for credit.) This will give you a couple of credits, but not enough to keep your certification current.
Do volunteer work that is approved by ISC2. When you are certified, you can log on to the ISC2 website for more information. A variety of volunteer work is available, including proctoring the CISSP exam.
Attend a training class. Just about any type of technology training class is accepted, as long as it is tied to one of the domains.
Teach a training class.
Attend a college-level security class.
As you can see, the goal here is to help you stay current. As technology changes, we all must continue to learn to keep up the pace.
Now that we have covered some of the ways in which to assess you exam readiness, let's move on to Chapter 1, “The CISSP Certification Exam,” where you will learn more about how the exam is structured and some effective test-taking strategies.