Preparing for the Exam

Many resources are available to help the CISSP candidate prepare for the exam. Self-study is a major part of any study plan. Work experience is also critical to success, and you can incorporate it into your study plan. For those who learn best in a classroom or training environment, (ISC)2 offers CISSP review seminars.

We recommend that you commit to an intense 60-day study plan leading up to the CISSP exam. How intense? That depends on your own personal experience and learning ability, but plan on a minimum of two hours a day for 60 days. If you’re a slow learner or reader, or perhaps find yourself weak in many areas, plan on four to six hours a day — and more on the weekends. But stick to the 60-day plan. If you feel you need 360 hours of study, you may be tempted to spread this study out over a six-month period for 2 hours a day. Consider, however, that committing to six months of intense study is much harder (on you, as well as your family and friends) than two months. In the end, you’ll find yourself studying only as much as you would have in a 60-day period anyway.

Studying on your own

Self-study can include books and study references, a study group, and practice exams.

Begin by downloading the free official CISSP Candidate Information Bulletin (CIB) from the (ISC)2 website. This booklet provides a good outline of the subjects on which you’ll be tested.

Next, read this book, take the practice exam, and review the materials on the Dummies website (www.dummies.com ). CISSP For Dummies is written to provide the CISSP candidate an excellent overview of all the broad topics covered on the CISSP exam.

You can also find several study guides at www.cissp.com , www.cccure.org , and www.cramsession.com .

Joining or creating your own study group can help you stay focused and also provide a wealth of information from the broad perspectives and experiences of other security professionals.

No practice exams exactly duplicate the CISSP exam (and forget about brain dumps — using or contributing to brain dumps is unethical and is a violation of your NDA which could result in losing your CISSP certification permanently). However, many resources are available for practice questions. Some practice questions are too hard, others are too easy, and some are just plain irrelevant. Don’t despair! The repetition of practice questions helps reinforce important information that you need to know in order to successfully answer questions on the CISSP exam. For this reason, we recommend taking as many practice exams as possible. Use the Practice Exam on the Dummies website (www.dummies.com ), and try the practice questions at Clément Dupuis and Nathalie Lambert’s CCCure website (www.cccure.org ).

Getting hands-on experience

Getting hands-on experience may be easier said than done, but keep your eyes and ears open for learning opportunities while you prepare for the CISSP exam.

For example, if you’re weak in networking or applications development, talk to the networking group or programmers in your company. They may be able to show you a few things that can help make sense of the volumes of information that you’re trying to digest.

Your company or organization should have a security policy that’s readily available to its employees. Get a copy and review its contents. Are critical elements missing? Do any supporting guidelines, standards, and procedures exist? If your company doesn’t have a security policy, perhaps now is a good time for you to educate management about issues of due care, due diligence, and other concepts from the Legal, Regulations, Investigations, and Compliance security domain.

Review your company’s plans for business continuity and disaster recovery. They don’t exist? Perhaps you can lead this initiative to help both you and your company.

Attending an (ISC)2 CISSP CBK Review or Live OnLine Seminar

The (ISC)2 also administers five-day CISSP CBK Review Seminars and Live OnLine seminars to help the CISSP candidate prepare. You can find schedules and registration forms for the CBK Review Seminar and Live OnLine on the (ISC)2 website at www.isc2.org .

The early rate for the CISSP CBK Review or Live OnLine seminar in the U.S. is $2,495 if you register 16 days or more in advance (the standard rate is $2,695).

If you generally learn better in a classroom environment or find that you have knowledge or actual experience in only two or three of the domains, you might seriously consider attending a review seminar.

If it’s not convenient or practical for you to travel to a seminar, Live Online provides the benefit of learning from an (ISC)2 Authorized Instructor on your computer. Live OnLine provides all the features of classroom based seminars, real-time delivery, access to archived modules, and all official courseware.

Attending other training courses or study groups

Other reputable organizations, such as SANS (www.sans.org ), offer high-quality training in both classroom and self-study formats. Before signing up and spending your money, we suggest that you talk to someone who has completed the course and can tell you about its quality. Usually, the quality of a classroom course depends on the instructor; for this reason, try to find out from others whether the proposed instructor is as helpful as he or she is reported to be.

Many cities have self-study groups, usually run by CISSP volunteers. You may find a study group where you live; or, if you know some CISSPs in your area, you might ask them to help you organize a self-study group.

Always confirm the quality of a study course or training seminar before committing your money and time.

See Chapter 3 for more information on starting a CISSP study group.

Take the testing tutorial and practice exam

If you are not familiar with the operations of computer-based testing, you may want to take a practice exam. Go to the Pearson VUE website and look for the Pearson VUE Tutorial and Practice Exam (at www.pearsonvue.com/athena ).

The tutorial and practice exam are available for Windows computers only. To use them, you must have at least 512 MB of RAM, 60 MB of available disk space, Windows 2000 or newer (XP, Vista, 7, or 8), and Microsoft Internet Explorer 5 or a newer browser.

Are you ready for the exam?

Are you ready for the big day? We can’t answer this question for you. You must decide, on the basis of your individual learning factors, study habits, and professional experience, when you’re ready for the exam. We don’t know of any magic formula for determining your chances of success or failure on the CISSP examination. If you find one, please write to us so we can include it in the next edition of this book!

In general, we recommend a minimum of two months of focused study. Read this book and continue taking the practice exams — in this book and on the Dummies website — until you can consistently score 80 percent or better in all areas. CISSP For Dummies covers all the information you need to know if you want to pass the CISSP examination. Read this book (and reread it) until you’re comfortable with the information presented and can successfully recall and apply it in each of the ten domains.

Continue by reviewing other materials (particularly in your weak areas) and actively participating in an online or local study group. Take as many practice exams from as many different sources as possible. You can’t find any brain dumps for the CISSP examination, and no practice test can exactly duplicate the actual exam (some practice tests are simply too easy, and others are too difficult), but repetition can help you retain the important knowledge required to succeed on the CISSP exam.