CISSP For Dummies

Many resources are available to help the CISSP candidate prepare for the exam. Self-study is a major part of any study plan. Work experience is also critical to success and can be incorporated into your study plan. For those who learn best in a classroom or training environment, (ISC) 2 offers CISSP review seminars.

We recommend that you commit to an intense 60-day study plan leading up to the CISSP exam. How intense? That depends on your own personal experience and learning ability, but plan on a minimum of 2 hours a day for 60 days. If you’re a slow learner or reader, or perhaps find yourself weak in many areas, plan on 4–6 hours a day and more on the weekends. But stick to the 60-day plan. If you feel you need 360 hours of study, you may be tempted to spread this out over a 6-month period for 2 hours a day. Consider, however, that committing to 6 months of intense study is much harder (on you, as well as your family and friends) than 2 months. In the end, you will find yourself studying only as much as you would have in a 60-day period.

Self-study

Self-study can include books and study references, a study group, and practice exams.

Begin by requesting an official CISSP Candidate Information Bulletin (CIB) from the (ISC) 2 Web site ( www.isc2.org). It’s free and will be e-mailed to you as a password-protected Adobe Acrobat PDF document. This booklet provides a good outline of the subjects on which you’ll be tested.

Next, read this book, take the practice exam and review the materials on the accompanying CD-ROM. CISSP For Dummies is written to provide the CISSP candidate an excellent overview of all the broad topics covered on the CISSP exam.

Also, focus on weak areas that you’ve identified. Read additional references; we list several great ones on the CD-ROM. As a minimum, we highly recommend The CISSP Prep Guide: Gold Edition by Ronald L. Krutz and Russell Dean Vines (John Wiley & Sons, Inc.).

You can also find several study guides at www.cissps.com, www.cccure.org, and www.cramsession.com.

Joining or creating your own study group will help you stay focused and also provide a wealth of information from the broad perspectives and experiences of other security professionals.

 Remember   No practice exams exactly duplicate the CISSP exam (and forget about brain dumps). However, many resources are available for practice questions. You’ll find that some practice questions are too hard, others are too easy, and some are just plain irrelevant. Don’t despair! The repetition of practice questions will help reinforce important information that you need to know in order to successfully answer questions on the CISSP exam. For this reason, we recommend taking as many practice exams as possible. Use the Practice Exam and/or the Flash Cards on the CD-ROM and try the practice questions on the CISSP Open Study Guide (OSG) Web site ( www.cccure.org).

Getting hands-on experience

Getting hands-on experience may be easier said than done, but keep your eyes and ears open for learning opportunities during your course of study for the CISSP exam.

For example, if you’re weak in networking or applications development, talk to the networking group or programmers in your company. They may be able to show you a few things that will help make sense of the volumes of information that you’re trying to digest.

 Tip   Your company should have a security policy that’s freely available to its employees, particularly if you have a security function in the organization. Get a copy and review its contents. Are critical elements missing? Do any supporting guidelines, standards, and procedures exist? If your company doesn’t have a security policy, perhaps now is a good time for you to educate management about issues of due care, due diligence, and other concepts from the Legal, Regulations, Compliance, and Investigations security domain.

Review your company’s Business Continuity and Disaster Recovery plans. They don’t exist? Perhaps this is an initiative that you can lead to help both you and your company.

Attending an (ISC) 2 CISSP review seminar

The (ISC) 2 also administers a five-day CISSP CBK Review Seminar to help the CISSP candidate prepare. Schedules and registration forms for the CBK Review Seminar are available on the (ISC) 2 Web site at www.isc2.org.

The early rate for the CISSP CBK Review seminar is $2,495 if you register 16 days or more in advance (the standard rate is $2,695). Members of ISSA, IIA, or ISACA also get a $250 discount. (All dollar amounts listed here are U.S. currency, and are subject to change.)

If you generally learn better in a classroom environment or find that you only have knowledge or actual experience in one or two of the domains, you might seriously consider attending a review seminar.

Attending other training courses or study groups

Other reputable organizations such as SANS ( www.sans.org) offer high-quality training in classroom and self-study formats. Before signing up and spending your money, we suggest that you talk to someone who has completed the course and can tell you about its quality. Usually, the quality of a classroom course depends upon the instructor; for this reason, we think it’s valuable to find out from others whether the proposed instructor is as helpful as he or she is reported to be.

Many cities have self-study groups, usually run by CISSP volunteers. For example, one of the authors lives in Seattle, where a CISSP study group has been run by volunteers for many years. There may be such a study group where you live; or, if you know some CISSPs in your area, you might ask them to help to organize a self-study group (and tell him or her you will help!).

 Tip   Always confirm the quality of a study course or training seminar before committing your money and time.

See Chapter 3 for more information on starting a CISSP study group.

Are you ready for the exam?

Are you ready for the big day? This is a difficult question for us to answer. You must decide, based on your individual learning factors, study habits, and professional experience when you’re ready for the exam. We don’t know of any magic formula for determining your chances of success or failure on the CISSP examination. (If you find one, please write to us so that we can include it in the next edition of this book.)

In general, we recommend a minimum of two months of focused study. Read this book and continue taking the practice exam in this book and on the accompanying CD until you can consistently score 80 percent or better in all areas. CISSP For Dummies covers all the information that you will need to pass the CISSP examination. Read this book (and reread it) until you’re comfortable with the information presented and can successfully recall and apply it in each of the ten domains.

Continue by reviewing other materials (particularly in your weak areas) and actively participating in an online or local study group. Take as many practice exams from as many different sources as possible. There are no brain dumps for the CISSP examination, and no practice test will exactly duplicate the actual exam (some are too easy, and others are too difficult), but repetition will help you retain the important knowledge required to succeed on the CISSP exam.

Категории