Wednesday, December 17, 2014

How I Self Study for the CISSP

Recently a friend as me how I study for the CISSP exam and I sent him the following. I just thought I would share with everyone else.

I self-study for the CISSP and here is how I did it:

There are 10 domains in the CISSP that you need to study to be ready to successfully pass the CISSP.
  • Access Control
  • Telecommunications and Network Security
  • Information Security Governance and Risk Management
  • Software Development Security
  • Cryptography
  • Security Architecture and Design
  • Operations Security
  • Business Continuity and Disaster Recovery Planning
  • Legal, Regulations, Investigation and Compliance
  • Physical (Environmental Security)

I dedicated one week of book study for all domains except for Cryptography which is usually the domain that majority of the people have issues. I dedicated two weeks for that domain which made the total weeks of book study 11 weeks.  Good thing we have DVR’s now, you don’t have to miss any of your favorite show on TV while you are studying. You just watch them when you’re done LOL.

After studying each domain I would then start taking practice test that asked question related to the domain I just study. Depending on the software/site you use to study, you may have the option of configuring the practice test to include question from specify domains.  I used the website. This website allow me to configure my practice test question from the domains I selected. Key thing is to not forget the material you previously learned and ensuring that each practice test include questions from previously study domains. I would turn the time off on the practice test while at work and leave the webpage open all day while at work answering question in between work task.

I also created my own flash cards from question I created while doing my book study of each domain.  Back then I actually used index cards but now there have much better ways of making flash cards that can be used on your phone. One flash card program that I highly recommend if you have an Android phone is AnkiDroidFlashcards. You can use your computer or phone to make flash cards with this program. I normally would use my computer to create the flashcards and move the flashcard file over to my phone. 

Recommended Books:

    • The bible of study for CISSP. Goes into a lot of explaining which is good for anyone that don’t know that domain.

    • This book was more to the point without a lot of fluff.

I would read the Mike Meyer’s book for all the domain that I was familiar, if I didn’t understand something or need more explanation then I would turn to the CISSP All-In-One Exam Guide.

While studying for the CISSP you have to get in a test-taking mode. You need to be consistently answering CISSP related questions. I would recommend a minimum of 1 month from doing your book study of just doing practice test. When you feel that you are getting the practice question right a majority of the time you may be ready to take the test.

I hope this helps those out there that are thinking about self studying for the CISSP