Implementing Open Badges in Four Preservice Teacher Education Programs: Chal...
CISSP_Exam_Prep_Guide
1. CISSP Exam Preparation Guide
Jerry Ruggieri
http://visualcv.com/jerryruggieri
Updated: April 30, 2007
Part I - Introduction
CISSP – Certification for Information Systems Security Professionals is one of many security
certifications. However it is the most widely recognized and is typically the one you would obtain first.
The official web-site is here - https://www.isc2.org
Part II - Studying for the CISSP exam
The following is an account of my experience; I thought others might be able to learn from it.
Studying for and taking the CISSP exam was a positive experience, I learned a lot, even about things I
thought I already knew well. The domains of “Cryptography” and “Telecommunications and Network”
were the hardest since they require knowledge of many specifications. “Physical Security” was fun since
it pertains to things we learn in high school, for example the fire classifications A, B, C, D. Upwards of
50% of the CISSP is directly applicable to what you’ll do at any one job.
I used the resources listed here – the two books and the online quizzer. I bought one book (Harris), read
it and took notes. Then I started taking the online quizzer and noticed many questions referred to the
second book so I bought and read that one too. I’d recommend that you stay with these two books; they
are plenty and they are the best. There are courses for CISSP exam prep but if follow my study habits
you’ll do fine.
For the online quizzer I started at the “Pro level to assess myself. At the start I was getting 50%
(Cryptography, Telecommunications) to 80% (BCP, Physical Security). I made it a goal to get +90% across
all domains, something I achieved regularly by the scheduled test date.
My study timeline looked like this.
T minus 6 weeks
o Bought the Harris book, read two chapters then stopped because I didn’t have a
strategy, and I didn’t know what the exam would be like.
T minus 3+ weeks
o Next Boston exam is tomorrow. Oops! I haven’t begun studying yet.
o I decide to take next exam, next month in Hartford, CT.
o Read remainder of the Harris book. Started taking online quizzes. Bought Krutz and
Vines book, read it the next week-end.
T minus 3 weeks
o Read Harris book. Read Krutz Book. Practice an online quiz.
o Lather, Rinse, Repeat.
Basically I read the books, took notes and tested myself with the book’s quizzes on the 3 week-ends
prior to the exam. On week-day evenings I’d spend 1 to 1/2 hours practicing with the online quizzes.
The actual exam wasn’t anywhere near as hard as the “Pro” level of the online quizzer, I breezed
through the 250 questions in two hours – they allow up to 6. If I had to do it again I’d start studying 8-10
2. weeks in advance just to feel comfortable with the material by exam time. Everyone has their own study
habits – mine were to read the books, make notes and practice with the book and online quizzes.
It’s always difficult to say how hard an exam is, or exactly how much time to study. Best rule is to adjust
your study habits to achieve an 80% score at the “Hard” level of the online quizzer. The CISSP exam is
250 multiple choice questions and requires a 70% score to pass. On the (ISC) 2 site they remind people
about how to prepare and take the exam, I thought that was a good assessment. I’d advise studying for
about 40-50 hours, which is reasonable for the knowledge you’re receive. It will gain you respect and
allow you to talk like an expert in security (seriously).
Overall I’d say – it’s not easy, it’s not hard, it’s worth doing, e.g. buy low, sell high, enjoy life.
Good luck!
Part III - Exam Prep Resources
(ISC)2site
https://www.isc2.org
CISSP certification
There are two requirements (http://www.isc2.org)
a) 70% score on a 250 question multiple-choice test in a 6 hour allotted time. This test is given bi-
monthly on a Saturday in Boston. Scheduled class offerings are on their site.
b) Verification of 3 years experience in 1 or more of the 10 domains. Everyone meets this criterion
just by working in the SW industry (one of the 10 domains). I can sponsor you.
Books
These two are comprehensive and the most often referenced. Make sure you buy the latest version!
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, 2001, John Wiley & Sons
Online Quizzer
http://www.cccure.org Quizzes CISSP Quizzes (Registration is free)
The 10 CISSP Domains
1. Access Control Systems and Methodology
2. Telecommunication and Network Security
3. Security Management Practices
4. Application and System Development Security
5. Cryptography
6. Security Architecture and Models
7. Operations Security
8. BCP and DRP
9. Law, Investigations, and Ethics
10. Physical Security