SlideShare a Scribd company logo

CISSP_Exam_Prep_Guide

J
Jerry Ruggieri
1 of 2
Download to read offline
CISSP Exam Preparation Guide Jerry Ruggieri http://visualcv.com/jerryruggieri Updated: April 30, 2007 Part I - Introduction CISSP – Certification for Information Systems Security Professionals is one of many security certifications. However it is the most widely recognized and is typically the one you would obtain first. The official web-site is here - https://www.isc2.org Part II - Studying for the CISSP exam The following is an account of my experience; I thought others might be able to learn from it. Studying for and taking the CISSP exam was a positive experience, I learned a lot, even about things I thought I already knew well. The domains of “Cryptography” and “Telecommunications and Network” were the hardest since they require knowledge of many specifications. “Physical Security” was fun since it pertains to things we learn in high school, for example the fire classifications A, B, C, D. Upwards of 50% of the CISSP is directly applicable to what you’ll do at any one job. I used the resources listed here – the two books and the online quizzer. I bought one book (Harris), read it and took notes. Then I started taking the online quizzer and noticed many questions referred to the second book so I bought and read that one too. I’d recommend that you stay with these two books; they are plenty and they are the best. There are courses for CISSP exam prep but if follow my study habits you’ll do fine. For the online quizzer I started at the “Pro level to assess myself. At the start I was getting 50% (Cryptography, Telecommunications) to 80% (BCP, Physical Security). I made it a goal to get +90% across all domains, something I achieved regularly by the scheduled test date. My study timeline looked like this. T minus 6 weeks o Bought the Harris book, read two chapters then stopped because I didn’t have a strategy, and I didn’t know what the exam would be like. T minus 3+ weeks o Next Boston exam is tomorrow. Oops! I haven’t begun studying yet. o I decide to take next exam, next month in Hartford, CT. o Read remainder of the Harris book. Started taking online quizzes. Bought Krutz and Vines book, read it the next week-end. T minus 3 weeks o Read Harris book. Read Krutz Book. Practice an online quiz. o Lather, Rinse, Repeat. Basically I read the books, took notes and tested myself with the book’s quizzes on the 3 week-ends prior to the exam. On week-day evenings I’d spend 1 to 1/2 hours practicing with the online quizzes. The actual exam wasn’t anywhere near as hard as the “Pro” level of the online quizzer, I breezed through the 250 questions in two hours – they allow up to 6. If I had to do it again I’d start studying 8-10
weeks in advance just to feel comfortable with the material by exam time. Everyone has their own study habits – mine were to read the books, make notes and practice with the book and online quizzes. It’s always difficult to say how hard an exam is, or exactly how much time to study. Best rule is to adjust your study habits to achieve an 80% score at the “Hard” level of the online quizzer. The CISSP exam is 250 multiple choice questions and requires a 70% score to pass. On the (ISC) 2 site they remind people about how to prepare and take the exam, I thought that was a good assessment. I’d advise studying for about 40-50 hours, which is reasonable for the knowledge you’re receive. It will gain you respect and allow you to talk like an expert in security (seriously). Overall I’d say – it’s not easy, it’s not hard, it’s worth doing, e.g. buy low, sell high, enjoy life. Good luck! Part III - Exam Prep Resources (ISC)2site https://www.isc2.org CISSP certification There are two requirements (http://www.isc2.org) a) 70% score on a 250 question multiple-choice test in a 6 hour allotted time. This test is given bi- monthly on a Saturday in Boston. Scheduled class offerings are on their site. b) Verification of 3 years experience in 1 or more of the 10 domains. Everyone meets this criterion just by working in the SW industry (one of the 10 domains). I can sponsor you. Books These two are comprehensive and the most often referenced. Make sure you buy the latest version! HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons Online Quizzer http://www.cccure.org  Quizzes  CISSP Quizzes (Registration is free) The 10 CISSP Domains 1. Access Control Systems and Methodology 2. Telecommunication and Network Security 3. Security Management Practices 4. Application and System Development Security 5. Cryptography 6. Security Architecture and Models 7. Operations Security 8. BCP and DRP 9. Law, Investigations, and Ethics 10. Physical Security

Recommended

Biometric Security Mobile
Biometric Security MobileBiometric Security Mobile
Biometric Security Mobile
Jerry Ruggieri
 
Biometric authentication ppt by navin 6 feb
Biometric authentication ppt by navin 6 febBiometric authentication ppt by navin 6 feb
Biometric authentication ppt by navin 6 feb
Navin Kumar
 
A study on biometric authentication techniques
A study on biometric authentication techniquesA study on biometric authentication techniques
A study on biometric authentication techniques
Subhash Basistha
 
Bio-metrics Technology
Bio-metrics TechnologyBio-metrics Technology
Bio-metrics Technology
Avanitrambadiya
 
Biometric's final ppt
Biometric's final pptBiometric's final ppt
Biometric's final ppt
Ankita Vanage
 
CCNA by Todd Lammle ( PDFDrive ).pdf
CCNA by Todd Lammle ( PDFDrive ).pdfCCNA by Todd Lammle ( PDFDrive ).pdf
CCNA by Todd Lammle ( PDFDrive ).pdf
RaviRajput416403
 
Font Matter
Font MatterFont Matter
Font Matter
guestcf05272
 
Oder Your Essays In Essay Writin
Oder Your Essays In Essay WritinOder Your Essays In Essay Writin
Oder Your Essays In Essay Writin
Lisa Cain
 

Recommended

Biometric Security Mobile
Biometric Security MobileBiometric Security Mobile
Biometric Security Mobile
Jerry Ruggieri
 
Biometric authentication ppt by navin 6 feb
Biometric authentication ppt by navin 6 febBiometric authentication ppt by navin 6 feb
Biometric authentication ppt by navin 6 feb
Navin Kumar
 
A study on biometric authentication techniques
A study on biometric authentication techniquesA study on biometric authentication techniques
A study on biometric authentication techniques
Subhash Basistha
 
Bio-metrics Technology
Bio-metrics TechnologyBio-metrics Technology
Bio-metrics Technology
Avanitrambadiya
 
Biometric's final ppt
Biometric's final pptBiometric's final ppt
Biometric's final ppt
Ankita Vanage
 
CCNA by Todd Lammle ( PDFDrive ).pdf
CCNA by Todd Lammle ( PDFDrive ).pdfCCNA by Todd Lammle ( PDFDrive ).pdf
CCNA by Todd Lammle ( PDFDrive ).pdf
RaviRajput416403
 
Font Matter
Font MatterFont Matter
Font Matter
guestcf05272
 
Oder Your Essays In Essay Writin
Oder Your Essays In Essay WritinOder Your Essays In Essay Writin
Oder Your Essays In Essay Writin
Lisa Cain
 
Microsoft certification quickstart_guide
Microsoft certification quickstart_guideMicrosoft certification quickstart_guide
Microsoft certification quickstart_guide
Vineet Pandya
 
70 270 q & a
70 270 q & a70 270 q & a
70 270 q & a
Samaja
 
Lecture-1.pdf
Lecture-1.pdfLecture-1.pdf
Lecture-1.pdf
MohammadIslam814740
 
How to learn ethical hacking
How to learn ethical hackingHow to learn ethical hacking
How to learn ethical hacking
Vishal Singh
 
CISSP Proposal
CISSP ProposalCISSP Proposal
CISSP Proposal
jemtallon
 
Ccsk exam cheat sheet
Ccsk exam cheat sheetCcsk exam cheat sheet
Ccsk exam cheat sheet
Peter HJ van Eijk
 
Implementing Open Badges in Four Preservice Teacher Education Programs: Chal...
Implementing Open Badges in Four Preservice Teacher Education Programs: Chal...Implementing Open Badges in Four Preservice Teacher Education Programs: Chal...
Implementing Open Badges in Four Preservice Teacher Education Programs: Chal...
Dan Randall
 

More Related Content

Similar to CISSP_Exam_Prep_Guide

Microsoft certification quickstart_guide
Microsoft certification quickstart_guideMicrosoft certification quickstart_guide
Microsoft certification quickstart_guide
Vineet Pandya
 

Similar to CISSP_Exam_Prep_Guide (7)

Microsoft certification quickstart_guide
Microsoft certification quickstart_guideMicrosoft certification quickstart_guide
Microsoft certification quickstart_guide
 
70 270 q & a
70 270 q & a70 270 q & a
70 270 q & a
 
Lecture-1.pdf
Lecture-1.pdfLecture-1.pdf
Lecture-1.pdf
 
How to learn ethical hacking
How to learn ethical hackingHow to learn ethical hacking
How to learn ethical hacking
 
CISSP Proposal
CISSP ProposalCISSP Proposal
CISSP Proposal
 
Ccsk exam cheat sheet
Ccsk exam cheat sheetCcsk exam cheat sheet
Ccsk exam cheat sheet
 
Implementing Open Badges in Four Preservice Teacher Education Programs: Chal...
Implementing Open Badges in Four Preservice Teacher Education Programs: Chal...Implementing Open Badges in Four Preservice Teacher Education Programs: Chal...
Implementing Open Badges in Four Preservice Teacher Education Programs: Chal...
 

CISSP_Exam_Prep_Guide

  • 1. CISSP Exam Preparation Guide Jerry Ruggieri http://visualcv.com/jerryruggieri Updated: April 30, 2007 Part I - Introduction CISSP – Certification for Information Systems Security Professionals is one of many security certifications. However it is the most widely recognized and is typically the one you would obtain first. The official web-site is here - https://www.isc2.org Part II - Studying for the CISSP exam The following is an account of my experience; I thought others might be able to learn from it. Studying for and taking the CISSP exam was a positive experience, I learned a lot, even about things I thought I already knew well. The domains of “Cryptography” and “Telecommunications and Network” were the hardest since they require knowledge of many specifications. “Physical Security” was fun since it pertains to things we learn in high school, for example the fire classifications A, B, C, D. Upwards of 50% of the CISSP is directly applicable to what you’ll do at any one job. I used the resources listed here – the two books and the online quizzer. I bought one book (Harris), read it and took notes. Then I started taking the online quizzer and noticed many questions referred to the second book so I bought and read that one too. I’d recommend that you stay with these two books; they are plenty and they are the best. There are courses for CISSP exam prep but if follow my study habits you’ll do fine. For the online quizzer I started at the “Pro level to assess myself. At the start I was getting 50% (Cryptography, Telecommunications) to 80% (BCP, Physical Security). I made it a goal to get +90% across all domains, something I achieved regularly by the scheduled test date. My study timeline looked like this. T minus 6 weeks o Bought the Harris book, read two chapters then stopped because I didn’t have a strategy, and I didn’t know what the exam would be like. T minus 3+ weeks o Next Boston exam is tomorrow. Oops! I haven’t begun studying yet. o I decide to take next exam, next month in Hartford, CT. o Read remainder of the Harris book. Started taking online quizzes. Bought Krutz and Vines book, read it the next week-end. T minus 3 weeks o Read Harris book. Read Krutz Book. Practice an online quiz. o Lather, Rinse, Repeat. Basically I read the books, took notes and tested myself with the book’s quizzes on the 3 week-ends prior to the exam. On week-day evenings I’d spend 1 to 1/2 hours practicing with the online quizzes. The actual exam wasn’t anywhere near as hard as the “Pro” level of the online quizzer, I breezed through the 250 questions in two hours – they allow up to 6. If I had to do it again I’d start studying 8-10
  • 2. weeks in advance just to feel comfortable with the material by exam time. Everyone has their own study habits – mine were to read the books, make notes and practice with the book and online quizzes. It’s always difficult to say how hard an exam is, or exactly how much time to study. Best rule is to adjust your study habits to achieve an 80% score at the “Hard” level of the online quizzer. The CISSP exam is 250 multiple choice questions and requires a 70% score to pass. On the (ISC) 2 site they remind people about how to prepare and take the exam, I thought that was a good assessment. I’d advise studying for about 40-50 hours, which is reasonable for the knowledge you’re receive. It will gain you respect and allow you to talk like an expert in security (seriously). Overall I’d say – it’s not easy, it’s not hard, it’s worth doing, e.g. buy low, sell high, enjoy life. Good luck! Part III - Exam Prep Resources (ISC)2site https://www.isc2.org CISSP certification There are two requirements (http://www.isc2.org) a) 70% score on a 250 question multiple-choice test in a 6 hour allotted time. This test is given bi- monthly on a Saturday in Boston. Scheduled class offerings are on their site. b) Verification of 3 years experience in 1 or more of the 10 domains. Everyone meets this criterion just by working in the SW industry (one of the 10 domains). I can sponsor you. Books These two are comprehensive and the most often referenced. Make sure you buy the latest version! HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons Online Quizzer http://www.cccure.org  Quizzes  CISSP Quizzes (Registration is free) The 10 CISSP Domains 1. Access Control Systems and Methodology 2. Telecommunication and Network Security 3. Security Management Practices 4. Application and System Development Security 5. Cryptography 6. Security Architecture and Models 7. Operations Security 8. BCP and DRP 9. Law, Investigations, and Ethics 10. Physical Security