ISC(2) CISSP Revision Notes – Study and Exam Tips

I’ve recently sat my CISSP exam and passed!  Very happy with the result, now all I need to do is sort out the paper work.  I present here some tips I learnt while studying for the CISSP, and present some observations from the exam.  I often liken the courses I do to an academic level, for those who know I’d class the CISSP as 60 points at a Post Graduate level.

In NO way should these notes be used as your sole source of study for the CISSP exam.  These notes lack things completely that could be included on your exam.  I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning.  For further information see my CISSP Study and Exam Tips.

Obviously I can’t talk about the exam itself (NDAs must be signed and I despise cheaters), but I dare say I can offer you some “good practice” advice for when you take your exam.

These pages are the revision notes I made in the last few weeks before my exam, however (apologies for the caps) THESE NOTES DO NOT COVER EVERYTHING THAT YOU WILL BE TESTED ON.  You will need to get yourself a copy of a good CISSP book and learn it, there are no shortcuts with this qualification sorry.  For example these notes do not cover even a fraction of the material required for you to learn, and I can think of a lot of things that are not in these notes.  I do not make any assurances, guarantees, warranties, promises or even the belief that these notes are correct.

One last thing, best of luck studying for and obtaining a world class IT security qualification.  With some effort, determination and experience you can obtain your CISSP.

ISC(2) CISSP Revision Notes – Study and Exam Tips (You are here)
ISC(2) CISSP Revision Notes – Overarching Themes for the CISSP
ISC(2) CISSP Revision Notes – Access Control
ISC(2) CISSP Revision Notes – Business Continuity and Disaster Planning
ISC(2) CISSP Revision Notes – Cryptography
ISC(2) CISSP Revision Notes – Information Security Governance and Risk Management
ISC(2) CISSP Revision Notes – Legal, Regulatory, Investigations and Compliance
ISC(2) CISSP Revision Notes – Operations Security
ISC(2) CISSP Revision Notes – Security Architectural Design
ISC(2) CISSP Revision Notes – Software Development Security
ISC(2) CISSP Revision Notes – Telecommunications and Network Security

Learning

I went through the whole process through self study.  I work in an IT Security orientated position and although some of the subjects were within my professional sphere so to speak, there was still lots to learn and whole new areas to me.

Some specific tips:

  • The body of knowledge required is VERY large, don’t imagine that just because you may be a great and successful specialist in your field that you know it all.  Sometimes the language used may not be common, other times the ISC will want you learning their way.
  • Since the CBK is so large, you will have to allocate enough time to study it thoroughly.  I’ve had the books for almost a year, but my actual study calendar ran for 6 months and really ramped up in the last month.  I was allowing myself 2 hours a day in 5 months, and 4 to 5 hours a day in the final month.
  • If you are self studying then buy plenty of books, the ones I used are detailed below…
  • Although the CBK has changed recently it has not changed a lot, older materials are still valid for a great deal of the course.  However bear in mind, the shorter books are great for revision but won’t detail everything you’ll need for the exam.  Sorry there are no shortcuts, you need to be aware of everything in the CBK and the official guide was great at making sure everything was covered.
  • I work in infrastructure and as such my networking skills are pretty good, however you will benefit greatly from a course like the CCNA just to understanding the networking topics.
  • The internet is your friend.  A few times I struggled with a description in the book(s) and looked online.  However be careful which sources you pick, they need to sync up with the ISC.
  • Keep a pad and paper handy at all times, often I found that writing something down as I understood it or wrote down points I knew I’d stuggle with was a perfect way to build up my knowledge and prepare documents for revision.
  • There is a fair quantity of knowledge that is common and shared between the different domains within the CISSP.  At first it seems nice because it cuts down on the amount you will need to learn, but be warned: some common topics also share differences.

Exam Tips

I did my exam with Pearson Vue, and if you didn’t know this lot already then I will share.  The exam is a whopping 6 hours and there are 250 questions.

  • Sometimes you will feel that time is running away with you, other times you will be watching the clock on the screen.
  • Pearson Vue do not allow food or drink in the examination room.  Since it’s 6 hours you will probably find you having to take a lunch break and a toilet break at some points.  The clock will continue running while you take these breaks.  So make sure you take an easy to eat packed lunch and know where the toilets are.
  • The staff at my center were very nice and understanding and let me sit in the main office (in full view of staff I may add), whilst I threw a sandwich down my neck.  I took two toilet breaks accompanied by an invigilator.
  • Relax and be level headed, the exam is quite an undertaking.
  • Read the FULL question.  You will have to understand what you are being asked, sometimes it will take an analysis of the question to figure that out.
  • The exam will test your specific understanding of numerous subject areas, you must often figure out which area they are specifically asking you about.  Again read the full question.
  • I found that some questions had two “correct” answers, and picking the right one of the two was dependent on understanding what you were being tested on.  If in doubt answer the ISC way.
  • I went through the exam once and got “all the low hanging fruit”.  In other words I went through all 250 questions and answered the ones I instinctively knew, other ones I didn’t know I “flagged” and if I felt an answer I ticked it and “flagged” it for later review.
  • There were no trick questions, but there were some that at first glance apparently gave to one answer.  However with proper reading it became apparent that another answer was better, again read the FULL question.

My Text Book Review

Here are the four books I used when studying for my CISSP, presented here with some positives and negatives.

Official ISC(2) Guide to the CISSP CBK (CBC)

Book link.

Positives

  • Since this is the official book given by the ISC(2) you can rest assured that it will cover everything you could possibly need for the CBK
  • It’s well formatted and most well presentedWell written

Negatives

  • This book is very big and very heavy, personally I would have preferred two smaller books.
  • The formatting sometimes doesn’t help to find specific parts you need to read and sometimes the spacing gets confusing too.
  • Although it’s well written it’s still quite heavy going.

CISSP: Certified Information Systems Security Professional Study Guide 5th Edition (Sybex)

Book link.

Positives

  • [bias]I’ve always really liked the Sybex books, this on is particularly well written.[/bias]
  • Well laid out, formatted and organised.
  • I used this book when I needed further clarification from the official guide.

Negatives

  • It doesn’t cover the updated CBK entirely. (However the reprint version will likely fix this.)

CISSP For Dummies, 4th Edition (Dummies)

Book link.

Positives

  • Light and easy going.
  • Covers all the main points.
  • Great for a revision guide and helps you learn which concepts goes where

Negatives

  • It doesn’t cover the updated CBK entirely.  (However a reprint version will likely fix this.)
  • Compared to the Official Guide and the Sybex it doesn’t cover anything in much detail
  • For such a technical qualification buying a Dummies book can be unlogical
  • The exam questions on each section are rather too easy

11th Hour CISSP: Study Guide

Book link.  (Can’t find any publisher link.)

Positives

  • Very light and contains plenty of easy digestable information
  • As the title indicates this is a last minute revision guide, and helped me pass the CISSP
  • The exam questions on each section are incredibly difficult giving you a good feel for what could come up in the exam and teaches you how to think

Negatives

  • The exam questions on each section are incredibly difficult, I found my confidence level took a hit a few times after attempting them
  • Again this book is not a full guide but a last minute revision guide, as such it doesn’t cover everything you’ll need
In NO way should these notes be used as your sole source of study for the CISSP exam.  These notes lack things completely that could be included on your exam.  I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning.  For further information see my CISSP Study and Exam Tips.

Got something to say? Go for it!