This week I received at least five emails from individuals asking about the CISSP exam. All of these questions about the exam got me thinking that this would be a good topic for this week’s blog, and I could use this forum to answer a common question people have: how to get ready.
Before signing up for the exam, you should first take some time to review the requirements. These can be found here. If following a “one-two-three”-step approach to preparing for the exam will enhance your chances of passing the first time, then step one is to make sure you meet the specified background requirements. Anyone considering becoming a CISSP must have a minimum of five years of professional experience in the information security field or four years of experience and a college degree. If you do not meet those requirements, you have the option of going for the SSCP certification or becoming an associate CISSP. You can find more information on the associate program on the ISC² site.
Once you have verified that you meet the requirements, you can sign up for the exam and proceed to step two. The CISSP candidate must achieve a score of 700 points or greater to pass the exam. Give yourself plenty of time to study and prepare during the period from when you sign up for the exam to the actual exam date. You may want to allow yourself three to four months. Start by doing an initial assessment of what areas you know and which domains will require more extensive study. While the exam covers 10 domains of IT security, most individuals have in-depth knowledge of only two or three domains. This will mean you need to pick up knowledge in six to seven other domains.
A good survey-level preparation guide is something like the CISSP Exam Cram 2. Yes, it’s true that I wrote this book and may even be guilty of a shameless plug. I have always liked Exam Cram books and found them useful as a first read when preparing for a particular exam. Reading one book may help you prepare, but most test candidates will need more prep to insure they can pass on the first attempt. This might include taking a CISSP prep class, purchasing a second book, and/or doing much more reading to get a more detailed understanding of key topics and concepts. As an example, it’s a good idea to download the ISC² candidate bulletin. This document has useful information as to what the exam covers and has books and articles recommended by ISC² as pre-exam reading material. Best of all – it is free and can be downloaded here.
The third step is to start to validate your knowledge. Just as an Olympic athlete doesn’t just show up at the games every four years, a test candidate should not just show up at the exam. You will need to do a series of practice tests to see how prepared you are and to find areas of weakness where you can improve.
Taking a three-step approach to the exam can help ensure you are ready and can pass the first time. One, make sure you meet the requirements. Two, set aside the time to study and boost your knowledge in the areas of the exam where you are lacking. Three, spend some time doing practice exams to validate what you already know and to get a better idea of the types of knowledge the exam will expect you to have. Good luck!
From Michael Gregg
1 Response to “Preparing for the CISSP Exam”