The CISSP — Certified Information Systems Security Professional — is a highly sought after, valuable certification for anyone in the IT field. The governing body that administers the CISSP exam, (ISC)2, requires candidates to have at least five years of experience in two or more of the subject areas covered by the exam (or four years of experience with a college degree).
However, for most people, experience isn’t enough to guarantee that they will pass the exam. Preparing for the CISSP exam is a rigorous process that most people start at least nine to 12 months in advance, during which time they devote considerable time and effort to study and practice.
With the right preparation, though, it is very possible to pass the exam on the first try.
About the CISSP Exam
The CISSP credential is widely accepted as the standard for demonstrating knowledge and experience within the realm of information security. For those that meet the experience and/or education requirements, the exam itself is a grueling, six hour paper-based test consisting of 250 vendor neutral questions in ten different categories:
- Access control
- Telecommunications and network security
- Information security governance and risk management
- Software development security
- Security architecture and design
- Operations security
- Business continuity and disaster recovery planning
- Legal investigations, regulations and compliance
- Physical security
In order to pass the CISSP exam, you must earn a score of 700 out of 1,000 possible points. Not all of the questions on the exam have the same point value — and some questions actually don’t count toward your score at all — but you will not know which questions are more valuable than others as you take the exam. Because of this, it’s important that you thoroughly prepare for the exam and go in confident in both your technological knowledge and your test-taking skills.
Creating a Study Plan
Again, most people who take the CISSP exam begin their preparations as much as a year in advance. Most people with a solid background in IT security can successfully prepare in about six months, but it is recommended that you take at least six months of studying before scheduling your exam.
Once you decide that you are going to take the exam, you need to develop a study plan. While everyone has their own methods, the following plan will help ensure your success.
Step 1: Acquire Study Materials
(ISC)2 offers an extensive array of preparation materials, including study guides and classes, but you can use any materials you wish to study. Invest in an all-in-one study guide (or several) that covers all of the different domains of the exam, and consider a review or preparation course as well.
An online CISSP certification course, for example, is helpful if you prefer classroom training or want to see concepts explained in a more practical manner.
Step 2: Begin Reviewing Your Materials
Begin with the “Information Security and Risk Management” domain to learn the key terminology and concepts that will be used in the other domains. In addition, it’s usually most effective if you watch the video tutorials first, and then read your study guide, marking key points as you go. Some successful test takers have transcribed the key sections of their study guide into a smaller, more condensed version for review.
Step 3: Take Practice Quizzes
As you complete your review of each domain, take the practice quiz, and then review your results to determine areas for further study. As you take the practice exam, you will notice that questions fall into one of two categories, either factual or interpretive.
Factual questions are just what the name implies: They generally have one correct answer, and deal with a specific detail about the topic.
Interpretive questions require you do a bit more thinking to come up with the answer, as you may need to interpret the meaning of a specific word or measurement, what the wording of the question actually means, or whether there is more than one potential answer.
Step 4: Review the Core Bodies of Knowledge
It’s important to compare your study guide review and quiz results to the (ISC)2 core bodies of knowledge (CBK) to ensure that you’ve covered everything you need to know for the exam and that there aren’t any gaps in your knowledge.
Again, you only need to pass the CISSP exam with a score of 700 out of 1,000, but you should strive for as high of a score as possible. If you prepare the material thoroughly, and manage all of the administrative details appropriately (register on time, remember your ID, bring enough pencils, etc.) there is no reason that you cannot pass the exam on your first try.
For training courses on CISSP, ITProTV offers CISSP and an accelerated CISSP course. The accelerated course is meant to be a review for those who already have a deep understanding of the CISSP concepts.