How To Prepare For and Pass The Certified Information Systems Security Professional (CISSP) Exam
The CISSP security certification for an IT Security Professional is a must have and it is becoming increasingly difficult to gain employment as an Information Security Professional without it. PayScale.com reports that the average salary for a person with a CISSP certification, with 1-4 years experience is $71,000.
The main focus and purpose of Information Security is to provide (CIA):
The Security Triad (CIA) protects:
- First, give yourself 3-6 months to prepare before you schedule to sit for the exam.
- Read the CISSP for Dummies or the Mike Myers CISSP Certification Passport ; both of these condensed books are great and are perfect to get you started at the 50,000 ft level first!.
- These publications are small enough to get your mind focused on the main aspects of the Common Body of Knowledge (CBK); The 10 Domains of Information Security as taken from the British Security Standard BS7799, (a.k.a, ISO/IEC 17799 and ISO/IEC 27001:2005); you can easily read through these condensed CISSP study guides within one to two weeks. Don't dive straight into the larger CISSP study books just yet!
- Now on to some FREE CISSP instructor lead training! Go to CCCUR.org and register for a FREE account. This course is very similar to the official week long (ISC)2 training course costing over $2,500, but again this is FREE. Once registered go to: Tutorials > CISSP Tutorial > Veridon and start viewing the training videos in the following order:
- Information Security and Risk Management;
- Access Control;
- Security Architecture and Design;
- Application Security ;
- Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP);
- Telecommunications and Network Security;
- Legal, Regulations, Compliance and Ethics;
- Operations Security;
- Physical Security.
- After you read through one of the books mention above and watched all of the FREE training videos on CCCUR.org, you are now ready to read through a bigger CISSP study guide, such as the Shon Harris All-in-One Study Guide;
- Purchase the most recent version. Reading a larger CISSP study guide should be slow. Take your time and learn the security principles and theories of Information Security, because you are greatly needed by society to help protect computing systems from harm; man-made or natural.
As you finish each chapter read more information regarding the particular domain. You would want to download NIST (National Institute of Standards and Technology) documents that your good old tax dollars pay for. These guides contain lots of information, but they are easy to read. They will help you make sense of the material you are reading from the Shon Harris study guide and help you in your career as an Information Security professional. Most corporations use the NIST security publications as a main guide and blueprint to design their corporations IT security architecture.
- SP 800-12 An Introduction to Computer Security
- SP 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems
- SP 800-30 Risk Management
- SP 800-34 Contingency Planning Guide for Information Technology Systems
- SP 800-86 Guide to Integrating Forensic Techniques into Incident Response
- SP 800-100 Information Security Handbook: A Guide for Managers
- SP 800-115 Information Security Testing and Assessment
- Take the tests at the end of each chapter in the book.
- Take the Quizzes on the CCCUR.org website. This site is the BEST on the internet for FREE CISSP study and the test engine is very customizable to help you with your study and testing.
Study the (ISC)2 Code of Ethics. This is one of the easiest ways to get points on the CISSP exam, because you are guaranteed to be tested on them.
This is what I used to study for and pass the exam so study well, good luck and I will see you after you pass the exam and join the prestigious club of Certified Information Systems Security Professionals!
Julius Clark, CISSP