2018 CISSP Study Guide question

I've started preparing for the CISSP exam. I'm planning to take it later this year and definitely after they update the test in April. No problem. I've downloaded the exam objectives and am using that as the basis for my study plan. I've compared the new objectives with the old and found there's not much difference. I'm using some free sources such as Cybrary and FedVTE, and I have access to the Eric Conrad book on Skillsoft (paid for by my agency). I would like to have yet another point of view, so I've started looking at the official guide. Many of the reviews state that this guide is crapola.

https://www.amazon.com/Official-Guide-CISSP-Fourth-Edition/dp/1482262754

However, the Sybex book, written by Darril Gibson, et al, has glowing reviews. And honestly, if it's anywhere close to being as good as Gibson's Security+ book, I'm sold.

https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119042712

The only thing is that these guides were written for the 2015 test. I realize that not much will change. So, my question (finally!): Should I wait for the Sybex book to be updated or just buy the 2015 version?

Find more posts tagged with

Comments

SteveLavoie

I think that 90% of the exam will be the same. CISSP is mostly a concept exam and those don't change every 3 years. Sure they will add few cloud and IoT material, but you can begin to study with the 2015 book.

I saw on CCure the comparison between both exam, and it is not taht big

Cingular

In my opinion it is definitely worth buying the Sybex OCG 2015 version. Don't waste your time with the Official CBK...I bough the hardcover off Amazon last year to begin my studies with it and couldn't make it past 20-30 pages before looking at other options. The CBK is just wayyyyy to dry and full of too much garble that isn't all that necessary.

I recently passed the new CAT exam last Friday and I used the following resources:

1. Eric Conrad's CISSP Study Guide (3rd Edition)
2. 11th Hour CISSP by Eric Conrad (Recommend reading this ~1 week before exam)
3. Sybex ISC2 Official Study Guide 7th Edition
4. ISC2 Official Practice Tests (100 domain focused exam prep questions)
5. Sunflower CISSP PDF

EDIT: I also used Kelly's Cybrary CISSP series in MP3 format on my phone to cram while commuting to/from work every day.

Enjoy the journey to becoming a CISSP. Good luck!

tedjames

Thanks! This is all great advice!

NEODREAM

tedjames wrote: »

Thanks! This is all great advice!

Passed the CISSP yesterday and received the confirmation earlier this morning. I see you have your SSCP as well, I also have mine and would say it provides a good basis for the the questions that are more technically oriented.

CISSP is more policy heavy for sure than the SSCP but I can echo others in the thread by confirming that 11th Hour book is a great resource. I'd also recommend going through various testing engines...I used the CISSP iOS App along with the Transcender engine. The questions are worded similar and will be provide you a feel for how to think about them.

Good rules to follow during the test:
1. Read the questions at least 3 times and eliminate at least 2 of the answers
2. Apply CIA/AAA concepts when you can
3. Human life is ALWAYS the #1 concern
4. Try to think like a manager and get out of technician's mindset
5. When solving for a problem think about:
- Why did X happen?
- How can we make sure it doesn't happen again?
6. Always try to implement a solution that will save the company money while solving for the problem
7. Fix problems permanently and not temporarily!

Good luck to you, and remember in the CAT format once you answer a question you can't go back to change it.

tedjames

Excellent advice, Neodream! And congrats on your pass today!

I plan to include the 11th Hour guide in my study plan. What I've studied so far is mostly review from SSCP and what I've learned on the job. I will definitely use your rules.

I am under no pressure from work to earn CISSP. The boss is cheering me on. The only pressure is from myself. I want to get this out of the way so I can get back to learning penetration testing.

Thanks again!

beads

From what the ISC(2) board moderators have said April update appears to be a bit more on the side of housekeeping and clean-up and less any material or factual changes.

We'll understand more when the next question writing weekend happens.

- b/eads

tedjames

Cingular wrote: »

5. Sunflower CISSP PDF

You can find this here along with lots of great CISSP-related resources: https://www.studynotesandtheory.com/

anthonx

27 days to go before April 15, 2018. So anyone here registered for the new exam format? So many resources and not have enough time to go through all of them. Planning to take the CISSP exam this year but got sidetrack with another ISACA exam.

EDIT: Just found out it starts April 15, 2018.

laurieH

As others have suggested I would recommend getting hold of the current version of the Sybex Official Study Guide. That's what I used along with some of my own study materials and I passed first time.

Much of the concepts in the syllabus are decades old and don't really change so although it's worth knowing which areas are new it probably isn't going to be a massive change.

Good luck and let us know how you get on.

hawklhrpak

I recently passed the exam CAT based in first attempt. My feelings about exam preparation is, you must understand the concept whatever is written in ISC2 Course Outline.
I totally deny the quote about CISSP (Its two inches deep and 1 mile wide). No SIR; its miles deep and miles wide. You can read any book which covers the course content proposed by ISC2 and try to understand deeply and thoroughly. Don't just skim over, ISC2 ask questions from anywhere.

greeneon

Thanks all for the advice!

sameoj

Good advice.

NavyMooseCCNA

I would love it if they got rid of the crap that is legacy...like token ring networks, caesar ciphers, how many rotors on X....for a management level exam there is a ton of minutia.

franziskaner

NavyMooseCCNA wrote: »

I would love it if they got rid of the crap that is legacy...like token ring networks, caesar ciphers, how many rotors on X....for a management level exam there is a ton of minutia.

Exactly, I've been thinking about this a lot as I sit the exam in 2 weeks. I don't really want to have to memorise the different properties of network cables, distance of the various wifi signals, bit length for all the different ciphers etc

Seems at odds with the idea of this being a management exam.