Are the CBKs meant to be studied in any particular order?

jvrlopezjvrlopez Member Posts: 913 ■■■■□□□□□□
So with my new position, I've got 6 months to earn the CISSP from my start date (which hasn't arrived so I'm getting a head-start).

I went ahead and took a look at the 10 CBKs and listed and rated them as to my level of familiarity with them as of now.

Some I have more experience with and others I don't have much. I figured I'd focus on the new material first to keep my interest and I have more time to cover it. I'll hit the material I'm familiar with later in my studies.

Are/should the CBKs be studied in any order? Does any of the material in one CBK compound another?

Also, I'm using the Sybex CISSP Study Guide as an intro into the material and then using the CISSP AiO to drill down deeper into the corresponding material. Would you recommend any other study materials? I've got my practice questions and tests lined up for later down the road.
And so you touch this limit, something happens and you suddenly can go a little bit further. With your mind power, your determination, your instinct, and the experience as well, you can fly very high. ~Ayrton Senna


  • rawhiderawhide Member Posts: 29 ■■■□□□□□□□
    I am started my CISSP preprations after following this link:

    I think this link is must before you start any kind of prepration. I am referring to both Eric Cole CISSP Study Guide Ver 2 & AIO 6th Edition.
  • theroamingjoetheroamingjoe Member Posts: 24 ■□□□□□□□□□
    I wouldn't say you need to study them in any particular order. They are considered individual disciplines and while there is some overlap or references to other domains, I think you can pick up and start on any one domain and follow it without too much trouble.
  • JDMurrayJDMurray Admin Posts: 12,867 Admin
    If you are looking where to start studying the entire body of Information Security, the primary domain that "rules them all" is Risk Management. All of the other domains exist for the purpose of managing risk. You really need to have a firm understanding of risk management from the start to realize why all of the other domains are needed.
  • redzredz Member Posts: 265 ■■■□□□□□□□
    JDMurray wrote: »
    the primary domain that "rules them all" is Risk Management.
    It also finds them, brings them all, and in the darkness binds them.

    I agree fully with JD. Information Security exists primarily as an investment by a company to increase their bottom line through the cost-efficient risk avoidance, reduction, sharing, or retention. Each of the other nine domains serves that ultimate end-state in one way or another.
  • samurai86samurai86 Member Posts: 104 ■■□□□□□□□□
    Have to agree with JD and redz, so much is viewed through the lens of risks and threats.
    Bachelor's of Applied Science in Technology Management - Information Security Assurance (St. Petersburg College)
    Masters of Science in Digital Forensics (University of Central Florida)
  • beadsbeads Member Posts: 1,525 ■■■■■■■■■□
    Not so much a need to study any particular domain in order but what your already familiar to at least somewhat familiar. Starting with Risk Management is probably as good a start as anything else - I will concur there.

    Myself I started with physical security as it was the easiest domain for me to memorize (not learn) coming from past military experience. The two toughest domains by far are cryptology and networking. Those two certainly be the most frustrating and longest to actually learn, not just memorize. It will not matter what your background is unless your a hidden cryptanalyst working for the government, etc. Networking much the same as the material is so very broad it can be difficult to get your mind wrapped around it all. The two topics will indeed make you feel a bit "dumb" at times.

    My suggestion after risk management is to go through those two domains and get familiar with them to the point of comfort do another domain come back and revisit crypto and networking next domain - rinse and repeat until your sick of quizzes and ready to test. Its easy to start to forget or misplace many of those details - particularly in the crypto domain. Look for outliers like symmetric almost always exists on hardware. I have found one instance of symmetric crypto in a software package but lets say its probably not the best use of crypto going.

    Start with what your strongest in first for confidence then tackle the rest. Good luck and keep up the study discipline (really the hardest part of the CISSP in general is keeping your study discipline sharp).

    - B Eads
Sign In or Register to comment.