So, how do you learn and practice for the new CISSP exam?

Hi,

I'm new here, but quite a veteran observer...

I wanted to take the "old" version of CISSP, but unfortunately due to lack of time I had to reschedule it and start practicing for the new one.

From most of the threads here I concluded that at the moment only the difficult path is the most realistic one, that is, to purchase the formal CISSP CBK 4th Edition book and simply (but carefully) read it.

Unfortunately the original book costs around 74.3$. In order to not waste time of arrival (and trees), I bought the print-replica Kindle version of that book. It's about 4$ less (not including shipping costs) and can be read anywhere with Kindle for PC, tablet, etc. If I really want I can print the pages that I need.

You can purchase it from here:
http://www.amazon.com/Official-Guide-CISSP-Fourth-Edition-ebook/dp/B00W4YSL0Q

If you want to save more costs, you can buy the Kindle version (not replica, but includes the original pictures) of the book for about 53.5$.

In order to motivate myself to read everything (yes, it's quite a boring book with 1304 pages), I wrote down how many pages each domain includes, and then decided what to start reading first.

1. Security & Risk Management - 183 pages

2. Asset Security - 63 pages

3. Security Engineering - 204 pages

4. Communications & Network Security - 182 pages

5. Identity and Access Management - 102 pages

6. Security Assessment and Testing - 48 pages

7. Security Operations - 164 pages

8. Software Development Security - 122 pages

According to CCCure (is it OK to mention them?), the most important topics are 1, 3, 4 and 5.

I wanted to start reading one of the most important domains first but the lightest one, and then continue with the rest of the domains in an order that I like, so I started reading domain number 5 and finished reading it after 2.5 days. Now I am reading domain number 6, then I will go for number 2 and then number 1 (back to the "important domains"). So I hope that within 2 weeks I will have at least 4 of the domains fully covered.

And how do YOU practice? Please share your thoughts and planning for the new CISSP exam.

Best regards,
barman

Find more posts tagged with

Comments

riyan

Very practical approach. All the best.
How are you finding the materials? Easy to digest or suffering from boredom.

mikehedi

Hi ,
I started reading CBK from the beginning - Security and risk management - It contains so many information , so I agree to start from some easier domains ,

I stopped reading that section and I will start from domain 4 , 5 , 3 , 6 , 2 , 7 , 8 , 1
What Do you think ?

riyan

mikehedi wrote: »

Hi ,
I started reading CBK from the beginning - Security and risk management - It contains so many information , so I agree to start from some easier domains ,

I stopped reading that section and I will start from domain 4 , 5 , 3 , 6 , 2 , 7 , 8 , 1
What Do you think ?

This ordering seems fine. I assume yo have strong networking background. But remember to put extra effort to digest material for last four domains in that ordering of yours & put special effort for Domain#1 i.e. Security & Risk Management . It will also cover the governance part and you will find it most during the exam.

mikehedi

Thank you Riyan for your reply ,

In my opinion , ISC2 wrote the CBK as hard as they can ,most of the sentences are more than 3-4 lines ,

I think written books by Shon Harris(RIP) and Erric Conrad ,are very easier to understand ,

Unfortunately we have to wait several month for new books ,

CBK is not easy to understand ,Do you agree ?

barman

riyan wrote: »

Very practical approach. All the best.
How are you finding the materials? Easy to digest or suffering from boredom.

Thank you.
Well, it's a little bit boring because the sentences are pretty long and complicated, but once you think of it as a "story", it gets easier to read.
Many subjects inside the domains include long introductions (sometimes 1-2 pages of introductions which look like semi "war-stories"), and the difficult part is to understand where the introduction begins and where in ends...

When I read Conrad's book for a while (about 2 months ago), it was very easy to understand because everything was pointed directly without (unnecessary?) introductions. Also the language is very pleasant to read.

BTW, I've already found one funny mistake in CBK 4th Edition.

Page 734, question number 7 is the following:

7. What best describes two-factor authentication?
A. Something you know
B. Something you have
C. Something you are
D. A combination of two listed above

When I checked the answers (yeah, I know that the answer is D) for explanation, I saw this (Page 1118 ):

7. What best describes two-factor authentication?
A. A hard token and a smart card
B. A user name and a PIN
C. A password and a PIN
D. A PIN and a hard token

So, the question is the same, the correct answer is the same but the answers are completely different... Maybe you can learn something about ISC2 way of thinking from this

Another funny thing: Look for "most important". 34 times the words "most important" appear (together) in the book. "Important" itself appears 100 times. They have so many "most important" issues that once they even succeeded to confuse it logically (two issues regarding Identity Management were the most important ones. I'll check where they point that out later).

In general, after 2 domains (read 5 and 6, and now reading 1. Afterwards I'll read 2) I can say that despite its disadvantages, it's a very important book which I believe that should be read at least once. This is the only book that guarantees 100% compatibility with the exam. Everything else will become much easier to read (I believe) after reading carefully this book. So if you don't know what to do with yourselves at the moment - give this book a chance