best CISSP study guide pdf

CISSP study guide PDF eBook – for FREE

I know that people studying for the CISSP exam are by nature very busy people and I recognize that navigating websites trying to find all the advice you need is often a frustrating experience (even where the navigation is good). To give you a leg up I’ve carefully compiled a new 49 page CISSP study guide pdf which you can download for FREE!

best CISSP study guide pdf

CISSP study guide pdf – what’s in it

This study guide covers practical advice for people who are looking to study for and pass the CISSP exam with a view to becoming CISSP certified. This CISSP Study Guide offers guidance on what the CISSP is and reasons why you may decide to pursue it, strategies and tactics on effective study and advice on last minute preparation before taking the exam. Further to that, it also includes guidance on what happens after you pass the CISSP exam with a view to getting your CISSP certification application completed (and what to do if you don’t pass first time).

This guide isn’t just another technical guide – there are other people who have produced comprehensive guides (such as the Official Study Guide from Sybex and Shon Harris’ guide). This CISSP Study Guide covers advice about how to prepare yourself to give yourself the best chances of success in passing your CISSP exam first time. Here’s a sneak preview of the table of contents to give you a flavor of the content:

  1. What is CISSP?
  2. Planning for certification
  3. Study options
  4. Planning your CISSP study
  5. Note taking
  6. Flashcards
  7. How to revise
  8. How to know when you’re ready
  9. 24hrs to go…
  10. My top 5 CISSP exam tips
  11. Passed? – now get certified
  12. Thanks for reading (and where you can get more)
  13. Appendix A – Didn’t quite make it first time? Don’t give up!
  14. Appendix B – List of study resources
  15. Disclaimer

The CISSP Study Guide PDF is structured to read in the order that you progress through the CISSP certification process: from the initial decision to get certified and the requirements to get certified, through planning and structuring your studies, revision techniques, last minute exam preparation  and how to get certified after passing.

I know someone else who would benefit from this CISSP study guide, can I share it?

Yes! Absolutely! The guide is free and I actively encourage you to share the guide with anyone you feel could benefit. The only request that I have is that you include a reference and hyperlink to cyberonthewire.com when you do so.

OK, I want it – how do I get it?

Simply scroll down and fill in your email address in the box below and press the blue ‘Submit’ button – I’ll email you the link where you can download your CISSP Study Guide PDF straight away. Hate being on mailing lists? No problem, every email (including the initial one you’re sent) has an unsubscribe link built in. If you decide to stick around I’ll be pleased to have you on board – subscribers get stuff before everyone else and it gives you a way to email me directly if you have any questions.

Good luck with your studies!

Laurie BS CISSP

Taking the plunge diving in

CISSP exam – how to know when you’re ready

The purpose of this article is to give you some guidance in deciding whether you’re ready to take your CISSP exam. There are a few hurdles which can make this a difficult decision to make, but my aim is to help you make that decision in a systematic manner that is personal to you. If you’re looking for resources to help pass your CISSP exam be sure to check out the resources page.

Factors – knowing you’re ready for your CISSP examhow to pass CISSP exam first time

So here are the factors to consider when deciding if you’re reading to take your CISSP exam:

  • performance on practice questions
  • confidence/familiarity with your knowledge
  • cost
  • time sensitive factors
Practice questions

There are a few things which make it hard to decide whether you’re actually ready. One of which is a lack of accurate practice CISSP exam questions. You know roughly what style the questions will be (multiple choice, scenarios, drag-and-drop) but although people can’t discuss their exams it’s common to hear the complaint that the questions weren’t really similar to any that they’d practised. All you can really do is make sure that you’ve practised plenty of questions ideally from multiple sources. Certainly make use of the online practice tests that come with the Official Study Guide and seek out some others as well (I intend to provide some on here in the not too distant future – sign up for updates below and I’ll email you when they’re done). In order to pass you effectively need to be comfortably hitting over 70%. I would recommend that you ensure that you’re in the 80%s before taking your CISSP exam.

Confidence in your knowledge

Your revision phase should also be giving you a good idea as to how well you know the material. In addition to using practice questions you should also be utilizing flashcards, as they are excellent at reinforcing learning and keeping your knowledge fresh. When you’re presented with a practice question, because it’s multiple choice, you are being shown the answer. Whether you can correctly identify it or not is another matter. But you are mostly recognizing rather than recalling which are different. This is particularly the case where you are going over practice questions more than once. You will very quickly recognize a particular scenario and remember the answer from before, even if you don’t actually have the knowledge that the question is asking about. Whatever way you decide to structure your revision, you need to feel confident that there are no major holes in your understanding. Because you will be going over your flashcards repeatedly, you need to be getting over 90% of them right before taking the exam. You can get hold of my flashcards here.

Costcost of CISSP exam

This is something that will depend on your personal circumstances but if you’re paying for your CISSP exam out of your own pocket the chances are that you won’t consider it to be cheap. At the time of writing the US cost for the exam is $599, or to put it another way – if you fail the first time you’ll end up paying at least $1,198 in total to pass! In the UK the cost was £415 when I took my test and there was no way I was going to fail and have to retest for a total of £830 of my own hard earned cash (if you live in a different area or want to see current prices see here). If however you’re being sponsored by your company, this may not be such a concern. Because you can cancel the your exam very close to the date this does mean that you can set a date and book your exam, then as it gets closer if you don’t feel confident you can always cancel it and reschedule at no extra cost. By having a date set it gives you something to work towards which should help you keep motivated. You can also download my free study planner to help you set targets for your study here.

Time sensitive factors

This aspect depends on your life events and what you have going on. Do you need the certification in order to be able to take new role on a specific date? Are you on a contract that is ending soon and want to be CISSP certified when looking for your next job? In that case there are reasons specific to you that will encourage you to get the CISSP exam under your belt sooner rather than later. Other time sensitive factors may be things that impact your ability to study. For example if you’re currently busy with a project at work you may not have the time to study effectively and may plan to pick up your CISSP studies at a later date. On the other hand if you are expecting a baby it may be wise to try and pass your CISSP exam before you’re kept up all night with a crying child!

Taking the plungeTaking the plunge diving in

The questions you need to be able to say yes to before taking your CISSP exam are:

  1. Are you hitting over 80% in your practice tests?
  2. Are you confident in your overall knowledge of the material to the point where you’re getting more than 90% of your flashcards correct?
  3. Are you clear on the exam costs if you don’t pass first time?
  4. Have you taken your own personal time sensitive factors into account when setting a date for your exam?

If the answer to all these questions is ‘yes’ then you should consider yourself ready! Don’t forget to sign up for updates and please leave a comment below with your thoughts or feedback. If you’re looking for study resources be sure to check out the resources page!

Next
Next – How to pass CISSP exam – 24hrs to go
CISSP revision

CISSP study – how to revise

Following a poll I ran asking you, the readers which topics you wanted covered, the majority of you said that you wanted to see more about the actual revision process of CISSP study. My intention is to try and keep this post brief, breaking the subject into 5 topics, as if you are actually revising now, you probably feel under pressure and I understand that time is precious! If you’re looking for study resources to support your learning be sure to check out the resources page!

1 know your enemy (and make friends with it)

The first thing that we need to recognize is that in order to revise (read: prepare) effectively for anything, we need to know what we are revising for. By this, I don’t mean simply ‘an exam’ or ‘the CISSP exam’ but rather what style of exam is it? What type of questions could we reasonably expect? And what knowledge are we going to need for it? Do your best to research question styles so that you at least have a rough idea of what to expect. The bottom line is that the CISSP exam is multiple choice. This points to two particular skills that will really help you out: recognition and tactical elimination:

  • recognition – by going over notes/using flashcards there will be some answers that should jump out to you as being familiar (and likely correct provided you check the question carefully)
  • tactical elimination – for questions where you are uncertain which the right answer is you can narrow the choices by eliminating those that you know are incorrect

I will go into the actual taking of the exam on a later date but for now it’s important to know what you’re revising for in advance.

2 refresh your overview

Before you start freaking out that you can’t remember how many bits there are in a MAC address (48) you need to review your high level overview of the CISSP material. The temptation is to dive into the detail headlong (especially if your exam date is looming) but it really helps to start by taking a step back to look at the broad topic structure. The main benefit of this is that by having a broad structure in place in your mind its easier to:

  1. structure the topics so that you can add/link the detail that you revise in the next section (as the information ‘goes in’)

    CISSP revision

  2. provide a map which can help signpost your recall to the detail that you require when answering questions (as the information ‘comes out’)

This doesn’t need to take long, especially if you’ve taken good notes you can probably list the main topics and sub-topics within a couple of hours.

3 revisit the CISSP study topics in reverse order

This the last time that you’ll review the material without a pointer (see below). This isn’t simply about reading the book again, it’s a chance to review the material to check that you haven’t missed anything in your notes – it’s a ‘skim read’ if you like, paying extra attention to things like lists of contents, bullet points and end of chapter review sections. If there are any topics that stand out as being weak areas, now is the time to pause and revisit material before completing this phase. The reason for going through chapters in reverse order is that when you finished th

e book the first time, chapter 1 was a long time ago, I feel that by switching it up you’re giving yourself a better chance of keeping an equivalence of ‘freshness’ across the topics (this may seem illogical as I realise that the you now have the reverse problem but try it and see how you feel)!

4 keep your knowledge fresh (using flashcards)

CISSP flashcards
Click on the image for details of how to get my set of 550+ CISSP flashcards!

As I’ve mentioned in another post, for me, flashcards were a real lifesaver. They force you to actually use your mind to recall information and help prevent you from getting lazy. There are several ways you can use them, but other than reinforcing your learning, they will quickly highlight weak knowledge areas acting as a ‘pointer’. Concentrate on these weak areas (by going back to your CISSP study guide if necessary) until you are confident. I would keep them with me and do short bursts (say 5 or 10 at a time). You may decide to go through them at random, or by topic, or you may separate those you manage to answer and those you struggle with so that you can continue to concentrate on the ones you’re finding difficult.

5 have a schedule but be flexible

This is perhaps the most crucial point. How long it will take you to revise is personal and not an exact science. The fact that you can cancel the exam close to the date without penalty is both a blessing and a curse. If you couldn’t cancel it, you would just have to do your best up until the day, then cross your fingers. Now its up to you to decide whether you’re ready for the CISSP exam, which isn’t always easy. The approach I took was once I had finished my initial CISSP study, I estimated roughly how long it would take to revise and booked the exam accordingly. That way I had something to work towards, after you’ve put so much work into your CISSP study it would be a shame to lose momentum during revision, have second thoughts and back out. Map out your revision schedule allocating yourself time for each section (which you mapped out in phase 2) plus a safety margin prior to your exam date. Based on your levels of success using your flashcards and utilizing online practice questions you will be able to decide whether you feel confident to take your CISSP exam. Having a schedule for your revision should help you avoid the need to cram at the last minute which is both stressful, and according to an article on the Guardian less effective than spacing your revision out.

Summary

Revision is crucial to all exams but perhaps is particularly important in studying for the CISSP – its an exam which relies largely on being able to recall/recognize information and unlike some exams there is no real practical element which you can ‘work out’ as you go. The amount of material to cover is vast and the length of the exam is similarly gargantuan (although you’re unlikely to need the full 6 hours).

If you have any other tips that you think will help people in their CISSP revision please feel free to leave a comment below and check out the resources section for CISSP study materials to further support your learning. I wish you the best of luck in your CISSP study!

Next
Next – How to know when you’re ready
CISSP flashcards

CISSP flashcards – why you need them

This post is all about CISSP flashcards – why you need them and how I passed my CISSP exam first time using them. At the end I will introduce the flashcards that I wrote myself and how I put them together. If you just want to get them now without reading the post (although I recommend you do) you can find them here.

Why you need CISSP flashcards in your study

CISSP flashcards
Click here to buy my set of 550+ flashcards which helped me pass the CISSP exam first time!

The reason that you need flashcards comes down to the actual process of studying. I the past I was pretty bad at exams, in the first year or so of my undergraduate studies my study/revision process went a bit like this:

  1. write some notes,
  2. maybe highlight some of them
  3. read over them a couple of times before my exam.

I passed, but never did very well. Towards the end of my degree I had a course that could decide my overall grade, if I did well it would push my overall grade up. The pressure was on! In addition to studying and revising harder, I also studied smarter. I wrote sets of flashcards as I worked through the material and kept going over-and-over them leading up to the exam to the point where I was almost bored of knowing all the answers. The result? I passed with Distinction. I used the same principle when I studied for the CISSP exam. I was paying for the exam out of my own pocket and definitely didn’t want to have to take it more than once, I passed first time. Why am I telling you all this? Because I want to you pass the CISSP first time too!

The reason flashcards are so important is because they force you to recall information. If you have notes, you can read them as many times as you want but you aren’t practicing how to recall the information. That is what you have to do when you’re taking the exam. You read a question then have to fumble around in the gloomy archives of your mind to find the information that you need to answer it. If you haven’t practiced the recall aspect then you’re going to struggle.

how to write them

CISSP Flashcards iOS AppThis is a topic which really crosses over with how to take notes effectively which I dealt with in detail here. The long and short of it however is that you have to distill the relevant information, noting only material that you think is testable and that you are likely to forget. You’ll notice for example that none of my CISSP flashcards have any questions on what ‘CIA’ (Confidentiality, Integrity, Availability) stands for. Why? Because there’s no way I would forget a fact like that so what’s the point in wasting time revising it?

When you are writing your questions, experiment with giving yourself prompts in terms of how many facts you’re trying to remember. For example, revising: “what are the 4 steps to BCP?” is easier to revise than the open ended question: “what are the steps of BCP?”.  In terms of writing your answers, try to keep them as brief as possible, you’re trying to memorize them so the shorter they are the better. I also like to write my prompts as questions, so that you are clear what information you are supposed to be recalling. Too often I see people’s flashcards with a single word on one side then one of a number of possible responses on the reverse – if I had bought these I would find them very frustrating to use!

Whether you decide to have physical paper cards or use electronic ones is a matter of personal preference. It depends on access and how/where you will be studying. If you will always have the internet available while studying then by all means use an online service (such as the one I’m currently offering my flashcards through). If your access to internet/computer/phone is limited then you may prefer physical flashcards.

how many flashcards should you have?Too many CISSP flashcards

As few as possible. This is the same as notes. If you had notes on everything you would be reproducing your study guide. The aim is to have as few as possible whilst making sure that you’re covering all the crucial facts. I ended up with around 550 – not because I couldn’t think up any more – but because I couldn’t get it any lower without missing crucial material!

my CISSP flashcards and where you can get them

Following my success, I decided to make my CISSP flashcards available to my readers. If you’re planning on taking the CISSP exam I recommend that you make sure you have a good set of flashcards to support your learning and most importantly – your revision. I spent a few weeks typing up my flashcards (wishing that I had typed them in the first place) here are a few examples:

[qdeck] [q] What are the 4 topics of SD3+C?

 

[a]

Secure by: Design, Default, Deployment + Communication

[q] What does STRIDE stand for?

[a] Spoofing, Tampering, Repudiation, Information disclosure, DOS, Elevation (of privileges)

 

[q] What are the 7 phases of the implementation of a classification scheme? [a] 1: Identify a custodian
2: Specify how to classify (criteria)
3: Classify and label the information
4: Document exceptions
5: Select security controls
6: Specify declassification procedures
7: Generate organization-wide awareness [q] What is the formula to work out the number of keys required for n people using symmetric key cryptography?

[a] K = n*(n-1)/2

 

[q] What are multipartite viruses?

[a] Use multiple propagation techniques.

 

[/qdeck]

If you want to get your hands on my full set of over 550 flashcards you can buy them here (via the iOS App or via the web):

get my CISSP flashcards here

You can also preview some of them for each chapter to give you an idea of how you may like to write your own. You can buy them on a chapter-by-chapter basis but I’ve aimed to bundle all 21 chapters together for a discount as you will ultimately need the full set.

I hope that you find my CISSP flashcards helpful and welcome any feedback you may have, good luck with your studies!

Next
Next – How to revise

Planning your CISSP study

In this post I want to talk about how you actually plan your studies, including the techniques I used to study for and pass the CISSP exam, on my own, in my spare time. We will cover:

Image of my flash cards
My collection of flashcards
  • study techniques and styles
  • timescales and setting goals
  • resources

Study techniques and styles

The first thing to realize is that not everyone learns most efficiently in the same way. Although there are plenty of resources which go into great depth on this topic, I will use the three broad categories that feature on the wikiHow page on learning:

  • visual
  • aural
  • kinesthetic

Visual is fairly self explanatory – you learn well through the use of images, diagrams, colors and perhaps through (reading) text. Aural is learning through listening, this would include listening to podcasts or other recordings, or perhaps through someone speaking on a video or in person. Kinesthetic or tactile learners learn primarily through ‘doing’ or touch. It’s not important to get too tied up with the details of exactly which category you fall into, but what is important is to be willing to try more than one technique in your learning – especially if you haven’t studied for a long time. For example I know that I learn better by not only reading material, but by writing notes as well (even if I didn’t use them to revise later). To me this suggests that there is an element of the kinesthetic learner in me – the action of writing helps me to remember. However I’m also highly visual in that diagrams or pictures are something that I can easily remember – I can then remember the facts that are associated with them. If those images weren’t there then I would struggle to remember the words on their own. Another technique that I find very helpful is using and visualizing examples; particularly where there are abstract theories involved. Again, for me this suggests that I learn best through visualizing the example (visual type learning) and through ‘acting out’ the example in my mind (kinesthetic type learning).

The reason this is important, is that generally everyone’s initial study starts off with buying the Official Study Guide  – a text book. I would recommend that you at least experiment with other study techniques, other than simply reading, to work out how you learn best.

Timescales and setting goals

Road stretching into distanceOne of the hardest things when studying on your own is pacing yourself and setting goals. This is what you should be doing in your planning phase before you even start your study. That way, even when you’re up to
your armpits in governance or malware, the end is always in sight! I recommend that you base your planning on the Official Study Guide. My study technique is simple, structured and is made up of 2 phases:

  • studying – initial learning of material and making your own revision materials as you go
  • revising – revisiting key material, refreshing your memory and testing yourself
studying

In terms of studying this is how I recommend that you structure it, working from the Official Study Guide:

  1. work through the book chapter by chapter
  2. as you read make your own notes or flashcards
  3. use the end of chapter activities and revision questions to refresh your knowledge

The book (7th edition) is broken down into the following 21 chapters:

  1. Security Governance Through Principles and Policies
  2. Personnel Security and Risk Management Concepts
  3. Business Continuity Planning
  4. Laws, Regulations, and Compliance
  5. Protecting Security of Assets
  6. Cryptography and Symmetric Key Algorithms
  7. PKI and Cryptographic Applications
  8. Principles of Security Models, Design, and Capabilities
  9. Security Vulnerabilities, Threats, and Countermeasures
  10. Physical Security Requirements
  11. Secure Network Architecture and Securing Network Components
  12. Secure Communications and Network Attacks
  13. Managing Identity and Authentication
  14. Controlling and Monitoring Access
  15. Security Assessment and Testing
  16. Managing Security Operations
  17. Preventing and Responding to Incidents
  18. Disaster Recovery Planning
  19. Incidents and Ethics
  20. Software Development Security
  21. Malicious Code and Application Attacks

(source CISSP Official Study Guide, Seventh Edition Stewart, Chapple, Gibson)

The chapters do vary in length, however I strongly recommend setting a goal for your study dependent on how much free time you are willing to dedicate. For example you might decide to aim to do one chapter every 2 days which would give you a total time of 6 weeks to complete the book. You will have a better idea of how long you need once you’ve done the first couple of chapters, but by having a goal like this at least the end is in sight! You can look at your diary and say: “well at least I’ll have finished the book by such-and-such a date.” This really helps with motivation and I also found that when I didn’t study, I felt a bit guilty because I wasn’t keeping up with the schedule I had set. If I hadn’t set one, then I wouldn’t have minded so much because I wouldn’t have been off schedule – there wouldn’t have been one! While we’re on the topic of pacing it’s worth being wary of the dangers of either rushing through the material too quickly or being overly slow. If you rush through the material at breakneck speed you might find that you struggle to retain the knowledge because you’re simply cramming information into your mind at a speed that you can’t keep up with – your mind does need some time in order to process what you’re learning. Conversely, if you only read a page a day it would take you so long to finish the book that by the time you finished you probably wouldn’t remember much of what was at the beginning of the chapter, let alone the beginning of the book. This makes revision even harder because you don’t have much of a foundation to build on.

To set your own schedule for completing the book I would suggest that you time yourself to see how long you need to complete the first chapter then establish how much time you’re likely to have day-to-day over the coming weeks so that you can set your own goals in terms of how long you will give yourself to complete a chapter. My overall study time was around 3 months.

Revising

The revision phase is where you’ve completed your initial study/learning of the material and you’re now trying to refresh that knowledge to a point where you can use it in the exam. If you’ve been through the chapters in order, by the time you’ve finished chapter 21 on Malicious Code you will probably have forgotten much of the material in chapter 1 – Security Governance. This is where your revision notes/flashcards become particularly valuable. Because you’ve distilled the essential keywords and facts and cut out all the explanation you can quickly refresh your knowledge without getting bogged down. I wrote flashcards rather than notes which meant that I had questions that I had written myself on one side with the answers on the other. One of the benefits of this, was that it exercised the recall part of memory, forcing me to access the knowledge, rather than just repeatedly reading facts.

Once you’re comfortable with the knowledge on your flash cards it’s time to try some of the Sybex online practice tests that come free with your Official Study Guide. When you get questions wrong, it’s important to consider whether they are pointing to a specific weakness in your knowledge and if so, revisit the relevant section of the book. For example, I found that I was getting quite a few questions wrong which were about the Governance topic so I decided to go back and re-read the relevant sections of the book. Once you’re consistently hitting over 80% in your practice exam you should consider yourself ready to take the exam for real.

Resources

The resources that you will need to prepare for the CISSP exam are, in my view, separated into the ‘must have’ and ‘could have’ categories. The Official Study Guide is a must-have along with the online resources that come with it. Either making your own notes/flashcards as you go along or having someone else’s (you can get mine from the resources page) are another must-have. Other resources depend a bit on your learning style. If you find them helpful, then look into what audio/video resources there are as well as other companion books. But remember that a companion book is just another book to read and you might find that you’re adding to your workload without a great deal of benefit. I would also suggest that you don’t solely use videos or audio guides for your study but rather use them to supplement your study of the book. You can also sign up for either online or in-person training which I discuss here. In short:

Must havePerson studying on a stack of books
  1. Official Study Guide (with accompanying online resources)
  2. Either your own notes/flashcards or someone else’s (that you trust)
Could have
  1. Videos (free or paid)
  2. Audio/podcast
  3. Companion books
  4. Online or in person delivered training course

You can check out some of my recommended resources (including my own flashcards) in the resources section here.

Summary

This post has covered looking forward to and planning your studies, including considering what type of learning suits you best (visual/aural/kinesthetic), the importance of setting goals for your study to help with motivation and some of the basic resources that you will need. By establishing what styles of learning work for you, you can maximize your learning efficiency and capacity and ensure that you obtain resources that properly support you in your studies. Without goals you might find that you struggle to motivate yourself to pick up the book and may simply procrastinate with your studies. If you have any suggestions of further information that you’d like to see here please feel free to leave a comment below and be sure to check out the resources page for study materials.

Next
Next – Note taking