This post is all about CISSP flashcards – why you need them and how I passed my CISSP exam first time using them. At the end I will introduce the flashcards that I wrote myself and how I put them together. If you just want to get them now without reading the post (although I recommend you do) you can find them here.
Why you need CISSP flashcards in your study
The reason that you need flashcards comes down to the actual process of studying. I the past I was pretty bad at exams, in the first year or so of my undergraduate studies my study/revision process went a bit like this:
- write some notes,
- maybe highlight some of them
- read over them a couple of times before my exam.
I passed, but never did very well. Towards the end of my degree I had a course that could decide my overall grade, if I did well it would push my overall grade up. The pressure was on! In addition to studying and revising harder, I also studied smarter. I wrote sets of flashcards as I worked through the material and kept going over-and-over them leading up to the exam to the point where I was almost bored of knowing all the answers. The result? I passed with Distinction. I used the same principle when I studied for the CISSP exam. I was paying for the exam out of my own pocket and definitely didn’t want to have to take it more than once, I passed first time. Why am I telling you all this? Because I want to you pass the CISSP first time too!
The reason flashcards are so important is because they force you to recall information. If you have notes, you can read them as many times as you want but you aren’t practicing how to recall the information. That is what you have to do when you’re taking the exam. You read a question then have to fumble around in the gloomy archives of your mind to find the information that you need to answer it. If you haven’t practiced the recall aspect then you’re going to struggle.
how to write them
This is a topic which really crosses over with how to take notes effectively which I dealt with in detail here. The long and short of it however is that you have to distill the relevant information, noting only material that you think is testable and that you are likely to forget. You’ll notice for example that none of my CISSP flashcards have any questions on what ‘CIA’ (Confidentiality, Integrity, Availability) stands for. Why? Because there’s no way I would forget a fact like that so what’s the point in wasting time revising it?
When you are writing your questions, experiment with giving yourself prompts in terms of how many facts you’re trying to remember. For example, revising: “what are the 4 steps to BCP?” is easier to revise than the open ended question: “what are the steps of BCP?”. In terms of writing your answers, try to keep them as brief as possible, you’re trying to memorize them so the shorter they are the better. I also like to write my prompts as questions, so that you are clear what information you are supposed to be recalling. Too often I see people’s flashcards with a single word on one side then one of a number of possible responses on the reverse – if I had bought these I would find them very frustrating to use!
Whether you decide to have physical paper cards or use electronic ones is a matter of personal preference. It depends on access and how/where you will be studying. If you will always have the internet available while studying then by all means use an online service (such as the one I’m currently offering my flashcards through). If your access to internet/computer/phone is limited then you may prefer physical flashcards.
how many flashcards should you have?
As few as possible. This is the same as notes. If you had notes on everything you would be reproducing your study guide. The aim is to have as few as possible whilst making sure that you’re covering all the crucial facts. I ended up with around 550 – not because I couldn’t think up any more – but because I couldn’t get it any lower without missing crucial material!
my CISSP flashcards and where you can get them
Following my success, I decided to make my CISSP flashcards available to my readers. If you’re planning on taking the CISSP exam I recommend that you make sure you have a good set of flashcards to support your learning and most importantly – your revision. I spent a few weeks typing up my flashcards (wishing that I had typed them in the first place) here are a few examples:
Secure by: Design, Default, Deployment + Communication[q] What does STRIDE stand for? [a] Spoofing, Tampering, Repudiation, Information disclosure, DOS, Elevation (of privileges)
[q] What are the 7 phases of the implementation of a classification scheme? [a] 1: Identify a custodian
2: Specify how to classify (criteria)
3: Classify and label the information
4: Document exceptions
5: Select security controls
6: Specify declassification procedures
7: Generate organization-wide awareness [q] What is the formula to work out the number of keys required for n people using symmetric key cryptography? [a] K = n*(n-1)/2
[q] What are multipartite viruses? [a] Use multiple propagation techniques.
If you want to get your hands on my full set of over 550 flashcards you can buy them here (via the iOS App or via the web):
You can also preview some of them for each chapter to give you an idea of how you may like to write your own. You can buy them on a chapter-by-chapter basis but I’ve aimed to bundle all 21 chapters together for a discount as you will ultimately need the full set.
I hope that you find my CISSP flashcards helpful and welcome any feedback you may have, good luck with your studies!