(ISC)² Community

As a reminder, this Community is a venue to provide professional discussions related to information security. The Community is intended to be a forum for peer engagement, positive discussion and constructive advice. We expect all users to maintain a tone of professionalism in all Community interactions. We have guidelines in place to ensure everyone maintains a civil and productive discussion. Every day, we are encouraged by so many great posts and helpful comments across the Community. We ask that everyone reserve this space for sharing ideas focused on informed and helpful cybersecurity discussion such as technical and security implications, threats and mitigating them in the industry. We would like to keep this Community a place for appropriate cybersecurity topics and encourage all off-topic discussions to be held elsewhere.    All Community users can help ensure we build a professional and respectful community. As mentioned in the guidelines, community members can help self-regulate and flag any inappropriate content or off-topic content that does not uphold the vision of (ISC)² and our code of ethics. To flag, use the menu at the top right of a post and select “Report Inappropriate Content.” It will be reviewed by a Community team member. This Community is intended to be a tool for cybersecurity professionals to work together to solve problems.   Thank you in advance for your help, your engagement in the Community and for all that you all do to inspire a safe and secure cyber world.

The (ISC)² Community has been updated during the last few months. Take a look at this quick (2 minute) video to learn more about new features and where to find discussions in the Community. You can find it on the Community homepage or click here to view.        https://www.youtube.com/watch?v=QsWi_uVSgOs&feature=youtu.be 

So, you've decided to begin the process to become (ISC)² certified. Are you unsure where to start?    Which (ISC)² certification is right for you? Determine the best certification that aligns with your expertise.    Once you have determined which certification you want to obtain, you need to take the next important step in your career on your path to certification and membership with (ISC)². Learn what to expect in the process for scheduling your exam, leading up to exam day, expectations on exam day and what happens after exam day - it is all right here in a step-by-step format.      Have questions regarding the exam retake policy, rescheduling an exam, the format and scoring of the exam, or others? Answers to many frequently asked questions can be found in our Candidate Information Bulletin.  

Across several threads in several parts of the Community you will see discussions on what to use in preparing for the CISSP exam. One book you should definitely use is the Common Body of Knowledge, Official (ISC)² CISSP CBK Reference, Fifth Edition. Even if you use one of the many other 3rd party CBK study guides, you really need to have the official CBK at your elbow for cross check.   Many Community members have pointed out that the exam is not a rote memory fact check The questions are designed to test your ability to think like a senior manager in the security function. The absolutely essential reference for preparing yourself for such a perspective is Ross Anderson's Security Engineering. I used the 2001 1st edition to prepare for my 2002 exam. I bought the 2008 2nd edition as soon as it was available as an invaluable update to my work in the field. I also used several chapters of the 2nd edition as the textbook for a graduate level course I taught.   Anderson is on the verge of releasing the 3rd edition in November 2020. All three versions are available FREE at the above link, each chapter a separate PDF file. Still, if you are serious about work in our field I strongly recommend getting the full dead-tree version for your desk (not your bookshelf).   Craig