Hi there

I am an authorized ISC2 instructor for CGRC. From my point of view, there are only minor tweaks to the distribution of questions (see the original posting). You do not need to wait for updated CBK materials. 

The exam questions are primarily based on your knowledge of Information Security/cybersecurity and important NIST standards. The current material is very good. See my earlier posting on common standards such NIST, ISO etc for you to review as part of the curriculum.

https://community.isc2.org/t5/CGRC-Study-Group/Self-Study-or-Enroll-in-ISC2-Course/m-p/65306

Best wishes,

Dr K

As a fellow instructor, I concur with Dr. K's post.  From what I've read and been told, the subject matter and material that you'll be tested on is not changing, rather it is a reorganization of what's covered in each domain (hence, the new domain titles). 

Thus, the relative weight of each domain has shifted.  For most domains that shift is only 1%; the exceptions are in domains 6 and 7.  Domain 6 goes up from 10% of the total to 14%, while domain 7 goes down from 16% to 13%.  Collectively, the weight of those two domains goes up only 1% from 26% to 27%.

Previously, earning this certification required having a good understanding of the Risk Management Framework, the activities performed in each step (including the largest step: Preparation), knowing the roles with primary responsibility for performing each of those activities, and an understanding of what's in the relevant NIST & ISO standards and documentation.  If you have that information in your head, you'd have what it takes to pass the exam. 

Unless ISC2 has decided to do something else that's not in the material they're providing instructors like me and Dr. K, that will still be true when the updated exam rolls out. 

I hope this information helps.