Hi everyone, I recently purchased the Sybex 9th Edition Study material for the CISSP. Please, can this material be sufficient for me to prepare for the CISSP exam?
Everyone learns differently but do weigh in on if you are just looking to pass and exam vs want to validate what you know. Almost everyone needs to study for this but IMO, it should mosly be reflective of what you know (plus a little assistance with terms and specific expectations).
I mainly used the official CBK. I have LOTS of other books including the 8th edition of the official study guide. I did not use them much (some are still crisp/new). Instead, I read through the CBK and identified my gaps.
However... and this is big... unless you are lucky, you really cannot pass this exam on studying alone. Your memory of terms, formulas, and such will certainly be helpful but IMO experience counts the most. Your decision making ability will be tested throroughly.
While there is an Associate of ISC2 version of this exam for those without enough experience, the best plan would be to focus on gaining that 5 years experience (4 if you can sub a degree or cert for -1).
But even so, there will always be gaps for most depending on your line of work relative to the domains. For those lacking areas, I highly suggest even more research into the actual real world issues / challenges / decisions. Likewise, if you have access to the technology, jump in and do some labs. Running a penetration test, using some of the tools, simulating a risk assessment, playing with command lines, complile some code, Getting your hands dirty may be extremely valuable (and FUN).
Lastly, if you have access to review (legally) any SOC 2 reports, an ISO 27001 statement of applicablity from a certified system, risk registers, risk assessments, risk treatment plans, business continuity plans, incident reports, pen test reports, etc - all of these are all super helpful in edging out a more thorough understanding of the bigger picture at a practical level.
Note: A lot of people struggle with cryptography and I suggest going beyond and taking a dedicated short course on it including the history through modern/current cryptography use. You may go beyond what is needed for the exam but it will make more sense for some that do not work in this domain regulary.
I respectfully disagree. The CBK is not really a book to read. It is great for difficult concepts as a reference guide. I used the study guide and Luke Ahmed's How to Think Like a Manager and was fine.
I read the CBK cover to cover as it allowed me to speed through what I knew and slow down for what I did not. I could have also done this with the study guide and do own a copy of that. But the appeal of the consolidated information within the CBK was my staple resource for that very reason. 600 pages vs 1000? However, the study guide does go into more examples and detailed explanations and includes even more study questions so if you are that kind of learner, it may be great. Would buy both and then decide. Both are very inexpensive compared to the $749 exam fee.
Like I said, studying is needed for this exam but hopefully your experience should be your best resource for the majority of it. I would never call this exam easy as it takes a lot of effort and kept me sitting on the fence eating humble pie for a long time before ever scheduling it. However, it does a good job of validating the skillset for information security leadership.