I think that the idea behind group B credits is that in order to be really successful in the type of role where, say, a CISSP is required, it's helpful to have a good understanding of the fundamentals of the business you work for, and you should get credits for seeking education to that end.
I've used things from Coursera before, like a business analytics course I did on there. If you take community college classes for credit, that's probably another good way to get type B credits, too. You may even be able to get your company to pay for something like for-credit courses at an accredited school. If you're already pursuing a masters degree, that should work as well, I would think.
In addition to @Badfilemagic's excellent advice, I would say that CPEs in group B can work as part of your learning an development plan if you have one. As long as its valuable, related in some way to being a security professional and you can write it down and you can justify it to yourself and another reasonable person. Example - my Molecular gastronomy appreciation course doesn't count, psychology short course probably would as it's related to how people behave generally.
For example I did toe courses on Privacy this year one with IT Governance(which surprise-suprise was mostly about the practice of audit :P), the other was with IAPP which was heavily slanted to legal.
I put the IT Governance course into group A, and the IAPP course into group B - personally I think I could argue for either, but you only use them one and I went for what I felt was the best fit.
Here's a good blog post on this, and the official guidelines.
Hmm, I just found an ISC(2) blog post on 2015 changes and the following quote drew my attention:
"Group B CPEs remain optional and may be substituted by Group A CPEs".
Here's the link to the post:
So, am I correct assuming that earning 40 or more group A credits within a year will satisfy the requirement?
That's correct, yes.
Group B just gives you a wider pool of learning/activities to select from.
Also - 'All work and no play makes x/y a dull boy/girl.' Its nice to be cross functional, no one ever accuses ISC2 of being over specialized, but depth of interest is good.
Here's the table from the PDF, operator is OR. Not the lower annual requirement in group A(group A has a need for every year) plus you have an option to do a lot of the A+B in over the three years(I sat the CISSP twice as I couldn't be bothered to submit CPEs so let it lapse - my advice is not to do that as it's expensive compared to record keeping).
One more question - CPE rollovers. Here's what the section Rollover CPE Credits says:
"CPE rollover credits are limited to the total CPEs required each year. For example, CISSPs will only be able to roll over up to 40 Group A credits earned in the last 6 months of your three year certification cycle. CPEs do not rollover from cycle year to cycle year. Rollover CPEs are calculate at the time of renewal."
Does that mean I can only earn extra CPEs within the last 6 months of the 3d year? Should I really limit my CPE accrual to 40 credits within years 1 and 2 of each certification cycle because I would lose any extra CPEs anyway?
I take it to mean extra CPEs *ONLY* in the last 6 months of the 3d year of the certification cycle.
I would say that you'll already be earning more than you need, so I wouldn't limit its just a case of writing it up.
I would also recommend having some slack as hedge as well. It's better to have more than you need so that if you do get audited you don't have to remember what you did potentially 2-3 years ago to map activities to CPEs.
If I was an auditor, I might well choose audit those with the minimum CPE counts - especially if I saw some of these were in year one B Group for "The Applied Philosophy of Poodle Grooming"... 😉