I am along the path of studying for the CISSP with quite a few resources (Official CBK, Harris' "All-In-One" Exam Guide, Lynda.com videos, Cybrary.it, Transcender practice tests, and many other suggestions from people here- Thank you all!). Each of these resources go to varying depths of detail on each topic. One question I have though is how deep is too deep in terms of a topic? Meaning, without giving away details, will I need to memorize specifics of the privacy laws to know which privacy law specifically prohibits a specific type of action? Or would it be more likely that knowing about the laws is enough?
I plan on being over prepared, but don't want to get bogged down in details that aren't important to memorize.
Selecting material is more about preference and taste in that materials are essentially useless when you never finish them.
Generally recommend find two sources in book form and read them slowly - cover to cover. Add to that one good lengthy quiz book and possibly one CCCure or similar online simulator. Anything more than this will be complete overkill.
As for what to read depends entirely on how much experience in the field you have. If your fairly new I would strongly suggest something that sounds like an All-in-one approach type of book. Well versed in most of the subjects tested and just need a good refresher? There are smaller, more concise reads with names like "11th hour" or "essentials".
Whatever you do please avoid any material that sounds suspicious or outright "brain dumps". These won't help much and only exist to cast a shadow on the certification on both the industry and individual. Yeah, someone is out to make a buck but the damage done has been lasting. Let's not go there.
Thank you Brent.
I am not questioning my sources of study, as I am fairly confident in them. I have been in IT for 20+ years with various roles in and out of security. I am questioning the depth of the questions on the exam. I have heard the CISSP exam explained as wide, but not deep. Some of the practice exams that I have seen so far though seem to be both.
The textbook answer is, go as deep as you can go. Since that doesn't really answer the question however, I did find on the CISSP website under approved training this link: http://learnzapp.com/apps/cissp/ There are (I believe) retired test questions which will best show you how they ask questions and shed some light on how deep to go.
My philosophy to test-taking and my overall success has been to choose a relevant authoritative resource and go with that. If you actually retain 45-50% of what you've read in the Official CBK, Shon Harris, or any other authoritative resource, you will pass the test if you are honest with yourself and avidly study in a proper manner. A good deal of the test (30-35%) that I was presented with were experience based. Those questions were very intuitive to me and I would not have needed to study to answer those particular items.
You may be spending too much money in my opinion, but everyone is different.
CISSP is really "deep down superficial".
Reading, comprehension and attention to detail are as critical as the remembered knowledge. However with twenty years in IT, you'll be pretty well prepared from your nine to five(unless of course, it was all at 'Reynholm Industries' as featured in the 'IT Crowd' - but in that case, I see a more lucrative career for you acting in sitcoms...) 😉
One good book is probably enough, the new study guide was quite good for me.
Here's what I do when I study for an - read it for say 30 minutes at a time, note down concepts I don't understand, rest for ten, look them up, rest for ten and then attempt the recall of the facts and redo any I miss.
CAT means it's important not to get questions wrong - so I'll reiterate attention to detail, but none of the questions are what I'd call deep. Good Luck!