A co-worker asked me yesterday what resources I had used to prepare for the CISSP exam. A colleague of his from a previous position is considering preparing for the CISSP exam and asked what to use to prepare. My co-worker received the CISSP several years ago and thought I might have information on more up-to-date resources since I just passed the exam on March 3, 2018. Here is the list I put together for him. I thought it might benefit or be of interest to some of the people reading the board.
You asked about resources I used to prepare for the CISSP exam. Here are most of the resources I used. 90% of my time was spent with the Shon Harris books that are in bold below.
I also took notes by typing flash cards as I went through the material and ended up with, I believe, over 1,000 flashcards. I typically did not go back and practice with the flash cards but the act of typing out questions and answers was enough to commit to memory for me.
I passed my test on March 3rd .
CISSP All-in-One Exam Guide, 7th Edition by Shon Harris/Fernando Maymi
CISSP Practice Exams, Fourth Edition by Shon Harris/Fernando Maymi
CISSP Study Guide, Third Edition by Eric Conrad, Seth Misenar, Joshua Feldman
CISSP Official (ISC)2 Practice Tests by Mike Chapple, David Seidl
ISC2 CISSP video lectures by Kelly Handerhan
Various videos selected on topics for additional clarification – especially cryptography
The Cybrary.it site with the CISSP videos and extra resources is pretty awesome. Watching their videos and using their stuff has been on topic, even with the new formats. Also, even though the format has changed, the information does not. If you know the topics, then you know them. There is no substitute for actual hands on knowledge and having the 5+ yrs of real world experience.
I used to recommend any editions you could find of the "Information Security Management Handbook." If you can still find any (mostly in the better company libraries) they are great.
Best single volume source is "Security Engineering," by Ross Anderson.
Check out http://victoria.tc.ca/int-grps/books/techrev/mnbksccd.htm
A co worker of mine was told mostly essay now. Is that correct? I had heard they had moved the tests online and used an adaptive scoring model, but nothing about an essay format.
Essay or Scenario based? Even when I took it on paper, it included Scenarios (a little story that then had 2-5 multiple choice questions related to the story). Computerized adaptive testing is not very compatible with essay (short answers -- 1 to 5 sentences) due to the need for real-time determination of an answer's correctness.
I also found the 11th Hour CISSP Study Guide by Conrad was a huge help. It mostly works as a reminder and focuses the learning material into a quick guide to read over the day before the test.
The CISSP exam contains a minimum of 100 questions and a maximum of 150 questions. Candidates have three hours to complete the exam. (ISC)2 uses an advanced testing system called Computerized Adaptive Testing (CAT).