I am excited to share that I passed the CC Exam on the first try. Looking forward to sitting for the CISSP in early August. Let the studying begin!
Congratulations. I have my CISSP in 2 weeks so Ill let you know how it is.
Give us success tips please, I am writing CC in a couple of days, I have been using Coursera and Udemy online resources more
This is what I did.
Provide yourself with an environment where you can study. Study the free training material from ISC2. Make sure you do the pre-assessment and the final assessment and make sure that you understand and research all of the questions in there.
I only went through the material once because I already knew about 80% of the stuff in there so these are the things I knew already working in different businesses.
Data protection and classification
Networks and routing including TCP/IP, OSI Layer, Packet inspection and analysis.
Risk Management
ITIL processes (I am ITIL v3 certified and used to be the Change Manager)
PCI-DSS - I had to implement a lot of ISO 27001 controls because of this and needed to adopt GDPR because of card data
BCDR - This is like a day to day thing with me. Managing backups and recovery, testing the consistency of them by recovery and testing with users. Setting the BCDR strategy, agree with the business RPO and RTO, writing the policies, updating and testing plans, putting in practice and scenario planning.
Databases and software development lifecycle
The things I was not fully aware of.
NIST frameworks. Make sure you know your NIST frameworks for the areas included. Especially 800-37, and 800-53 what the difference is. You dont need to know whats in them as such but you need to know the difference between them.
Know what other frameworks are in place for other business areas, HIPAA for health, COSO for finance
Other security frameworks globally, like the Asia one and how many counties are in it.
Basically everything which is in the training is useful and if you don't understand something then do a bit of investigation.
You may get a question like "Someone is having a problem with a network, sending traffic to another VLAN. Which layer of the OSI should you look at?" Or "Which access control model applies in the following scenario: Someone needs access to something"
I would definitely learn the OSI layer, Learn the core NIST frameworks, Learn access control models. Also read the questions closely and forget real world environments for some of the questions.