Contents

1. The Strategic Role of CISSP
2. CISSP Domains of Knowledge
3. Amicliens InfoSec Conceptual Model
4. CISSP Exam Preparation Strategy
5. CISSP Exam Preparation Materials
6. The Effective CISSP Series
7. CISSP Starter Resources Kit
8. Practice Question (Wentz QOTD)
9. CISSP Communities
10. Other CISSP Resources

---

Featured Posts

• The CISSP Test-Driven Study Strategy
• CISSP Domain Refresh, effective on May 1, 2021

---

1. The Strategic Role of CISSP

2. CISSP Domains of Knowledge

CISSP is one of the most challenging exams ever because of its comprehensive perspectives and requirements of solid conceptual level understanding and in-depth insights into managerial and technical issues.

• Think Like a Manager!
  It’s comprehensive, and you have to think from a variety of perspectives, such as board director, senior management, CISO, auditor, legal counsel, purchasing and HR staff, engineer, developer, project and program manager, end-user, attacker, and so forth. Experience or certifications of PMP, ITIL/ITSM, or CCNA help quite a bit.
• But You Need to Know Technologies!
  The CISSP exam, from my point of view, can be divided into two parts: management (Domain 1, 2, 5, 6, and 7) and technology (Domain 3, 4, and 8). It’s a body of knowledge, not a collection of discrete knowledge points.

3. WUSON Information Security Essentials (WISE Model)

1. Build your own blueprint or conceptual model (e.g., WISE Model) in one week by skimming, browsing, speed-reading your study guide, mentoring, tutoring, training, or any other approaches available.
2. Base your learning on the model and study topic by topic iteratively and progressively. This is the Agile way to increase knowledge (value) iteratively.
3. After you have informed and enriched your conceptual model, it’s about time to read your study guide from cover to cover.
4. Review the CISSP exam outline every day to ensure you are on the right track and measure your progress.
5. Practice questions in Sudoku 365 (Wentz QOTD) until you understand the concepts behind each question and score higher than 80%. This approach is called test-driven.

Progressive Learning in Parallel (like the right-hand side). That is, read each domain progressively and in parallel like the right-hand side of animation depicts. Most people tend to read domain by domain like the left-hand side.

4. CISSP Exam Preparation Strategy

The critical success factors of CISSP are the effectiveness of your study plan, persistence, discipline, and communication with and support from your family and boss.

EXAM PREPARATION TIPS

• Is the CISSP Exam Hard?
• A Questionnaire from CertificationStation@Discord
• 10 Tips for Passing CISSP by Fadi Sodah (aka Madunix)

5. CISSP Exam Preparation Materials

• To start your CISSP journey, please download The CISSP Exam Outline first. Read and explain it to your friends until you can do that well and feel confident.
• The Effective CISSP: Security and Risk Management is a CISSP starter book as a supplement to the official and other study guides. It helps you build a solid foundation for information security and risk management.
• The Sybex CISSP Official Study Guide (OSG) 8th is a tutorial to help you understand the CISSP exam outline.
• The Official ISC2 Guide to the CISSP CBK Reference 5th, also known as CBK, explains the CISSP exam outline in detail. When in doubt, refer to the CBK.
• It’s crucial to browse the CBK suggested references, the NIST Special Publications, and CISSP notes.

6. The Effective CISSP Series

My book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals. Please visit Wentz’s Publications for details.

*** The CISSP Test-Driven Study Strategy

7. CISSP Starter Resource Kit

STUDY GUIDES

1. The Effective CISSP: Security and Risk Management (Starter/Orientation)
2. (ISC)2 CISSP Official Study Guide, 8th Edition (OSG) (Primary Source)

The following are optional materials:

• CISSP All-in-One Exam Guide, 8th Edition (AIO) (Secondary Source)
• The Official (ISC)2 Guide to the CISSP CBK Reference, 5th Edition (CBK) (When in doubt)

VIDEOS

1. (ISC)² Certification Webcasts
2. Kelly Handerhan@Cybrary
3. CISSP Shon Harris
4. CISSP Domain 2 Review by Destination Certification

NOTES

1. Sunflower CISSP™ 2019 PDF Document by Frankrijker, Reina & Warnock
2. CISSP Process Guide V.21, 2020 by Fadi Sodah (aka Madunix)
3. Memory Palace CISSP Notes by Prashant Mohand
4. Lance’s CISSP Notes
5. TOP 10 TIPS for the CISSP exam by Luis Alejandro Sosa
6. CISSP Certification Resources by Saiprasad C Bandlora

8. Practice Question (Wentz QOTD)

KINDLE BOOKS AND PAPERBACK

I suggest doing practice questions in the following order:

1. CISSP Official (ISC)2 Practice Tests
2. How To Think Like A Manager for the CISSP Exam (Kindle)
3. The Effective CISSP: Practice Questions (CISSP Sudoku 365)

QOTD (QUESTION OF THE DAY)

1. Wentz’s CISSP Practice Questions (QOTD)
2. QOTD by Adam Gordon
3. QOTD by Colin Weaver, ITDojo

TEST ENGINE

1. ThorTeaches
2. Luke’s Study Notes and Theory (SNT)
3. Boson
4. CCCure

9. CISSP Communities

THE EFFECTIVE SECURITY GROUPS

1. Effective Security Group Rules
2. Effective Security on Facebook
3. Effective Security on Telegram
4. Effective Security on YouTube
5. 追求高效能的資安臉書群組 (Effective Security in Taiwan)

FACEBOOK GROUPS

1. The Effective Security Facebook Group
2. CISSP Exam Preparation – Study Notes and Theory
3. CISSP, CISM and PMP certification training by Thor Teaches!
4. Information Audit
5. Cybersecurity Lounge by Russ Michael

CHAT ROOMS

1. CISSP, CISM, and PMP Study Group by Thor Teaches
2. Certification Station on Discord

FORUMS

1. r/cissp on reddit

10. Other CISSP Resources

1. NIST Glossary
2. Wentz’s Glossary
3. Rainbow Series
4. ISC2 CISSP Glossary – Student Guide
5. SNT Study Resources
6. Thor Teaches Study resources

11. Awesome YouTube Channels

1. Talks at Google
2. University of Virginia School of Law
3. UChicago Social Sciences

12. More ISC2 Certification Exam Outlines

1. CISSP Exam Outline (Effective Date: April 2018)
2. CISSP Exam Outline (Effective Date: May 1, 2021)
3. CISSP-ISSAP Exam Outline (Effective Date: October 14, 2020)
4. CISSP-ISSEP Exam Outline (Effective Date: November 13, 2020)
5. CISSP-ISSMP Exam Outline (Effective Date: May 2018)
6. CCSP Exam Outline (Effective Date: August 1, 2019)
7. CSSLP Exam Outline (Effective Date: September 15, 2020)
8. HCISPP Exam Outline (Effective Date: September 1, 2019)
9. CAP Exam Outline (Effective Date: August 15, 2021)
10. SSCP Exam Outline (Effective Date: November 2018)

免责声明：我不会违反ISC2保密协议。关于与考试内容相关的具体问题，请不要发送电子邮件或与我联系。保密协议副本可在以下网址找到：ISC2保密协议。

我通过了考试（2018年7月）并获得了我的背书！

这是我参加过的最难的考试之一。

测试的韧性主要是由于缺乏更新测试的官方研究材料，以及目前正在准备认证的一小群人。

考试绝对遵循ISC2方法，确保你对基本主题有充分的理解。这些问题考验你运用核心理解的能力，我认为没有办法研究这些问题。相反，你必须从核心层面真正理解材料。

您需要确保完全理解核心CISSP以及扩展的ISSAP问题深度。

如果CISSP是“一英里宽一英寸深”，ISSAP是1/2英里宽几英尺深。

研究计划

以下是我为考试学习的方式：

• 阅读ISSAP CBK官方（ISC）2指南-第2版（我仔细阅读了一遍。我阅读了一遍，重点是我无法立即记住细节的任何领域。我最后一次阅读是为了复习和验证我对每个领域的理解）
• 阅读ISC2 CBK章节目录中确定的所有在线文档
• 阅读ISC2 CBK ISSAP建议参考文献中确定的所有在线文档（我没有购买ISSAP CBK以外的任何书籍）
• 下载ISSAP的ISC2考试大纲，搜索并阅读各部分的参考文献（重点关注NIST文件、白皮书和RFP）
• 下载并阅读了Jake Eliaz CISSP-ISSAP松散笔记，谢谢Jake！
• 我还重温了CISSP的研究材料（《向日葵研究指南》和Shon Harris CISSP的《一体式》一书，特别是《快速提示》一章的结尾）
   

试题准备

我使用了ISC2 CISSP和CISSP-ISSAP手机应用程序来运行试题。

参加测试

你必须集中注意力并放松。

我开始做一些深呼吸练习，大约每25个问题重复一次。这有助于我放松、集中注意力，并将注意力从之前的一组问题上转移开。

• 阅读问题。再读一遍问题。将问题读三遍。
• 阅读可能的答案。
• 再读一遍问题。
• 选择您的答案。
  祝你好运