CISSP Study Guide

A well-structured study plan is key to passing the CISSP (Certified Information Systems Security Professional) exam, which covers a vast range of cybersecurity topics. The CISSP exam covers eight domains, and candidates must be well-versed in each to succeed. Here’s a comprehensive CISSP study plan that spans over three months, which is typical, but it can be adjusted depending on your schedule and familiarity with the material.

Step-by-Step CISSP Study Plan (3 Months)

Week 1: Set Up and Resources

  • Get Study Materials:
    • Official (ISC)² Guide to the CISSP CBK, 5th Edition (official textbook)
    • CISSP Official Practice Tests (for exam simulations)
    • Eleventh Hour CISSP: Study Guide (for quick review)
    • CISSP All-in-One Exam Guide by Shon Harris (a comprehensive study guide)
    • Access to practice tests and flashcards (like CCCure Quiz Engine, Boson, etc.)
  • Create a Study Schedule:
    • Dedicate 2-3 hours of study time on weekdays and 4-5 hours on weekends.
    • Ensure time for review and practice tests before the exam.
    • Build in time for breaks, to stay refreshed.
  • Set a Goal: Register for the exam to set a deadline for yourself and create accountability.

Weeks 2–10: Domain-Focused Study

The CISSP exam is broken down into eight domains. The plan allocates one week per domain, with extra time for revision and practice tests.

Week 2: Domain 1 – Security and Risk Management

Week 3: Domain 2 – Asset Security

  • Topics include: Information classification, Ownership (data and system), Privacy protection, Retention policies, Data security controls, and Handling requirements.
  • Focus on memorizing data classification models and policies.
  • Practice Questions: 50-100 questions daily.

Week 4: Domain 3 – Security Architecture and Engineering

Week 5: Domain 4 – Communication and Network Security

  • Topics include: OSI and TCP/IP models, Firewalls, VPNs, Secure communication protocols, and Network attacks (DoS, man-in-the-middle, etc.).
  • Study network protocols, their vulnerabilities, and security measures.
  • Practice Questions: 50-100 questions daily.

Week 6: Domain 5 – Identity and Access Management (IAM)

  • Topics include: Access control models (RBAC, DAC, MAC), Single sign-on (SSO), Authentication and authorization, Identity management lifecycle, and Federated identity systems.
  • Pay attention to access control methodologies and authentication methods like biometrics.
  • Practice Questions: 50-100 questions daily.

Week 7: Domain 6 – Security Assessment and Testing

  • Topics include: Vulnerability assessment, Penetration testing, Security audits, Log management, Risk assessment, and Security testing methodologies.
  • Understand different testing methods (white-box, black-box, gray-box) and how to implement and review audit logs.
  • Practice Questions: 50-100 questions daily.

Week 8: Domain 7 – Security Operations

  • Topics include: Incident response, Forensics, Disaster recovery (DR), Continuity of operations, Logging and monitoring, Patch management, and Vulnerability management.
  • Focus on the incident response lifecycle, disaster recovery planning, and operational security processes.
  • Practice Questions: 50-100 questions daily.

Week 9: Domain 8 – Software Development Security

  • Topics include: Secure software development lifecycle (SDLC), Software vulnerabilities (buffer overflow, SQL injection, etc.), Security controls in development, and Application security.
  • Study OWASP Top 10 vulnerabilities and the importance of security in each phase of the software development lifecycle.
  • Practice Questions: 50-100 questions daily.

Weeks 10–12: Review and Practice Tests

  • Review: Use these weeks to go over all the domains. Pay extra attention to areas where you scored lower during your weekly tests.
  • Simulate the Exam: Take full-length practice exams to simulate the real test environment. Aim to take at least two full exams, one at the beginning of Week 11 and one toward the end.
    • Review incorrect answers thoroughly.
  • Flashcards: Use flashcards for key terms and concepts (especially helpful for memorizing cryptographic algorithms, security models, and standards).
  • Revise the Weak Areas: Allocate extra study time to areas where you’re less confident.

Last Week: Pre-Exam Preparation

  • Final Review: Skim through the Eleventh Hour CISSP guide for a quick review of key points.
  • Rest: Avoid cramming the night before the exam. Instead, relax and get a good night’s sleep.
  • Day Before the Exam: Prepare all necessary documents, arrive early at the exam center, and stay calm.

General Tips Throughout the Study Plan

  • Stay Consistent: Consistency is key. Study regularly, even if it’s just an hour some days.
  • Join Study Groups: If possible, join a CISSP study group for motivation and to discuss complex topics.
  • Understand Concepts, Don’t Just Memorize: CISSP focuses heavily on understanding and applying security principles rather than memorizing facts.
  • Use Multiple Resources: Study guides, video tutorials, and practice questions from different sources (like Cybrary, Boson, or official ISC² material) will give you a more comprehensive view of the material.

Summary of 3-Month CISSP Study Plan:

WeekDomain
Week 1Setup, resources, study schedule
Week 2Domain 1: Security and Risk Management
Week 3Domain 2: Asset Security
Week 4Domain 3: Security Architecture & Engineering
Week 5Domain 4: Communication & Network Security
Week 6Domain 5: Identity & Access Management
Week 7Domain 6: Security Assessment & Testing
Week 8Domain 7: Security Operations
Week 9Domain 8: Software Development Security
Week 10Review and Practice Tests
Week 11Full-Length Exam Simulations
Week 12Final Review & Exam Preparation