Passing grade and study preparation for CISSP

Thanks for your recent e-mail inquiry about CISSP. You raise some very interesting questions, for which I have some (but not all) the information you seek. Unfortuately, this information is also hearsay because I am unable to find any written information about scoring on the ISC-squared Web site.

1. About the passing score

ISC-2 analyzes test scores for each pool of applicants who take the exam in a given year and adjusts the passing score based on performance of the overall population. Remember the "bell curve" from high school or college? Kind of works like that.

2. How a passing score is determined

Again, ISC-2 says nothing about whether minimum scores on each domain in the CBK is required or whether overall score is the only factor that's counted. Because the experience requirement for CISSP requires three years of activity in one or more CBK domains, my educated guess is that only the cumulative score is counted.

3. Self-study guides versus courses

There are lots of good self-study guides out there now -- particularly the Shon Harris CISSP All-in-One Study Guide from Osborne/McGraw-Hill. I've talked to numerous people who've used only that book and practice exams to take and pass the CISSP exam. That said, invididuals who do take courses report a less steep learning curve, a more enjoyable learning experience and less difficulty with the exam than those who self-study. It stands to reason that access to an expert instructor makes it easier to prepare. My colleague and co-worker took a "boot camp" on CISSP and passed easily on his first exam attempt.

If you can afford them, I recommend either instructor-led training (most preferable) or online training (next most preferable) in addition to self-study materials. Again, FYI, my colleague got the Shon Harris book as part of his boot camp study materials.