This article can also be found in the Premium Editorial Download "Information Security magazine: Defense-in-Depth: Securing the network from the perimeter to the core."
Download it now to read this article plus other related content.
Stack O' Reading: No one resource can prepare you for the CISSP. At the same time, there are literally hundreds, perhaps thousands, of books and Web sites covering some aspect of the CBK. The goal is to read widely, if not necessarily deeply, in each domain. Remember, the exam is a mile-wide and an inch deep. Tailor your study plan accordingly.
An Amazon search reveals 15 books with "CISSP" in the title. There's even a CISSP for Dummies! I read every page of two 1,000-page "all-in-one" guides plus a smattering of other books and online resources. I also dabbled around and skimmed a half-dozen other books.
All-in-One CISSP Certification
By Shon Harris (McGraw Hill Osborne, 2002)
971 pages + CD, $80
This book is extremely comprehensive, and Harris has a knack for explaining complex technical topics in layman's terms without talking down to the reader. Harris also teaches an exam-cram class for Intense School, and has sat for (and passed) the CISSP exam on two separate occasions--both of which lend an air of authority to this guide.
While the text is good, the graphics in this book leave something to be desired. Some are too sketchy or generic to add anything to the textual discussion. Others are clearly space fillers, like the half-page photo of a fire extinguisher with the caption, "Portable extinguishers are marked indicating what type of fire they should be used on." (Gee, tell me more).
Each chapter/domain ends with a list of quick tips, which were very helpful. Harris also gives you 20-30 practice questions at the end of each domain, along with a CD containing hundreds of additional questions (the new edition reportedly contains 1,300 total questions with explanations). While the practice questions were good, taken together they're easier than many of the actual exam questions, which might give you a false sense of security.
The CISSP Prep Guide (Gold Edition)
By Ronald Krutz and Russell Vines (Wiley, 2003)
945 pages + CD, $80
The Krutz and Vines guide is also excellent. The Gold Edition is actually the combination of two other Wiley books by the same authors: the original CISSP Prep Guide and the Advanced CISSP Prep Guide. The Gold Edition also contains updated content based on reader suggestions.
I'm glad I read this book after Harris's book, because the presentation is tighter and more accelerated. There's not as much detail as in Harris's book, but the discussion moves along more quickly.
The Krutz and Vines book has a lot of practice questions, 660 in all, in addition to a CD-ROM containing two complete practice exams from Boson (see below). Most of the sample and bonus questions after each domain are about the same level as Harris's questions--in some cases, they're a little more advanced.
Also included after each domain/chapter are several "advanced sample questions" that the authors claim "are at a level commensurate with that of the CISSP Examination." Well, that's not strictly true. They are more difficult than the sample and bonus questions, giving you a sense of the level of detail to which you need to study. However, they don't capture the way in which the CISSP exam's questions are difficult. Some of Krutz and Vines's advanced questions are extremely verbose, which is definitely not the style of the CISSP exam. Others ask you to do computations or visual analysis--again, not the exam's M.O.
In any case, the authors provide long explanations to each answer, which helps.
The Total CISSP Exam Prep Book
By Thomas Peltier and Patrick Howard (Auerbach, 2002)
286 pages, $60
The title is misleading, because this is basically a book of sample test questions. Each chapter covers a domain, and each domain includes 25 practice study questions with explained answers. The good thing about this book is that it cites the sources from which the questions are drawn--down to the page number. This is a real bonus if you want to follow up. At the end of the book there's a full-length practice exam, which also comes with answer explanations and citations.
The Boson Web site offers three practice CISSP exams, 250 questions each. (Two of these exams are included on the Krutz and Vines CD-ROM.) Each exam costs $40. Don't take Boson Exam #1. Exams #2 and #3 have decent questions, though many candidates feel that CCCure's are better.
An indispensable site for CISSP candidates. Contains tons of CBK resources and thousands of practice questions. The CISSP quiz page lets you specify the number of questions you want to take, the level of difficulty (from "novice" to "pro"), and the CBK domains you want to cover. Best of all, it's free--all you have to do is register.
www.cccure.org, click on "Downloads" and go to "CISSP Study Guides"
One way of identifying weaknesses is to compare your study plan to that of other CISSPs. Michael Overly's Cramsession, in particular, is excellent--concise yet thorough, hitting on all the high points.
This was first published in June 2003