I have been involved in security management, but I am currently more focused on OS390 system. I want to divert towards client server security to acquire more knowledge.
My main concern is at the first CISSP exam sitting. How is the passing grade rated? Do we get to accumulate credits or is it a requirement to pass a minimum of certain modules to qualify for a pass?
What is your opinion on self-study guides as opposed to online courses relating to CISSP? Would online courses provide wider coverage in terms of knowledge?
Thanks for your much needed advice.
Thanks for your recent e-mail inquiry about CISSP. You raise some very interesting questions, for which I have some (but not all) the information you seek. Unfortuately, this information is also hearsay because I am unable to find any written information about scoring on the ISC-squared Web site.
1. About the passing score
ISC-2 analyzes test scores for each pool of applicants who take the exam in a given year and adjusts the passing score based on performance of the overall population. Remember the "bell curve" from high school or college? Kind of works like that.
2. How a passing score is determined
Again, ISC-2 says nothing about whether minimum scores on each domain in the CBK is required or whether overall score is the only factor that's counted. Because the experience requirement for CISSP requires three years of activity in one or more CBK domains, my educated guess is that only the cumulative score is counted.
3. Self-study guides versus courses
There are lots of good self-study guides out there now -- particularly the Shon Harris CISSP All-in-One Study Guide from Osborne/McGraw-Hill. I've talked to numerous people who've used only that book and practice exams to take and pass the CISSP exam. That said, invididuals who do take courses report a less steep learning curve, a more enjoyable learning experience and less difficulty with the exam than those who self-study. It stands to reason that access to an expert instructor makes it easier to prepare. My colleague and co-worker took a "boot camp" on CISSP and passed easily on his first exam attempt.
If you can afford them, I recommend either instructor-led training (most preferable) or online training (next most preferable) in addition to self-study materials. Again, FYI, my colleague got the Shon Harris book as part of his boot camp study materials.
For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Advice on preparing for the CISSP
Ask the Expert: Qualification assessment for the CISSP
Careers and Certification Tip: Security certification -- CISSP