Peter H. Gregory

CISSP For Dummies


Скачать книгу

hours of study, you may be tempted to spread this study over a 6-month period for 2 hours a day. Consider, however, that committing to six months of intense study is much harder (on you, as well as your family and friends) than two months. In the end, you’ll likely find yourself studying only as much as you would have in a 60-day period anyway.

      Studying on your own

      Self-study might include books and study references, a study group, and practice exams.

      Begin by downloading The Ultimate Guide to the CISSP from the (ISC)2 website at https://www.isc2.org/Certifications/CISSP. This guide provides a good overview of the CISSP certification and the exam, as well as links to several helpful CISSP study resources.

      Next, read this (ISC)2-approved book, and review the online practice at www.dummies.com. (See the introduction for more information.) CISSP For Dummies is written to provide a thorough and essential review of all the topics covered on the CISSP exam. Then read any additional study resources to further your knowledge and reinforce your understanding of the exam topics. You can find several excellent study resources in the official CISSP Certification Exam Outline. Finally, rinse and repeat: Do another quick read of CISSP For Dummies as a final review before you take the actual CISSP exam.

      Warning Don’t rely on CISSP For Dummies (as awesome and comprehensive as it is!) or any other book — no matter how thick it is — as your sole resource to prepare for the CISSP exam.

      Joining a study group can help you stay focused and provide a wealth of information from other security professionals' broad perspectives and experiences. It’s also an excellent networking opportunity (the talking-to-real-people type of network, not the TCP/IP type of network)! Study groups or forums can be hosted online or at a local venue. Find a group that you’re comfortable with and flexible enough to accommodate your schedule and study needs. Or create your own study group!

      Finally, answer lots of practice exam questions. Many resources are available for CISSP practice exam questions. Some practice questions are too hard, others are too easy, and some are just plain irrelevant. Don’t despair! The repetition of practice questions helps reinforce important information that you need to know to successfully answer questions on the CISSP exam. For this reason, we recommend taking as many practice exams as possible. Start with the online practice at www.dummies.com (see the introduction for more information).

      Warning No practice exams exactly duplicate the CISSP exam. And forget about brain dumps. Using or contributing to brain dumps is unethical and is a violation of the (ISC)2 nondisclosure agreement, which could result in your losing your CISSP certification permanently.

      Getting hands-on experience

      Getting hands-on experience may be easier said than done, but keep your eyes and ears open for learning opportunities while you prepare for the CISSP exam.

      If you’re weak in networking or applications development, for example, talk to the networking group or developers in your company. They may be able to show you a few things that can help you make sense of the volumes of information that you’re trying to digest.

      Tip Your company or organization should have a security policy that’s readily available to its employees. Get a copy, and review its contents. Are critical elements missing? Do any supporting guidelines, standards, and procedures exist? If your company doesn’t have a security policy, perhaps now is a good time for you to educate management about issues of due care and due diligence as they relate to information security. Review your company’s plans for business continuity and disaster recovery, for example. Those plans don’t exist? Perhaps you can lead this initiative to help both yourself and your company.

      Getting official (ISC)2 CISSP training

      Classroom-based CISSP training is available as a five-day, eight-hours-a-day seminar led by (ISC)2-Authorized Instructors at (ISC)2 facilities and (ISC)2 Official Training Providers worldwide. Private onsite training is also available, led by (ISC)2-Authorized Instructors and taught in your office space or a local venue. This option is convenient and cost-effective if your company sponsors your CISSP certification and has 10 or more employees taking the CISSP exam. If you generally learn better in a classroom environment or find that you have knowledge or experience in only two or three of the domains, you might seriously consider classroom-based training or private onsite training.

      If it’s not convenient or practical for you to travel to a seminar, online training seminars provide the benefits of learning from an (ISC)2-Authorized Instructor at your computer. Online training seminars include real-time, instructor-led seminars offered on a variety of schedules, with weekday, weekend, and evening options to meet your needs, as well as access to recorded course sessions for 60 days. Self-paced training is another convenient online option that provides virtual lessons taught by authorized instructors with modular training and interactive study materials. Self-paced online training can be accessed from any web-enabled device for 120 days and is available any time and as often as you need.

      You can find information, schedules, and registration forms for official (ISC)2 training at https://www.isc2.org/Certifications/CISSP.

      Attending other training courses or study groups

      Other reputable organizations offer high-quality training in both classroom and self-study formats. Before signing up and spending your money, we suggest you talk to someone who has completed the course and can tell you about its quality. Usually, the quality of a classroom course depends on the instructor; for this reason, try to find out from others whether the proposed instructor is as helpful as they are reported to be.

      Many cities have self-study groups, usually run by CISSP volunteers. You may find a study group where you live, or if you know some CISSPs in your area, you might ask them to help you organize a self-study group.

      Tip Always confirm the quality of a study course or training seminar before committing your money and time.

      Taking practice exams

      Taking practice exams is a great way to get familiar with the types of questions and topics you’ll need to be familiar with for the CISSP exam. Be sure to take advantage of the online practice exam questions that are included with this book. (See the introduction for more information.) Although the practice exams don’t simulate the adaptive testing experience, you can simulate a worst-case scenario by configuring the test engine to administer 150 questions (the maximum number you might see on the CISSP exam) with a time limit of 3 hours (the maximum amount of time you’ll have to complete the CISSP exam). Learn more about computer-adaptive testing for the CISSP exam in the “About