Your Guide to Pass CISSP, CCSP, and ISSAP Exams First Time.
1) Change Your Mindset
First of all, you need to remember that (ISC)2 exams – especially the ones I passed – are not only testing your technical knowledge, but they also test your mindset as well as some critical and essential skills relevant to any security professional.
From my perspective, the technical knowledge is not the hardest part, especially if you are coming from a solid technical background. On the other side, your technical knowledge and experience could be a barrier and could be one of the reasons to fail in the CISSP exam!
For example, if you believe that implementing and configuring a firewall is more important than writing or having a policy then definitely you will fail in your CISSP exam! Or If you don’t know which one comes first, then definitely you are in trouble.
One of the key things that will help you pass your CISSP exam is your mindset, if you still think about information security as an IT issue or if you believe a technical solution is the only way to handle information security threats then your mindset is not ready for the CISSP exam.
When I passed my CISSP exam, there were ten domains, now there are only 8 (still they cover the same areas), so to pass your CISSP exam you need to understand that information security is across all of these domains. You need to know which one comes first, which one rely on the other, and you need to know the relation between all of them.
For example, you may know the usage of the risk assessment and the usage of the business impact analysis. But do you know which one comes first? Do you know the exact context for each one? Do you know if they are related or not? Do you know the importance of each one regarding information security and compared to other security controls.
When I was delivering CISSP course, I used the following question to explain the point of changing your mindset.
If you are in a public library and while you are using one of its computers you found a vulnerability in that system, now what you have to do?
(A) Take benefit of this vulnerability and hack the system remotely from your home.
(B) Use your technical knowledge and experience and try to fix this vulnerability.
(C) Report this vulnerability to the system administrator.
(D) Report this vulnerability to the library manager.
Please take a minute or two and think about the correct answer, I will not tell you the answer now, I don’t want your eye to see it :)
Let us assume, that you agreed with me that changing your mindset is one of the key things that will help you pass (ISC)2 exams in general and CISSP in particular, now how to do it?
For CISSP, my advice is you need to do two things, first read one book, no more than one book, don’t spend much time in reading, it will not help, one book is more than enough. This book could be the official (ISC)2 Guide to the CISSP or Shon Harris book - even so; she died two years ago, but still her book is one of the best!
The second thing that you need to do is practicing a lot of questions, and the best source – to my knowledge – is www.ecccure.org.
Practicing questions is more important than reading extra books. It will help you finds areas, topics or terminologies that you need to know more about it, and will check your mindset readiness as well.
My advice is; after reading your book, spend at least 1 or two hours daily in practicing questions for at least three weeks, then sit for the exam.
Regarding ISSAP exam, I only read the official material.
For the CCSP exam, I took the (ISC)2 Live Online Training, plus reading the official material - which is part of the training bundle.
Referring back to the question, now I can tell you the correct answer is D. If you don't agree with me then your mindset is not ready yet :)
I will explain why this is the right answer in my next post (most probably in the next week), and I will talk more about the critical and essential skills relevant to any security professional that (ISC)2 test and I will tell you how they test it, so stay tuned :)
Finally, I hope this information helps you in your CISSP, ISSAP, CCSP journey, and if you have any question or comment, please leave it in the comments, and I will do my best to answer it either as a comment or in my next post.
Cloud Enablement & Security Expert | IT Risk Mitigation Strategist | Driving IT Transformation | Innovator in Lean Multi-Cloud & Hybrid IT Solutions
8 年I am giving my CCSP exam day after tomorrow ... right time to get hold of this article
A Cyber guy.
8 年Good stuff Rabei! In terms of the answer, two reasons I could think of not to choose C: 1. As the vulnerability might be placed by the system admin, it has conflicts to report this to the system administrator; 2. The library manager is accountable for the risk from technology areas.
Managing Director at Kalasko Inc
8 年Kareem Safwat El-Razzaz
Managing Director at Kalasko Inc
8 年I am taking the cissp course now and planning to take the exam dont k ow exactly when but planning to attend it later next quarter and need to know all the sources or the plan on how to study ?? i read ur article but is it enough to read the book once even if you will def not be able to summarize it from one time reading and are the questions from the web link
Cloud Presales Specialist | Microsoft Solution Architect | Azure Certified Engineer
8 年Rabei Hassan Thanks you for the update. Useful information. Krishna Chandran