Manage to Succeed in Your CISSP Exam

The CISSP exam is undoubtedly challenging, but you can manage to succeed as I did.
The following are the critical success factors:
  1. Discipline and Commitment
  2. SMART Goals and Study Plan
  3. Effective Study Materials
  4. Effective and Efficient Study Approach

Discipline and Commitment

  • Keep studying every day. It’s more effective to study constantly than intermittently.
  • Reserve enough funds for your CISSP.

SMART Goals and Study Plan

  • Determine your exam date. You don’t have to register and pay for the exam immediately, but I encourage you to do so in the beginning. If you feel that you are not well prepared one week before your exam date, reschedule it.
  • Evaluate how many study hours you will spend preparing for the CISSP exam. In my opinion, 250-hour is a ballpark figure for your reference. Work experience related to general management, project management, ITIL foundation, and network essentials helps.

Effective Study Materials

  • Get one and only one study guide as your primary source; If you are affordable, a second source isn’t a bad idea. I recommend the ISC2 official study guide from Sybex as the primary.
  • Make good use of the practice questions and other resources companioned with the study guide. Typically, you can register the book online to get access to the online practice questions.
  • Get a reliable source of questions for more practice.
  • Before you sit for the CISSP exam, practice at least 2500 questions.

Effective and Efficient Study Approach

  • Keep a constant and stable pace of study.
  • Use the top-down approach. Building the high-level conceptual model of information security (your study blueprint) in the first one or two weeks is crucial. Don’t dive into the details in the beginning.
  • Weigh concepts over the facts. Please do understand how the principles, processes, lifecycles, and frameworks work and how to apply them in practice. Rote learning or memorizing everything doesn’t work.
  • Study information security with a business mindset. Relate what you have learned to your job; that is, study to solve problems and deliver values.


Information Security with Business Mindset

InformationSecurityDefinitionInfoSec with Business Mindset

The PeacockCISSP_Domains

Information Security is a discipline to protect information and information systems from threats through security controls to achieve the objectives of confidentiality, integrity, and availability (Tier 3), or CIA for short, support the organizational mission and processes (Tier 2) and create and deliver values (Tier 1).

Information security shouldn’t be a silo or managed with tunnel vision. Security is pervasive and ubiquitous. It has no border or the border of security should be removed if any.

A CISSP is a certified security professional of “Information Systems”. He or she should protect the underling information systems that support business processes and the organization as the diagram shows.

PS. An information system may support one or more different business processes, but the relationship between them in the diagram is simplified.

Exam Outline Matters

Exam Outline Booklet.png

When preparing for any exams, I always stick to the Exam Outline. I bound all the exam outlines all together into a booklet as the picture shows (CISSP, ISSMP, ISSEP, ISSAP, CCSP, and CSSLP; CISM, CRICS, CISA, and CGEIT). It guides me throughout the preparation process and turns out to be effective.

The following is the download link for the CISSP Exam Outline:…/CISSP-Exam-Outline-121417–Final.ashx

Join CISSP Made Easy!

Questions of the Day – 20190815

CISSP Practice Questions

  1. You are the CISO of your company. You have implemented an incident response program to handle security incidents. The on-premise ERP system gets in trouble and becomes unresponsive. The availability of the ERP system has been harmed. To which of the following should the ERP users report this incident?
    A. Service Desk
    B. Network Administrator
    C. Chief Information Officer (CIO)
    D. Computer Security Incident Response Team (CSIRT)
  2. You are the CISO of your company. You have implemented an incident response program to handle security incidents. Your online e-commerce web site is suffering distributed denial-of-service (DDoS) attack. The incident response team received a report from users that the e-commerce web site is offline and unreachable. What should the incident response team do first?
    A. Collect and preserve evidence
    B. Report to the senior management
    C. Document and prioritize the incident
    D. Contain, Eradicate, and Recover

Continue reading

How Good is Good Enough to Pass The CISSP Exam?


It’s common for CISSP aspirants to prepare the CISSP exam with the well-known study guides, either the official study guide from Sybex or the All-In-One CISSP Exam Guide from McGraw-Hill.

Some CISSP aspirants may study one or more of the study guides from cover to cover but still failed in the exam. It is because some topics are addressed inconsistently across those study guides and it’s not enough to prepare for this exam just by the book.

CISSP aspirants have to follow the study guides, solve the conflicting perspectives among the books or authors, and develop your own perspectives and justify them based on your study, research, and experience.

To pass the CISSP exam, you have to develop your capability to the second level – 破(Ha). Joining discussion groups and doing more quality practice questions help a lot.

My Facebook group, CISSP Made Easy, is founded to help you succeed in the CISSP exam for free. Join CISSP Made Easy to share and learn like a CISSP right now!

Join CISSP Made Easy!

Get Started Your CISSP Journey

  1. You decided to start your CISSP journey.
    What does it mean by CISSP?
    A. Certification of Information Systems Security Professional
    B. Certificate of Information Security Specialist Profession
    C. Certified Information Security Specialist Professional
    D. Certified Information Systems Security Professional
  2. You need the official CISSP information.
    Which web site should you visit?
  3. You are planning for your CISSP study and need to determine the scope.
    Which of the following determines the scope of the CISSP exam?
    A. The ISC2 Official Study Guide from Sybex
    B. The CISSP All-In-One (AIO) Study Guide from McGraw-Hill
    C. The NIST Special Publication 800 Series
    D. The ISC2 CISSP Exam Outline
  4. You are starting to prepare for the CISSP exam.
    Which of the following is a CISSP starter page?
  5. You are trying to frame your information security concepts.
    Which model from Wentz Wu can be used as a reference conceptual model?
    A. The Amicliens InfoSec Conceptual Model as a mind map
    B. The ISO OSI 7-Layer Reference Model
    C. Porter’s Five Forces Analysis
    D. The PMI’s PMBOK

Join CISSP Made Easy!