Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Certified Information Systems Security Professional (CISSP) Exam Guide

You're reading from   Certified Information Systems Security Professional (CISSP) Exam Guide Become a certified CISSP professional with practical exam-oriented knowledge of all eight domains

Arrow left icon
Product type Paperback
Published in Sep 2024
Publisher Packt
ISBN-13 9781800567610
Length 526 pages
Edition 1st Edition
Arrow right icon
Authors (3):
Arrow left icon
Ted Jordan Ted Jordan
Author Profile Icon Ted Jordan
Ted Jordan
Ric Daza Ric Daza
Author Profile Icon Ric Daza
Ric Daza
Hinne Hettema Hinne Hettema
Author Profile Icon Hinne Hettema
Hinne Hettema
Arrow right icon
View More author details
Toc

Table of Contents (28) Chapters Close

Preface 1. Intro I: Becoming a CISSP FREE CHAPTER 2. Intro II: Pre-Assessment Test 3. Chapter 1: Ethics, Security Concepts, and Governance Principles 4. Chapter 2: Compliance, Regulation, and Investigations 5. Chapter 3: Security Policies and Business Continuity 6. Chapter 4: Risk Management, Threat Modeling, SCRM, and SETA 7. Chapter 5: Asset and Privacy Protection 8. Chapter 6: Information and Asset Handling 9. Chapter 7: Secure Design Principles and Controls 10. Chapter 8: Architecture Vulnerabilities and Cryptography 11. Chapter 9: Facilities and Physical Security 12. Chapter 10: Network Architecture Security 13. Chapter 11: Securing Communication Channels 14. Chapter 12: Identity, Access Management, and Federation 15. Chapter 13: Identity Management Implementation 16. Chapter 14: Designing and Conducting Security Assessments 17. Chapter 15: Designing and Conducting Security Testing 18. Chapter 16: Planning for Security Operations 19. Chapter 17: Security Operations 20. Chapter 18: Disaster Recovery 21. Chapter 19: Business Continuity, Personnel, and Physical Security 22. Chapter 20: Software Development Life Cycle Security 23. Chapter 21: Software Development Security Controls 24. Chapter 22: Securing Software Development 25. Chapter 23: Secure Coding Guidelines, Third-Party Software, and Databases 26. Chapter 24: Accessing the Online Practice Resources 27. Other Books You May Enjoy

CISSP Exam Overview

The CISSP exam outline is the most important tool when preparing for the certification. It is no exaggeration to say it is the roadmap of the test. This section will explain why it is so important to know it well. First and foremost, it is what ISC2 uses to build the test questions. The certification industry (organizations such as ISC2, ISACA, SANS, and CompTIA) calls exam questions items. The process of building test questions is called item writing, which for the CISSP exam and ISC2 is done by volunteer CISSPs in an item writing workshop.

If you search the web for item writing, you’ll find many first-hand accounts from volunteers about their experiences of participating in an item writing workshop. There are some excellent ones on ISC2 where volunteers share their workshop experiences and details about the item writing process: https://packt.link/SvggM. ISC2 works very hard to protect the confidentiality and efficacy of their item bank (their database of exam questions). So, don’t waste your time trying to find or use brain-dumps or allegedly real questions (most likely fake).

Your study time is much better spent understanding the material covered in the exam outline and how ISC2 uses it to build items. The exam outline is the product of another kind of volunteer workshop, known as a JTA. In this workshop, the volunteer CISSPs review the current outline and update it to more accurately reflect the knowledge and skills a CISSP should have today and over the next three-year cycle. Once this crucial step is complete, the existing items in the bank must be mapped to the new outline. This is also done by volunteer CISSPs in a workshop called an item mapping workshop.

The item mapping process is important for two reasons. First, categorizing items into the appropriate part of the outline is necessary to build every test with an exact balance of items from the appropriate part of the outline, as determined by the JTA. The weighting of the outline will be discussed in detail later. Second, item mapping is necessary to determine where and how big the holes are in the item bank. These holes are then assigned to subsequent item writing workshops to be filled with new items based on the new exam outline. See https://packt.link/IqXal to view the outline.

This aspect will be of particular interest to you as you prepare for the CISSP exam. Each item must map to a specific topic in the exam outline. No surprise items on topics not covered by the exam outline are allowed. So, the exam items are fixed by the exam outline—this is an unbreakable rule. That being said, the outline is divided into eight domains or areas of knowledge, which you will soon see can be quite broad.

Domains

A domain is a broad collection of related information. In this section, you will become more familiar with the exam outline. The top level of the outline represents the eight domains. The second level represents the subject areas within the domain that CISSP candidates need to be familiar with related to that domain. Many second-level subject areas have a third level to further clarify the knowledge that is to be tested in the exam at the level above it. Any concept under the umbrella of a domain is fair game as a potential exam item.

It is no coincidence that this book is laid out exactly like the CISSP exam’s outline, as that is the information you need to know. Each domain in the exam outline will be covered by one or more chapters in this book. The goal is to introduce and explain each concept in the exam outline. Not only do you need to memorize this, but you also need to understand it as the exam tests your ability to correctly apply concepts to solve situations. It is not possible to capture every bit of potential information contained within a domain. This book will at least introduce every concept in the outline and delve deeper into those areas that are understood to have a high probability of showing up on your test.

CISSP CAT Examination Weightage

As mentioned earlier, each domain in the exam outline has a weight assigned. This means the Pearson VUE testing software must build your test with the exact percentage weights that are prescribed in the exam outline. So, if your test has 100 scored items, 16% or 16 items will be about concepts in Domain 1, Security and Risk Management.

While all ISC2 exam outlines provide domain-level weights, the CISSP exam outline provides weights for both linear testing and CAT. See https://packt.link/UCB05 for more information. The following table shows the domain level (the top level) of the exam outline, along with its corresponding weights:

Domain

Weight

1. Security and Risk Management

16%

2. Asset Security

10%

3. Security Architecture and Engineering

13%

4. Communication and Network Security

13%

5. Identity and Access Management (IAM)

13%

6. Security Assessment and Testing

12%

7. Security Operations

13%

8. Software Development Security

10%

Table 1.1: CISSP CAT examination weights

The weights are the same for both versions (linear testing and CAT) of the test. ISC2 publishes item weight information for both linear testing and CAT in case you plan on taking a non-English version of the CISSP exam. All ISC2 exams besides the English CISSP exam are linear. See https://packt.link/oNM7u for the other languages available. While the domain weights are fairly evenly balanced, they do have a little difference among them. This may help you budget your time and help you decide where you want to focus your study efforts. This information, combined with the pre-assessment test in the next chapter, can provide insights into where and how to focus your time.

CISSP CAT Examination Information

In 2017, ISC2 began using CAT for all English CISSP exams worldwide. This version of the test covers the same material from the exam outline as the traditional test (linear testing). According to ISC2, “CISSP CAT is a more precise and efficient evaluation of your competency” (https://packt.link/TxPI2). Translation—it is a little less painful. If you know the material, the CAT exam can determine that in fewer items. You go from the linear test, which is 6 hours long and contains 250 items, to a 3-hour test with potentially as few as 100 items in the CAT exam.

Overall, the CAT exam is much nicer than the linear version. That being said, there are a few things about the CAT exam you should know so that you are not surprised. First, the CAT scoring algorithm is much more efficient. This means that you never really know when the test is going to end.

You know the absolute minimum (100 items) and the absolute maximum (3 hours), although it is unlikely that you will finish at either of those two extremes. The test ends as soon as the algorithm is confident you either know your stuff or you don’t. If you don’t know your stuff, the algorithm will not just let you run down the clock while exposing more items to you if it already knows you are not going to pass.

You have been reading a chapter from
Certified Information Systems Security Professional (CISSP) Exam Guide
Published in: Sep 2024
Publisher: Packt
ISBN-13: 9781800567610
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image