If you’re an IT professional who’s serious about information security, then at some point in your career, you’ll likely want to add the (ISC)2 Certified Information Systems Security Professional (CISSP) credential to your certification portfolio. Globally recognized, CISSP is the pinnacle of the (ISC)2 certification ladder, attainable only by the crème de la crème of information security professionals.
Earning the credential isn’t easy, but making the commitment can be lucrative. According to the 2017 (ISC)2 Global Information Security Workforce Study, the average income for a security professional in the United States is a healthy $120,000 per year. Couple that with high industry demand, low unemployment (only 1–2 percent), and the fact that according to the 2015 Security Workforce Study, (ISC)2 certified professionals earn an average of 35 percent more than non-certified peers, and it’s easy to see why the CISSP is a coveted credential.
The CISSP exam is rigorous. Containing 250 questions, the exam can last up to a grueling six hours. To be successful, you need to have a thorough understanding of the topics and materials covered in the exam and be adequately prepared. Here you’ll find some of the top study guides, CISSP practice exams and other training materials available to guide you on your path to the CISSP.
Learn about eight domains of knowledge
The CISSP exam covers eight “common body of knowledge” (CBK) domains. The CBK domains are designed to validate your managerial and technical knowledge and expertise, as well as your ability to engineer, design, and manage security solutions for an organization.
To be eligible to take the exam, candidates must demonstrate that they have a minimum of five years of real-world work experience in at least two of the eight domains.
Choosing current study materials
On April 15, 2018, (ISC)2 updated the CISSP CBK domains and rolled out a new exam. The current domains are:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
Some, but not all, of our recommended resources have already upgraded to the new 2018 CBK guidelines. Resources that haven’t yet moved to the 2018 CBK domains are still top resources, but depending on your testing schedule, you may want to wait for an updated edition to be released.
In a recent blog post we summed up the key CISSP exam changes effective April 2018 you need to be aware of as you prepare for the new version of the CISSP exam.
The best preparation guides and study books
Here are some of the top study and preparation guides. Except where otherwise noted, all prices reflect the list prices which were current on Amazon.com as of the writing of this article. As with any printed media, prices are subject to change at the direction of the publishers.
Optimize your study period by enjoying any of the excellent books and study guides in this list of the top 8 CISSP certification books.
Top 8 CISSP Certification Books for the Information Systems Security Professional
1. CISSP All-in-One Exam Guide, 6th Edition by Shon Harris
This is the only CISSP certification book you will need to pass the exam. Everything is covered in the ample amount of detail and is very well-explained even for those who may be unfamiliar with technology and all the domains. It also provides great examples and excellent scenarios of different security concepts.
2. CISSP Practice Exams, Second Edition by Shon Harris
This CISSP certification book is a great way to prepare. You will thoroughly enjoy reading the justification it makes for each of the answers and why a particular choice is right or wrong. It really drives home the defining reasons and pinpoint what you need to go focus on and study, which is is critical for exam preparation.
3. CISSP: Certified Information Systems Security Professional Study Guide by James M. Stewart, Mike Chapple and Darril Gibson
It’s well structured, concise, and easy to follow, with enough information to get you on your way to becoming a CISSP. The authors of this CISSP certification book do a phenomenal job in organizing the CBKs. This book is excellent material for discussing the topics that you should know!
4. CISSP For Dummies by Miller and Peter Gregory
A worthwhile reference, this CISSP certification book provides a thorough overview of the Common Body of Knowledge (CBK). It offers a great balance between depth and breath, and it refrains from getting bogged down by minutia like some other study guides. It also includes a 250-question practice test which can give you a relatively good feel for how likely you are to pass the exam.
5. Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press) by Steven Hernandez CISSP
The essential reference, this CISSP certification book includes reasonable explanations of technical concepts, security-related principles, and laws. It presents the material in a very logical and direct manner. The highlights and sample questions are similar to those provided in the exam, which is extremely helpful when preparing for the actual test.
6. CISSP All-in-One Exam Guide, Fifth Edition by Shon Harris
This CISSP certification book flows like a conversation. Shon Harris, the author, did a good job of gathering all the information domains needed for CISSP and discussing them in a less formal and often humorous way, instead of continuously inundating you with facts like you are a computer. The real world analogies included to explain processes are also spot on.
7. Eleventh Hour CISSP: Study Guide (Syngress Eleventh Hour) by Eric Conrad, Seth Misenar and Joshua Feldman
This CISSP certification book is well-suited for a a good review a few days after weeks or months of studying or as 24-48 hour review before your exam. The authors do a great job of separating the needed key information from the CBK for the exam, and they don’t waste your time with lengthy explanations.
8. CISSP Exam Cram (3rd Edition) by Michael Gregg
Pass the test on your first try after reviewing this CISSP certification book. It is a must-have for test preparation, with great material that teaches youexactly how to take the CISSP exam. Highly recommended, this study guide as a reference offers coverage and practice questions for every topic of the exam, including encryption, information lifecycles, cloud security, security management/governance, and others.
What is the format of the CISSP exam?
At the end of 2017, the format of the CISSP exam was changed. The latest version uses Computerized Adaptive Testing (CAT). With CAT, the exam is adapted to the examinee’s ability level during the test. Each subsequent question or set of questions is selected based on how you’ve performed on previous questions.
A bonus of this style of test is that you can prove your ability in less time. While the old-style CISSP exam took six hours to complete and comprised 250 questions, the new version lasts just three hours and you can expect to answer 100-150 questions.
What are CPEs and how does the system work?
Continuing Professional Education credits, referred to as CPEs, are awarded for education and training related to your field. They are required for maintaining your CISSP certification. You should earn 40 CPEs each year for a total of 120 in your three-year certification cycle.
You can earn CPEs by studying for the CISSP exam, including by taking the training programs above. Unfortunately, (ISC)2 is not very forthcoming when it comes to information about the specifics of earning CPEs through exam study. Going by the information provided in official (ISC)2 forums, it is generally accepted that you can claim a maximum of 30 CPEs for “self-study” for the CISSP exam.