17 Books & Resources to read for the CISSP Certification
Planning study prep for an exam as tough as the CISSP can be a daunting task indeed. Which is why we’ve prepared a handy list of the absolute best books to read as you study.
Let’s get started!
What Is The CISSP Exam?
To acquire the CISSP certification, you should have five years of professional InfoSec experience and should be endorsed by another CISSP certified professional. You can get a one-year waiver if you have a four-year degree or obtain (ISC)2 approved credentials. The exam consists of 250 multiple-choice questions. You need to score 70% or above to pass the exam.
Before You Begin: Key Points To Note Before You Start Building Your Library!
- The CISSP Examination has changed for 2015! The exam has been updated to stay relevant amidst the changes occurring in the Info Sec field, and refreshed technical content has been added to the Official (ISC)² CISSP CBK to reflect the most current topics in the information security industry today. CISSP prep textbooks published after April\May, 2015 cover the expanded, updated syllabus –make your choices wisely, and don't depend on obsolete text books!
- Print edition, electronic edition, or online resources? Paperback editions are put through a longer, more rigorous vetting and design process, and in our opinion, if it came to choosing one type over another, the paperback would win-any day!
- Common Book of Knowledge (CBK) material is offered by the (ISC)² -visit their website regularly for details and schedules of training programs, seminars, etc.
- When applying for the exam, proper sign-off on professional experience is important –get a certificate or a letter of recommendation that serves as verification of relevant work experience.
- Beware: the CISSP exam is a grueling, 6+ hour affair! If you are not much of a sedentary person, you may need to train yourself to stay in top intellectual shape for hours on end, with only 10-20 minute breaks in between.
What Should Be The Nature Of My Preparation?
- The CISSP exam is all about terminologies and trivia! Although experience is mandatory to sit the exam, functional knowledge is rarely put to the test on the exam –mug up those terminologies, acronyms, and definitions to maximize your scores!
- Give the above, tools that aid in effective memorization –such as brain dumps and mind-maps- are invaluable resources during prep.
How Much Time Should I Devote To CISSP Exam Prep?
- Risk management professionals find 60-70 hours of time for preparation quite adequate to clear the CISSP exam
- IT professionals would need less time – 40-50 hours of study should suffice to clear the exam.
- ISC2 material is a must for professionals of all backgrounds.
Now that we’ve got that out of the way, without further ado: here are the best recommendations on resources to tap into for your CISSP certification!
NOTE: Don't forget to scroll to the bottom for 5 free resources in addition to the 12 book recommendations on our list!
In at number 12 is…
12. An Easy Guide To CISSP
Among the most recent additions to this list, Austin Songer’s Easy Guide: CISSP is an independently published accompaniment to a full-blown CISSP textbook.
- At 100 pages, it is one of the shortest books available on the market for CISSP aspirants
- Not updated for CISSP 2015!
- Untested: the first edition of the book was published in 2015 and has not yet picked up traction among aspirants.
11. CISSP In 3 Weeks: The CISSP DIY Manual
Authored by Security Engineer Nichel James, this Do-It-Yourself ‘kit’ is meant as an advice manual for professionals preparing for the CISSP examination –not as a guide!
- Good, useful, actionable insights and information on the dos and do-nots when studying for the exam.
- Kindle edition: with a subscription to Amazon Prime or Kindle Unlimited, you can download this book for free.
- Length: at 28 pages, this ‘manual’ is little more than a glorified blogpost on how to prepare for the CISSP exam.
- Target group: this manual is meant only for professionals with at least 4 or more years in the IT security domain.
- Some irrelevant information: the instruction manual also covers such topics as nutrition and health, for the benefit of candidates preparing for one of the toughest and most elaborate examinations in the world.
10. ExamFOCUS CISSP Exam Study Notes
Part of the ExamFOCUS No Frills series of publications, this book is a concise compendium of study notes and practice questions for candidates preparing for the CISSP exam.
- Concisely formatted and presented
- Not updated for CISSP 2015! Despite the misleading title on the store page, the ExamFOCUS study notes have not been updated for the latest iteration of the examination.
- No substitute for a textbook or guide.
- Much of the content presented in the book is freely available in the public domain.
9. CISSP For Dummies
Part of the For Dummies series of books, CISSP for Dummies is authored by Lawrence C. Miller.
- Easy, accessible, pick-up-and-read approach.
- Comes with access to the Dummies online portal and test engine.
- The book has not been updated since 2012.
8. Eleventh Hour CISSP: Study Guide
As the name suggests, Eleventh Hour CISSP study guide is designed to help readers who want to prepare quickly for the exam. Also authored by Eric Conrad, Seth Misenar and Joshua Feldman, this guide focuses purely upon the core elements of the exam.
- Important concepts are concisely presented while key elements are highlighted for last minute study.
- Answers some of the toughest questions on the exams.
- Zero fluff: all substance!
- Perfect for revision the week before the exam.
- This refresher is not a substitute for a textbook.
- Not updated for CISSP 2015! The authors suggest the title will be updated after the Study Guide is released, but release dates are as TBA.
7. CISSP Exam Cram, 3rd edition
Written by security consultant and COO of Superior Solutions, Michael Gregg, this book is intended as a refresher for aspirants who have already prepared for the exam, a la the Eleventh Hour guide.
- Includes a cram sheet to help candidates memorize the most important bits for the exam
- Comes with tons of quizzes
- Length: at 640 pages, is relatively compact
- Errata: a common complaint with this book is with the number of mistakes that have made their way onto the final, published version, including incorrectly marked answers to several questions
- Electronic content on the CDROM is of limited use.
- Not a one-stop solution. Like the Eleventh Hour guide, this book cannot serve as a comprehensive textbook for test-prep.
- Not updated for CISSP 2015!
6. The NIST’s Security And Privacy Controls Special Publication, 800-53, Revision 4
Freely available and downloadable, the set of NIST guidelines for information security and privacy control covers many of the topics for the CISSP exam.
- This NIST publication is an authentic, authoritative resource.
- No-nonsense approach and uncluttered formatting.
- This publication is intended more as a reference for security specialists than for CISSP exam-takers and, as such, will not serve as substitute for an actual CISSP guide or textbook.
Download your copy of the guide from NIST’s site here.
5. CISSP Cert Guide
Authored by Kaplan’s IT certification experts Troy McMillan and Robin Abernathy, the CISSP Cert guide is a straightforward, no-nonsense guide to the examination.
- Written in an accessible, easy-to-comprehend style.
- Operational, cryptographic and personal security are explained in detail.
- Geared for exam prep.
- Utility as post-exam reference: because the guide is targeted almost exclusively at aspirants looking to clear the CISSP examination, its utility as a reference for CISSP specialists in the field is patchy, at best.
4. The CISSP All In One Exam Guide, by Shon Harris
The CISSP All-in-One Exam Guide is a CISSP certification best-seller from Shon Harris, the world’s foremost expert in IT security certification and training.
- Thorough, comprehensive, and authoritative, the All In One guide covers all 10 CISSP exam domains developed by the International Information Systems Security Certification Consortium (ISC2). The book features learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations.
- The All In One CISSP exam guide covers all 10 (old) CISSP domains, including:
- Information security governance and risk management
- Access control
- Security architecture and design
- Physical and environmental security
- Telecommunications and network security
- Business continuity and disaster recovery
- Legal, regulations, compliance, and investigations
- Software development security
- Security operations
A digital eBook and a video training module are also available with the paperback edition. The package comes with 1400+ practice exam questions that run in a Windows-based test engine. The content and layout is professionally organized.
- The 7th edition of the book, incorporating the changes to the CISSP exam for 2015, is not due for release until May, 2016
- The prolific author of the series of books, Shon Harris, passed in 2014, and subsequent editions will lack her expert attention or, worse, may not be updated in time.
- At 1486 pages, the book is a handful, and some aspirants feel the text is too verbose and detailed to be of much use to someone preparing for the CISSP exam
- Some material covered by the book is outside the scope of the exam.
- The humour in the book does not work for everyone!
Keep checking the book’s Amazon store-page for updates.
3. CISSP: Certified Information Systems Security Professional Study Guide (Sybex)
Jointly authored by James Stewart, Mike Chapple, and Darril Gibson, this book is the perfect starting point for your CISSP preparation.
- This edition of the Sybex guide has been updated for the 2015 CISSP exam format! The guide covers all the 2015 CISSP candidate information bulletin objectives, including Access Control, Application Development Security, Business Continuity and Disaster Recovery Planning, and Cryptography.
- The package includes a access to Sybex’s interactive online learning environment with:
- 1400+ practice questions and 1000+ electronic flashcards
- Searchable key term glossary
- Sybex’s interactive test engine
- A comprehensive guide to preparing for the CISSP Certification, updated for the 2015 CISSP exam format
- Includes objective maps and real-world scenario tests.
- Coverage of 100% of all exam objectives for CISSP 2015, including:
- Security and Risk Management
- Asset Security
- Security Engineering
- Communication and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
- Interactive learning environment
- Pages: 1080
- The Sybex guide is easier to plow through than Shon Harris’ All In One, but that may not be to everybody’s liking.
2. Official (ISC)² Guide to the CISSP CBK, Fourth Edition [(ISC)² Press]
This guide is prepared by the organization that conducts the CISSP exam and awards the certification, ISC2.
- Authenticity: this book is the only official guide to the CISSP exam on the market.
- Up-to-date: the CBK is fully updated with the 2015 changes to the exam
- Comprehensive: covers all eight domains in great detail
- The content of this book is endorsed by CISSP experts and practitioners from all over the world
- Poorly formatted: it appears the most recent edition of the book was designed in some haste, and ships with missing pages, improperly edited language, duplicated content, and problematic formatting.
- Unnecessarily verbose: a chief complaint with most aspirants is that the book rambles on about several topics without adding much of value or substance.
- Often called the ‘brick’, the CBK guide is perhaps a bit too detailed: a common complaint among aspirants is the relatively inaccessible nature of the language, and the attendant verbosity.
1. The CISSP Study Guide
Topping our list is this Eric Conrad, Seth Misenar, and Joshua Feldman co-authored best-seller. Well-written, just the right length for exam preppers, The CISSP Study Guide is hugely popular with CISSP aspirants as a solid and dependable resource for CISSP.
- At 600 pages, this study guide is briefer –and easier to finish- than most!
- Seasoned authors: with all three authors bringing their considerable experience in the IT Security domain to bear, this book benefits from the combined expertise of three of the most accomplished and qualified experts in CISSP.
- Comprehensive without being intimidating: unlike the CBK, this book offers a good treatment of all the topics covered for the CISSP exam and beyond –but does not overdo the technical aspects.
- Length: the book’s brevity has meant many aspirants feel the need to refer to other guides in addition –in order to be able to complete the entirety of the CISSP syllabus.
- Not updated for CISSP 2015, yet! The third edition of the book is not due for release until November, 2015: but you can be sure it will blow some of the other titles on our list out of the water, when it hits the shelves in November!
Practice Test Resources
CISSP Practice Exams, Second Edition
- Excellent resource for practice tests.
- Over 1000 questions are hosted on the online environment, access to which is part of the purchase.
- Comes with 30 additional hours of audio training by Shon Harris.
- Not updated for CISSP 2015!
- Under new authorship.
You may purchase the book here.
CISSP Exam Prep Questions, Answers & Explanations: 1000+ CISSP Practice Questions with Detailed Solutions
- 1000+ realistic sample questions
- 19 condensed mock exams
- Pronounced focus on helping candidates pass the exam on the first attempt!
- Based on the CISSP Book of Knowledge
- Updated for CISSP, 2015!
- Ultimately, this book is only meant as a practice test resource, and must be utilized in conjunction with a textbook.
- Some of the practice questions fall outside the scope of the syllabus for the CISSP exam.
- Simplilearn’s Resources Library: This free resources repository contains high-quality articles, eBooks, practice tests, and video clips for CISSP professionals and aspirants looking to get certified. Feel free to drop in, browse, and download to your heart’s content here!
- Sunflower CISSP study guide: an old favourite, the Sunflower CISSP guide is a comprehensive, neatly-organized, and colour-coded set of study cards for the CISSP examination. Categorized by domain, each section lists out all the topics covered under a given heading, and includes a Things to Know summary at the end. Download it here.
- Reddit’s CISSP community: reddit’s CISSP community offers the chance to meet and interact with fellow CISSP aspirants and professionals who work in the domain from across the world. Sign-up here to start posting!
- The CCCure Community: Another old favourite, CCCure.org is a useful website that offers tons of CISSP exam resources and practice questions. You can download study guides and other resources for free, as well as take customized quizzes to sharpen your prep.
- Yasna.com: this free test offered by Yasna.com is a huge hit with CISSP candidates. Every IP gets one-day to finish and submit the simulation exam. You can take the test here.
Like this list? What resources do YOU think are a must for CISSP aspirants? Let us know in the comments section below!
About the On-Demand Webinar
About the Webinar