17 Books & Resources to read for the CISSP Certification

17 Books & Resources to read for the CISSP Certification

R Bhargav

Published on May 22, 2015

So you’ve decided to pursue a career in IT Security and are looking to get CISSP certified: maybe you’re drawn by the high-paying jobs on offer for certified CISSP professionals –last we heard, certified CISSP professionals get paid as much as $110,000+ an annum! 
But what next? How do you draw up a list of the books and resources you would need to incorporate into your study plans? Which books do you refer to at each stage of your preparation –and which to avoid?
Planning study prep for an exam as tough as the CISSP can be a daunting task indeed. Which is why we’ve prepared a handy list of the absolute best books to read as you study.

Let’s get started!

What Is The CISSP Exam?

The Certified Information Systems Security Professionals (CISSP) certification is a globally recognized standard in the field of Information Security. Governed by the International Information Systems Security Certification Consortium, also known as (ISC)², the CISSP certification empowers professionals to effectively design and manage security controls in a business environment.
To acquire the CISSP certification, you should have five years of professional InfoSec experience and should be endorsed by another CISSP certified professional. You can get a one-year waiver if you have a four-year degree or obtain (ISC)2  approved credentials. The exam consists of 250 multiple-choice questions. You need to score 70% or above to pass the exam.
Before You Begin: Key Points To Note Before You Start Building Your Library!
  • The CISSP Examination has changed for 2015! The exam has been updated to stay relevant amidst the changes occurring in the Info Sec field, and refreshed technical content has been added to the Official (ISC)² CISSP CBK to reflect the most current topics in the information security industry today. CISSP prep textbooks published after April\May, 2015 cover the expanded, updated syllabus –make your choices wisely, and don't depend on obsolete text books!
  • Print edition, electronic edition, or online resources? Paperback editions are put through a longer, more rigorous vetting and design process, and in our opinion, if it came to choosing one type over another, the paperback would win-any day!
Although freely available online resources are no match for a proper textbook, the following resources are must -reads:
  • Common Book of Knowledge (CBK) material is offered by the (ISC)² -visit their website regularly for details and schedules of training programs, seminars, etc.
  • When applying for the exam, proper sign-off on professional experience is important –get a certificate or a letter of recommendation that serves as verification of relevant work experience.
  • Beware: the CISSP exam is a grueling, 6+ hour affair! If you are not much of a sedentary person, you may need to train yourself to stay in top intellectual shape for hours on end, with only 10-20 minute breaks in between.

What Should Be The Nature Of My Preparation?

  • The CISSP exam is all about terminologies and trivia! Although experience is mandatory to sit the exam, functional knowledge is rarely put to the test on the exam –mug up those terminologies, acronyms, and definitions to maximize your scores!
  • Give the above, tools that aid in effective memorization –such as brain dumps and mind-maps- are invaluable resources during prep.

How Much Time Should I Devote To CISSP Exam Prep?

A key point to note about the CISSP exam is that a tenuous mapping exists between the nature of the course material to be used and the candidate’s professional background:
  • Risk management professionals find 60-70 hours of time for preparation quite adequate to clear the CISSP exam
  • IT professionals would need less time – 40-50 hours of study should suffice to clear the exam.
  • ISC2 material is a must for professionals of all backgrounds.
Now that we’ve got that out of the way, without further ado: here are the best recommendations on resources to tap into for your CISSP certification!

NOTE: Don't forget to scroll to the bottom for 5 free resources in addition to the 12 book recommendations on our list!
In at number 12 is…

12. An Easy Guide To CISSP


Among the most recent additions to this list, Austin Songer’s Easy Guide: CISSP is an independently published accompaniment to a full-blown CISSP textbook.

The Ayes

  • At 100 pages, it is one of the shortest books available on the market for CISSP aspirants
The Nays
  • Not updated for CISSP 2015!
  • Untested: the first edition of the book was published in 2015 and has not yet picked up traction among aspirants.
Get the book here.

11. CISSP In 3 Weeks: The CISSP DIY Manual



Authored by Security Engineer Nichel James, this Do-It-Yourself ‘kit’ is meant as an advice manual for professionals preparing for the CISSP examination –not as a guide!
The Ayes

  • Good, useful, actionable insights and information on the dos and do-nots when studying for the exam.
  • Kindle edition: with a subscription to Amazon Prime or Kindle Unlimited, you can download this book for free.
The Nays
  • Length: at 28 pages, this ‘manual’ is little more than a glorified blogpost on how to prepare for the CISSP exam.
  • Target group: this manual is meant only for professionals with at least 4 or more years in the IT security domain.
  • Some irrelevant information: the instruction manual also covers such topics as nutrition and health, for the benefit of candidates preparing for one of the toughest and most elaborate examinations in the world.
Get the DIY manual here.

10. ExamFOCUS CISSP Exam Study Notes



Part of the ExamFOCUS No Frills series of publications, this book is a concise compendium of study notes and practice questions for candidates preparing for the CISSP exam.
The Ayes

  • Concisely formatted and presented
The Nays
  • Not updated for CISSP 2015! Despite the misleading title on the store page, the ExamFOCUS study notes have not been updated for the latest iteration of the examination.
  • No substitute for a textbook or guide.
  • Much of the content presented in the book is freely available in the public domain.
Get it here.

9. CISSP For Dummies



Part of the For Dummies series of books, CISSP for Dummies is authored by Lawrence C. Miller.
The Ayes

  • Easy, accessible, pick-up-and-read approach.
  • Comes with access to the Dummies online portal and test engine.
The Nays
  • The book has not been updated since 2012.
Get it here!

8. Eleventh Hour CISSP: Study Guide

Number 8

As the name suggests, Eleventh Hour CISSP study guide is designed to help readers who want to prepare quickly for the exam. Also authored by Eric Conrad, Seth Misenar and Joshua Feldman, this guide focuses purely upon the core elements of the exam.

The Ayes

  • Important concepts are concisely presented while key elements are highlighted for last minute study.
  • Answers some of the toughest questions on the exams.
  • Zero fluff: all substance!
  • Perfect for revision the week before the exam.
The Nays
  • This refresher is not a substitute for a textbook.
  • Not updated for CISSP 2015! The authors suggest the title will be updated after the Study Guide is released, but release dates are as TBA.
Get it on Amazon.com here.

7. CISSP Exam Cram, 3rd edition 

Number 7

Written by security consultant and COO of Superior Solutions, Michael Gregg, this book is intended as a refresher for aspirants who have already prepared for the exam, a la the Eleventh Hour guide.
The Ayes

  • Includes a cram sheet to help candidates memorize the most important bits for the exam
  • Comes with tons of quizzes
  • Length: at 640 pages, is relatively compact
The Nays
  • Errata: a common complaint with this book is with the number of mistakes that have made their way onto the final, published version, including incorrectly marked answers to several questions
  • Electronic content on the CDROM is of limited use.
  • Not a one-stop solution. Like the Eleventh Hour guide, this book cannot serve as a comprehensive textbook for test-prep.
  • Not updated for CISSP 2015!
You can get the 2nd edition of the book here.

6. The NIST’s Security And Privacy Controls Special Publication, 800-53, Revision 4

Number 6

Freely available and downloadable, the set of NIST guidelines for information security and privacy control covers many of the topics for the CISSP exam.
The Ayes

  • This NIST publication is an authentic, authoritative resource.
  • No-nonsense approach and uncluttered formatting.
The Nays
  • This publication is intended more as a reference for security specialists than for CISSP exam-takers and, as such, will not serve as substitute for an actual CISSP guide or textbook.
Download your copy of the guide from NIST’s site here.

5. CISSP Cert Guide

Number 5

Authored by Kaplan’s IT certification experts Troy McMillan and Robin Abernathy, the CISSP Cert guide is a straightforward, no-nonsense guide to the examination.

The Ayes

  • Written in an accessible, easy-to-comprehend style.
  • Operational, cryptographic and personal security are explained in detail.
  • Geared for exam prep.
The Nays
  • Utility as post-exam reference: because the guide is targeted almost exclusively at aspirants looking to clear the CISSP examination, its utility as a reference for CISSP specialists in the field is patchy, at best.
Get the book here.

4. The CISSP All In One Exam Guide, by Shon Harris

Number 4

The CISSP All-in-One Exam Guide is a CISSP certification best-seller from Shon Harris, the world’s foremost expert in IT security certification and training.
The Ayes

  • Thorough, comprehensive, and authoritative, the All In One guide covers all 10 CISSP exam domains developed by the International Information Systems Security Certification Consortium (ISC2). The book features learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations.
  • The All In One CISSP exam guide covers all 10 (old) CISSP domains, including:
    • Information security governance and risk management
    • Access control
    • Security architecture and design
    • Physical and environmental security
    • Telecommunications and network security
    • Cryptography
    • Business continuity and disaster recovery
    • Legal, regulations, compliance, and investigations
    • Software development security
    • Security operations
A digital eBook and a video training module are also available with the paperback edition. The package comes with 1400+ practice exam questions that run in a Windows-based test engine. The content and layout is professionally organized.
The nays
  • The 7th edition of the book, incorporating the changes to the CISSP exam for 2015, is not due for release until May, 2016
  • The prolific author of the series of books, Shon Harris, passed in 2014, and subsequent editions will lack her expert attention or, worse, may not be updated in time.
  • At 1486 pages, the book is a handful, and some aspirants feel the text is too verbose and detailed to be of much use to someone preparing for the CISSP exam
  • Some material covered by the book is outside the scope of the exam.
  • The humour in the book does not work for everyone!
Keep checking the book’s Amazon store-page for updates.

3. CISSP: Certified Information Systems Security Professional Study Guide (Sybex)

Number 3

Jointly authored by James Stewart, Mike Chapple, and Darril Gibson, this book is the perfect starting point for your CISSP preparation.
The Ayes

  • This edition of the Sybex guide has been updated for the 2015 CISSP exam format! The guide covers all the 2015 CISSP candidate information bulletin objectives, including Access Control, Application Development Security, Business Continuity and Disaster Recovery Planning, and Cryptography.
  • The package includes a access to Sybex’s interactive online learning environment with:
    • 1400+ practice questions and 1000+ electronic flashcards
    • Searchable key term glossary
    • Sybex’s interactive test engine
    • A comprehensive guide to preparing for the CISSP Certification, updated for the 2015 CISSP exam format
  • Includes objective maps and real-world scenario tests.
  • Coverage of 100% of all exam objectives for CISSP 2015, including:
    • Security and Risk Management
    • Asset Security
    • Security Engineering
    • Communication and Network Security
    • Identity and Access Management
    • Security Assessment and Testing
    • Security Operations
    • Software Development Security
    • Interactive learning environment
  • Pages: 1080
The Nays
  • The Sybex guide is easier to plow through than Shon Harris’ All In One, but that may not be to everybody’s liking.
Pre-order the book here.

2. Official (ISC)² Guide to the CISSP CBK, Fourth Edition [(ISC)² Press]

Number 2

This guide is prepared by the organization that conducts the CISSP exam and awards the certification, ISC2.
The Ayes

  • Authenticity: this book is the only official guide to the CISSP exam on the market.
  • Up-to-date: the CBK is fully updated with the 2015 changes to the exam
  • Comprehensive: covers all eight domains in great detail
  • The content of this book is endorsed by CISSP experts and practitioners from all over the world
  • Pages:
  • Price:
The Nays
  • Poorly formatted: it appears the most recent edition of the book was designed in some haste, and ships with missing pages, improperly edited language, duplicated content, and problematic formatting.
  • Unnecessarily verbose: a chief complaint with most aspirants is that the book rambles on about several topics without adding much of value or substance.
  • Often called the ‘brick’, the CBK guide is perhaps a bit too detailed: a common complaint among aspirants is the relatively inaccessible nature of the language, and the attendant verbosity.
Get it here.

1. The CISSP Study Guide

Number 1

Topping our list is this Eric Conrad, Seth Misenar, and Joshua Feldman co-authored best-seller. Well-written, just the right length for exam preppers, The CISSP Study Guide is hugely popular with CISSP aspirants as a solid and dependable  resource for CISSP.

The Ayes

  • At 600 pages, this study guide is briefer –and easier to finish- than most!
  • Seasoned authors: with all three authors bringing their considerable experience in the IT Security domain to bear, this book benefits from the combined expertise of three of the most accomplished and qualified experts in CISSP.
  • Comprehensive without being intimidating: unlike the CBK, this book offers a good treatment of all the topics covered for the CISSP exam and beyond –but does not overdo the technical aspects.
The Nays:
  • Length: the book’s brevity has meant many aspirants feel the need to refer to other guides in addition –in order to be able to complete the entirety of the CISSP syllabus.
  • Not updated for CISSP 2015, yet! The third edition of the book is not due for release until November, 2015: but you can be sure it will blow some of the other titles on our list out of the water, when it hits the shelves in November!
Pre-order it here.

Practice Test Resources

CISSP Practice Exams, Second Edition

CISSP Practice Exams is a companion for the Shon Harris best seller, CISSP All-in-One Exam Guide. While it covers all ten of the old domains of ISC2, it also allows you to customize your prep based on analyses of practice test performance.
The Ayes
  • Excellent resource for practice tests.
  • Over 1000 questions are hosted on the online environment, access to which is part of the purchase.
  • Comes with 30 additional hours of audio training by Shon Harris.
The Nays
  • Not updated for CISSP 2015!
  • Under new authorship.

You may purchase the book here.

CISSP Exam Prep Questions, Answers & Explanations: 1000+ CISSP Practice Questions with Detailed Solutions

This book from SSI Logic is the perfect resource to put your prep to test since it provides a large pool of questions at a similar level of difficulty and reasoning as questions on the actual CISSP exam.

The Ayes
  • 1000+ realistic sample questions
  • 19 condensed mock exams
  • Pronounced focus on helping candidates pass the exam on the first attempt!
  • Based on the CISSP Book of Knowledge
  • Updated for CISSP, 2015!
The Nays
  • Ultimately, this book is only meant as a practice test resource, and must be utilized in conjunction with a textbook.
  • Some of the practice questions fall outside the scope of the syllabus for the CISSP exam.
Get your copy here. Also consider this set of flashcards by the same publisher (SSI Logic) that make for a great accompaniment to the CISSP guide!

Other resources:
  1. Simplilearn’s Resources Library: This free resources repository contains high-quality articles, eBooks, practice tests, and video clips for CISSP professionals and aspirants looking to get certified. Feel free to drop in, browse, and download to your heart’s content here!
  2. Sunflower CISSP study guide: an old favourite, the Sunflower CISSP guide is a comprehensive, neatly-organized, and colour-coded set of study cards for the CISSP examination. Categorized by domain, each section lists out all the topics covered under a given heading, and includes a Things to Know summary at the end. Download it here.
  3. Reddit’s CISSP community: reddit’s CISSP community offers the chance to meet and interact with fellow CISSP aspirants and professionals who work in the domain from across the world. Sign-up here to start posting!
  4. The CCCure Community: Another old favourite, CCCure.org is a useful website that offers tons of CISSP exam resources and practice questions. You can download study guides and other resources for free, as well as take customized quizzes to sharpen your prep.
  5. Yasna.com: this free test offered by Yasna.com is a huge hit with CISSP candidates. Every IP gets one-day to finish and submit the simulation exam. You can take the test here.

Like this list? What resources do YOU think are a must for CISSP aspirants? Let us know in the comments section below! 

About the Author

An experienced process analyst at Simplilearn, the author specializes in adapting current quality management best practices to the needs of fast-paced digital businesses. An MS in MechEng with over eight years of professional experience in various domains, Bhargav was previously associated with Paradox Interactive, The Creative Assembly, and Mott MacDonald LLC.


... ...



Published on {{detail.created_at| date}} {{detail.duration}}

  • {{detail.date}}
  • Views {{detail.downloads}}
  • {{detail.time}} {{detail.time_zone_code}}



About the On-Demand Webinar

About the Webinar

Hosted By





About the E-book

View On-Demand Webinar

Register Now!

First Name*
Last Name*
Phone Number*

View On-Demand Webinar

Register Now!

Webinar Expired

Download the Ebook

{{ queryPhoneCode }}
Phone Number {{ detail.getCourseAgree?'*':'(optional)'}}

Show full article video

About the Author


About the Author