So what’s next? How do you identify the right CISSP books, CISSP study guides, and other resources you’ll need to build a study plan and get started on the path to information security expertise? Planning study prep for an exam as tough as the CISSP can be a daunting task indeed, which is why we’ve prepared a handy list of the absolute best books to read at every phase in the process.
Let’s get started!
What is The CISSP Exam?
The Certified Information Systems Security Professionals (CISSP) certification is a globally recognized standard in the field of Information Security. Governed by the International Information Systems Security Certification Consortium, also known as (ISC)², the CISSP certification empowers professionals to effectively design and manage security controls in a business environment.
To acquire the CISSP certification, you should have at least five years of professional information security experience and should be endorsed by another CISSP certified professional. You can get a one-year waiver if you have a four-year degree or obtain (ISC)2 approved credentials. The exam consists of 250 multiple-choice questions. You need to score 70% or above to pass the exam.
Before You Begin: Key Points To Note Before You Start Building Your Library!
Should you use print edition, electronic edition, or online resources? Paperback editions are put through a longer, more rigorous vetting and design process, and in our opinion, if it came to choosing one type over another, the paperback would win-any day!
Although freely available online resources are no match for a proper textbook, the following online CISSP resource is a must-read: Common Book of Knowledge (CBK) material is offered by the (ISC)². Visit their website regularly for details and schedules of training programs, seminars and more
Tips for Preparing for the CISSP Certification Exam
- When applying for the exam, proper sign-off on professional experience is important. Get a certificate or a letter of recommendation that serves as verification of relevant work experience.
- Beware: the CISSP exam is a grueling, 6+ hour affair! If you are not much of a sedentary person, you may need to train yourself to stay in top intellectual shape for several hours, with only 10-20 minute breaks in between.
- The CISSP exam is all about terminologies and trivia! Although experience is mandatory to take the exam, functional knowledge is rarely put to the test on the exam. Brush up on those terminologies, acronyms, and definitions to maximize your scores!
- Look into effective memorization tools such as brain dumps and mind-maps. They can be invaluable resources during prep.
How Much Time Should I Devote To CISSP Exam Prep?
A key point to note about the CISSP exam is that a tenuous mapping exists between the nature of the course material and the candidate’s professional background:
- Risk management professionals find 60-70 hours of time for preparation quite adequate to clear the CISSP exam
- IT professionals would need less time – 40-50 hours of study should suffice to clear the exam.
- ISC2 material is a must for professionals of all backgrounds.
And now, here are the top-recommended CISSP books, study guides and resources to tap into for your CISSP certification!
NOTE: Don't forget to scroll to the bottom for 5 free resources in addition to the 12 book recommendations on our list!
12. An Easy Guide To CISSP
Among the most recent additions to this list, Austin Songer’s Easy Guide: CISSP is an independently published accompaniment to a full-blown CISSP textbook.
- At 100 pages, it is one of the shortest books available on the market for CISSP aspirants.
- The first edition of the book was published in 2015 and has not yet picked up traction among aspirants.
11. CISSP In 3 Weeks: The CISSP DIY Manual
Authored by Security Engineer Nichel James, this do-it-yourself ‘kit’ is more of an advice manual for professionals preparing for the CISSP examination –not as a full-fledged guide.
- Good, useful, actionable insights and information on the dos and don’ts when studying for the exam.
- Kindle edition: with a subscription to Amazon Prime or Kindle Unlimited, you can download this book for free.
- Length: at 28 pages, it’s more of a summary on how to prepare for the CISSP exam.
- Target group: this manual targeted to professionals with at least four or more years in the IT security domain.
Some extraneous information: the instruction manual also covers such topics as nutrition and health, for the benefit of candidates preparing for one of the toughest and most elaborate examinations in the world.
10. ExamFOCUS CISSP Exam Study Notes
Part of the ExamFOCUS No Frills series of publications, this book is a concise compendium of study notes and practice questions for candidates preparing for the CISSP exam.
- Concisely formatted and presented
- The exam focus study notes have not been updated for the latest iteration of the examination.
- No substitute for a textbook or guide.
- Much of the content presented in the book is freely available in the public domain.
Get it here.
9. CISSP For Dummies
Part of the For Dummies series of books, CISSP for Dummies is authored by Lawrence C. Miller
- Easy, accessible, pick-up-and-read approach.
- Comes with access to the Dummies online portal and test engine.
- The book has not been updated since 2012.
8. Eleventh Hour CISSP: Study Guide
As the name suggests, the Eleventh Hour CISSP study guide is designed to help readers who want to prepare quickly for the exam. Also authored by Eric Conrad, Seth Misenar and Joshua Feldman, this guide focuses purely upon the core elements of the exam.
- Important concepts are concisely presented while key elements are highlighted for last-minute study.
- Answers some of the toughest questions on the exams.
- Zero fluff: all substance!
- Perfect for review the week before the exam.
- This refresher is not a substitute for a full textbook.
- The authors suggest the title will be updated after the Study Guide is released, but release dates are as TBA.
7. CISSP Exam Cram, 3rd edition
Written by security consultant and COO of Superior Solutions, Michael Gregg, this book is intended as a refresher for aspirants who have already prepared for the exam, a la the Eleventh Hour guide.
- Includes a cram sheet to help candidates memorize the most important bits for the exam
- Comes with tons of quizzes
- Length: at 640 pages, is relatively compact
- Errata: a common complaint with this book is with the number of mistakes that have made their way onto the final, published version, including incorrectly marked answers to several questions
- Electronic content on the CDROM is of limited use.
- Not a one-stop solution. Like the Eleventh Hour guide, this book cannot serve as a comprehensive textbook for test-prep.
6. The NIST’s Security And Privacy Controls Special Publication, 800-53, Revision 4
Freely available and downloadable, the set of NIST guidelines for information security and privacy control covers many of the topics for the CISSP exam.
- This NIST publication is an authentic, authoritative resource.
- No-nonsense approach and uncluttered formatting.
- This publication is intended more as a reference for security specialists than for CISSP exam-takers and, as such, will not serve as a substitute for an actual CISSP guide or textbook.
5. CISSP Cert Guide
Authored by Kaplan’s IT certification experts Troy McMillan and Robin Abernathy, the CISSP Cert Guide is a straightforward, no-nonsense guide to the examination.
- Written in an accessible, easy-to-comprehend style.
- Operational, cryptographic, and personal security are explained in detail.
- Geared for exam prep.
- Utility as post-exam reference: because the guide is targeted almost exclusively at aspirants looking to clear the CISSP examination, its utility as a reference for CISSP specialists in the field is patchy, at best.
4. The CISSP All In One Exam Guide, by Shon Harris
The CISSP All-in-One Exam Guide is a CISSP certification best-seller from Shon Harris, the world’s foremost expert in IT security certification and training.
- Thorough, comprehensive, and authoritative, the All In One guide covers all 10 CISSP exam domains developed by the International Information Systems Security Certification Consortium (ISC2). The book features learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations.
- The All In One CISSP exam guide covers all 10 (old) CISSP domains, including:
- Information security governance and risk management
- Access control
- Security architecture and design
- Physical and environmental security
- Telecommunications and network security
- Business continuity and disaster recovery
- Legal, regulations, compliance, and investigations
- Software development security
- Security operations
- At 1486 pages, the book is a handful, and some aspirants feel the text is too verbose and detailed to be of much use to someone preparing for the CISSP exam
- Some material covered by the book is outside the scope of the exam.
- The humor in the book does not work for everyone!
3. CISSP: Certified Information Systems Security Professional Study Guide (Sybex)
Jointly authored by James Stewart, Mike Chapple, and Darril Gibson, this book is the perfect starting point for your CISSP preparation.
- This edition of the Sybex guide has been updated for the 2015 CISSP exam format! The guide covers all the CISSP candidate information bulletin objectives, including Access Control, Application Development Security, Business Continuity and Disaster Recovery Planning, and Cryptography.
- The package includes access to Sybex’s interactive online learning environment with:
- 1400+ practice questions and 1000+ electronic flashcards
- Searchable key term glossary
- Sybex’s interactive test engine
- A comprehensive guide to preparing for the CISSP Certification, updated for the 2015 CISSP exam format
- Includes objective maps and real-world scenario tests.
- Coverage of 100% of all exam objectives for CISSP 2015, including:
- Security and Risk Management
- Asset Security
- Security Engineering
- Communication and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
- Interactive learning environment
- Pages: 1080
- The Sybex guide is easier to plow through than Shon Harris’ All In One but may not be to everybody’s liking.
2. Official (ISC)² Guide to the CISSP CBK, Fourth Edition [(ISC)² Press]
This guide is prepared by the organization that conducts the CISSP exam and awards the certification, ISC2.
This guide is prepared by the organization that conducts the CISSP exam and awards the certification, ISC2.
- Authenticity: this book is the only official guide to the CISSP exam on the market.
- Up-to-date: the CBK is fully updated with the 2015 changes to the exam
- Comprehensive: covers all eight domains in great detail
- The content of this book is endorsed by CISSP experts and practitioners from all over the world
- Poorly formatted: it appears the most recent edition of the book was designed in some haste, and ships with missing pages, improperly edited language, duplicated content, and problematic formatting.
- Unnecessarily verbose: a chief complaint with most aspirants is that the book rambles on about several topics without adding much of value or substance.
- Often called the ‘brick’, the CBK guide is perhaps a bit too detailed: a common complaint among aspirants is the relatively inaccessible nature of the language and the attendant verbosity.
1. The CISSP Study Guide
Topping our list is this Eric Conrad, Seth Misenar, and Joshua Feldman co-authored best-seller. Well-written, just the right length for exam preppers, The CISSP Study Guide is hugely popular with CISSP aspirants as a solid and dependable resource for CISSP.
- At 600 pages, this study guide is briefer – and easier to finish – than most!
- Seasoned authors: with all three authors bringing their considerable experience in the IT Security domain to bear, this book benefits from the combined expertise of three of the most accomplished and qualified experts in CISSP.
- Comprehensive without being intimidating: unlike the CBK, this book offers a good treatment of all the topics covered for the CISSP exam and beyond, but does not overdo the technical aspects.
- Length: the book’s brevity has meant many aspirants feel the need to refer to other guides to be able to complete the entirety of the CISSP syllabus.
Pre-order it here.
Practice Test Resources
CISSP Practice Exams, Second Edition
- An excellent resource for practice tests.
- Over 1000 questions are hosted on the online environment, access to which is part of the purchase.
- Comes with 30 additional hours of audio training by Shon Harris.
- Under new authorship.
- 1000+ realistic sample questions
- 19 condensed mock exams
- Pronounced focus on helping candidates pass the exam on the first attempt!
- Based on the CISSP Book of Knowledge
- Ultimately, this book is only meant as a practice test resource and must be utilized in conjunction with a textbook.
- Some of the practice questions fall outside the scope of the syllabus for the CISSP exam.
Get your copy here. Also, consider this set of flashcards by the same publisher (SSI Logic) that makes for a great accompaniment to the CISSP guide!
So there you have it! We know there is a lot of prep work to put into the CISSP exam, but taking the time to choose the right learning resources – and soaking in test-taking best practices – will pay off for you.Other resources:
- Simplilearn’s Resources Library: This free resource repository contains high-quality articles, eBooks, practice tests, and video clips for CISSP professionals and aspirants looking to get certified. Feel free to drop in, browse, and download to your heart’s content here!
- Sunflower CISSP study guide: an old favorite, the Sunflower CISSP guide is a comprehensive, neatly-organized, and color-coded set of study cards for the CISSP examination. Categorized by domain, each section lists out all the topics covered under a given heading and includes a “Things to Know” summary at the end. Download it here.
- Reddit’s CISSP community: Reddit's CISSP community offers the chance to meet and interact with fellow CISSP aspirants and professionals who work in the domain from across the world. Sign-up here to start posting!
- The CCCure Community: Another old favorite, CCCure.org is a useful website that offers tons of CISSP exam resources and practice questions. You can download study guides and other resources for free, as well as take customized quizzes to sharpen your prep.
- Yasna.com: This free test offered by Yasna.com is a huge hit with CISSP candidates. Every IP gets one-day to finish and submit the simulation exam. You can take the test here.