Introduction
Welcome to CISSP Passport! This book is focused on helping you to pass the Certified Information Systems Security Professional (CISSP) certification examination from the International Information System Security Certification Consortium, or (ISC)². The idea behind the Passport series is to give you a concise study guide for learning the key elements of the certification exam from the perspective of the required objectives published by (ISC)², in their CISSP Certification Exam Outline. Cybersecurity professionals can review the experience requirements set forth by (ISC)² at https://www.isc2.org/Certifications/CISSP/experience-requirements. The basic requirement is five years of cumulative paid work experience in two or more of the eight CISSP domains, or four years of such experience plus either a four-year college degree or an additional credential from the (ISC)² approved list. (ISC)² requires that you document this experience before you can be fully certified as a CISSP. For those candidates who do not yet meet the experience requirements, they may achieve Associate of (ISC)² status by passing the examination. Associates of (ISC)² are then allowed up to six years to accumulate the required five years of experience to become full CISSPs.
The eight domains and the approximate percentage of exam questions they represent are as follows:
• Security and Risk Management (15%)
• Asset Security (10%)
• Security Architecture and Engineering (13%)
• Communication and Network Security (13%)
• Identity and Access Management (IAM) (13%)
• Security Assessment and Testing (12%)
• Security Operations (13%)
• Software Development Security (11%)
CISSP Passport assumes that you have already studied long and hard for the CISSP exam and now just need a quick refresher before you take the exam. This book is meant to be a “no fluff” concise study guide with quick facts, definitions, memory aids, charts, and brief explanations. Because this guide gives you the key concepts and facts, and not the in-depth explanations surrounding those facts, you should not use this guide as your only study source to prepare for the CISSP exam. There are numerous books you can use for your deep studying, such as CISSP All-in-One Exam Guide, Ninth Edition, also from McGraw Hill.
I recommend that you use this guide to reinforce your knowledge of key terms and concepts and to review the broad scope of topics quickly in the final few days before your CISSP exam, after you’ve done all of your “deep” studying. This guide will help you memorize fast facts, as well as refresh your memory about topics you may not have studied for a while.
This guide is organized around the most recent CISSP exam domains and objectives released by (ISC)², which is May 1, 2021 at the time of writing this book. Keep in mind that (ISC)² reserves the right to change or update the exam objectives anytime at its sole discretion and without any prior notice, so you should check the (ISC)² website for any recent changes before you begin reading this guide and again a week or so before taking the exam to make sure you are studying the most updated materials.
The structure of this study guide parallels the structure of the eight CISSP domains published by (ISC)², presented in the same numerical order in the book, with individual domain objectives also ordered by objective number in each domain. Each domain in this guide is equivalent to a regular book chapter, so this guide has eight considerably large “chapters” with individual sections devoted to the objective numbers. This organization is intended to help you learn and master each objective in a logical way. Because some domain objectives overlap, you will see a bit of redundancy in topics discussed throughout the book; where this is the case, the topic is presented in its proper context within the current domain objective and you’ll see a cross-reference to the other objective(s) in which the same topic is discussed.
Each domain contains the following useful items to call out points of interest.
EXAM TIP Indicates critical topics you’re likely to see on the actual exam.
NOTE Points out ancillary but pertinent information, as well as areas for further study.
CAUTION Warns you of common pitfalls, misconceptions, and potentially harmful or risky situations when working with the technology in the real world.
Cross-Reference
Directs you to other places in the book where concepts are covered, for your reference.
ADDITIONAL RESOURCES Identifies where you can find books, websites, and other media for further assistance.
The end of each objective gives you two handy tools. The “Review” section provides a synopsis of the objective—a great way to quickly review the critical information. Then the “Questions” and “Answers” sections enable you to test your newly acquired knowledge. For further study, this book includes access to online practice exams that will help to prepare you for taking the exam itself. All the information you need for accessing the exam questions is provided in the appendix. I recommend that you take the practice exams to identify where you have knowledge gaps and then go back and review the relevant material as needed.
I hope this book is helpful to you not only in studying for the CISSP exam but also as a quick reference guide you’ll use in your professional life. Thanks for picking this book to help you study, and good luck on the exam!