Study Plan

CISSP 6-Month Study Plan

CISSP (Certified Information Systems Security Professional)

24 weeks12 hrs/week
Domains 1-2
Weeks 1-5

Security & Risk Management, Asset Security

  • Read OSG chapters on risk management frameworks
  • Understand CIA triad and security governance
  • Study data classification and handling
  • Complete domain practice questions
Domains 3-4
Weeks 6-10

Security Architecture, Communication & Network

  • Deep dive into security models (Bell-LaPadula, Biba)
  • Master cryptography concepts and algorithms
  • Study OSI model and network security
  • Learn secure network architectures
Domains 5-6
Weeks 11-15

IAM, Security Assessment

  • Study authentication and access control models
  • Learn penetration testing methodology
  • Understand vulnerability assessments
  • Master audit and logging concepts
Domains 7-8
Weeks 16-20

Security Operations, Software Security

  • Study incident response and disaster recovery
  • Learn BCP/DRP planning and testing
  • Understand SDLC security integration
  • Study software vulnerabilities (OWASP Top 10)
Final Review
Weeks 21-24

Integration and practice

  • Take full-length practice exams weekly
  • Review all 8 domains holistically
  • Focus on 'think like a manager' mindset
  • Practice CAT-format questions
Recommended Resources

Books

  • Official (ISC)2 Study Guide (OSG)
  • 11th Hour CISSP
  • CISSP All-in-One (Shon Harris)

Practice Tests

  • Boson
  • Official ISC2 Practice Tests
  • Destination Certification MindMaps

Video Courses

  • Thor Teaches
  • Destination Certification
  • Kelly Handerhan (Cybrary)
Pro Tips
  • 1.Think like a security manager, not a technician
  • 2.Understand concepts over memorization
  • 3.The exam tests your ability to make decisions
  • 4.Practice explaining concepts to non-technical people

Ready to start studying?

Get the complete guide with tips, resources, and FAQs.

View CISSP (Certified Information Systems Security Professional) Guide