Save money and study for and pass the CISSP for under one hundred dollars (excluding the cost of the test)
Official ISC2 CISSP Review (FREE)
This was an excellent start for me as it introduces the 8 security domains and lots of new security terminology.
Destination Certification (FREE)
Mind maps of each domain broken into smaller bits. I watched a lesson or two every morning while having coffee.
Boson Practice questions ($80 with discount)
This was the best tool I used to learn the material. It has a large question bank, but the real benefit is in the explanations that are provided for each answer. Boson retails at $99, but there's usually a 15% to 20% discount on the site.
FRSecure CISSP Mentor Program (FREE)
Free CISSP webinar. This course was very technical and perfect for me. I recommend going through towards the end of your studies.
Phone app with a decent question bank. Keeps stats on your progress. Great for doing quick quizzes.
Certification Station Discord (FREE)
Friendly community driven to help everyone. Tons of information on many different certifications. Has a #quiz-bot Channel. The command to start it is ?play
Very helpful community. Pass / Fail testing stories are inspiring.
2 well thought out questions and explanations per video. Another one I watched in the mornings.
Larry Greenblatt - https://www.youtube.com/watch?v=HWg2geVJuvs
Kelly Handerhan - https://www.youtube.com/watch?v=v2Y6Zog8h2A
Everything above teaches you the security terminology, the system processes, technical stuff, and the people responsible. That said, there are about 15 straightforward Boson-style questions at the beginning of the exam. After that, the test takes on a wordier scenario-based pattern. Almost as if a lawyer suddenly started writing the questions and bothered to spell out all the acronyms you've been studying. I found myself reading the questions 2 and 3 times just to decipher what it was actually asking. Once I figured that out, I eliminate 2 answers and take the 50/50 shot at what I have left.
Very few of my questions were super technical. Knowing your tech is important, but don't spend a ton of time memorizing encryption ciphers and key bits. If I had to take it again, I would focus more on memorizing key processes such as but not limited to:
Security Incident Response
Risk Management Framework
Software Development Lifecycle (SDLC) - I had a lot of SDLC questions.
Business Continuity Plan (BCP)
Business Impact Analysis
Capability Maturity Model (CMM)
Know your tech.
Know your processes.
Know who is responsible for what.
In today’s business world, nearly all companies rely on some form of technology. From using email to communicate with clients to storing sensitive data in the cloud, technology is a necessary part of day-to-day operations. However, with this reliance on technology comes an increased risk of cyberattacks and data breaches. That’s why it’s so important for companies to conduct regular IT risk assessments. Here are four reasons your company needs an IT risk assessment.