John Wallhoff Summary of the 10 Domains

I wrote this summary as a part of the preparation for my CISSP exam. It is based on books and different sources found on the Internet. You may use it as a part of your preparation, but it doesn’t replace the CISSP seminars or books available. The summary covers all the ten Common Body of Knowledge Domains (CBK) that are required for the CISSP Exam. I have also added a page for related links and references that might be useful. This page is far from complete and there is a lot more to be found.

My recommendation to anyone planning to sit for the exam, is to make a study plan of your own. Some of you might have been involved in all of the domains already, but I guess most of you will find a few domains easier and other domains a bit harder. I studied for 2 1/2 month on my spare time (late in the evening when my kids went to bed), all the time uncertain if I
read too much or too little. I did pass the exam but still I don’t know if I read too much or too little.

During my preparation, I have seen questions about CISSP versus CISA. The focus of those two certifications is different. While CISSP is focused on building and maintain security, CISA is more focused on auditing and assessing risks and controls. Your choice of certification should be based on what you really want to work with. If you want to be a
security professional, CISSP is the choice. If you want to be an IT/IS auditor instead, then you should take CISA. As I’ve been an IT/IS auditor and now is an IS consultant, I ended up with both. So far I have used the knowledge supported by both CISA and CISSP.