To ace the CISSP exam, especially concerning Risk Assessment, here's a breakdown of best practices you should master: 1. Understand Core Risk Management Concepts: - Risk Triad: Thoroughly grasp the relationship between threats, vulnerabilities, and assets. Remember: Threat x Vulnerability = Risk. - Confidentiality, Integrity, and Availability (CIA Triad): Understand how risk assessment aims to protect these fundamental security principles. - Risk Management Process: Familiarize yourself with the cyclical process: Identification: Recognizing assets, threats, and vulnerabilities. Analysis: Evaluating the likelihood and impact of risks. Evaluation: Prioritizing risks based on their severity. Treatment: Selecting and implementing controls (mitigate, accept, avoid, transfer). Monitoring and Review: Continuously tracking risks and the effectiveness of controls. 2. Master Risk Assessment Methodologies: - Qualitative Risk Assessment: Understand how to use descriptive scales (high, medium, low) to assess likelihood and impact. Be familiar with tools like probability/impact matrices. - Quantitative Risk Assessment: Know how to calculate potential financial losses using metrics like: Asset Value (AV) Exposure Factor (EF) Single Loss Expectancy (SLE = AV * EF) Annualized Rate of Occurrence (ARO) Annualized Loss Expectancy (ALE = SLE * ARO)   - Hybrid Approaches: Recognize that many real-world risk assessments combine qualitative and quantitative methods. 3. Know How to Identify and Value Assets: - Tangible vs. Intangible Assets: Understand the difference and how to value both (e.g., data, reputation, intellectual property). - Asset Classification: Be familiar with categorizing assets based on sensitivity and criticality to the business. Inaccurate valuation leads to ineffective controls. 4. Understand Threat and Vulnerability Analysis: - Threat Modeling: Learn techniques like STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) to identify potential threats.   - Vulnerability Assessments and Penetration Testing: Understand their purpose in identifying weaknesses. - Threat Intelligence: Recognize the importance of staying informed about current and emerging threats.

I took the CISSP this week and failed, I went through 150 questions with about 30 minutes left. I booked my next cert attempt for the end of July. One topic Above proficiency level, two at near, the rest below.

So I wrote my exam on Tuesday in NZ and thought I failed as I only answered 95 questions. Then received my notice to say I passed. This was a great relief as, based on what I understood, is if you answer less than 100 questions, it would indicate you failed. So if anyone else who does not get to 100 questions, do not panic until you have received your confirmation 😁.

I somehow passed the CISSP about an hour ago. I studied for roughly eight months using various resources. It felt like I got every question wrong. I wanted to thank this study group for the practice questions! Special thanks to @Fouad Ahmed @Vincent Primiani @Owen Chin! I also benefited from the few study group sessions I attended towards the end. Thanks @Claudie Aldridge and @Jolian Stephens ! Here is a jumbled list of the resources I used and probably forgot a few. Exam Questions Quantum Exams and cissprep.net (Very similar to the real exam questions) The Destination Certification App also comes with over a thousand free questions and flash cards that are somewhat like the exam LinkedIn Learning Practice Exams (pretty good) Books ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, 10th Edition by Mike Chapple (I read this whole book and used the companion site for questions) Official CISSP Practice Tests, 4th Edition by Mike Chapple (used the companion site for more questions) CISSP For Dummies, 8th Edition (used companion site for questions) Certified Information Systems Security Professional (CISSP) Exam Guide by Packt Publishing (has a website for questions) I purchased an e-book called CISSP: The Last Mile by Pete Zerger (the guy that does the exam cram videos) O'Reilly CISSP Certification and Cybersecurity Closer Look Labs (Video Collection) by Sari Greene I did one live bootcamp on O'Reilly with Dean Bushmiller and one with Sari Greene. Percipio I also did a live bootcamp on Percipio with Michael Shannon and watched his CISSP course videos. YouTube CISSP Exam Cram: https://www.youtube.com/playlist?list=PL7XJSuT7Dq_XPK_qmYMqfiBjbtHJRWigD Why you will pass the CISSP: https://www.youtube.com/watch?v=v2Y6Zog8h2A

I read the Destination Certification line by line first time, Second time I focused on all the lines I bookmarked while reading the first time, and also concentrated on the Highlight points in the book. Watched Dest cert mind map videos countless times, watched the Pete Zerg videos Full course, Cram and exam prep, Mike Chappelle videos, Cv Simpson videos, Cyber platter videos on YT, Tom Olzak, Think like a Manager, 2 CISSP live Boot camps. LearnzApp ( Good for testing knowledge ) Priya DW - (Udemy CISSP practice exam for exam difficulty) Pocket Prep ( Just for test of Knowledge ) OSG Wiley practice ( for Lengthy exam hours + Knowledge ) Dest Cert App ( Glossary prep exams ) Official OSG Book ( Read that but too cumbersome ) Strong emphasis on learning how to comprehend Context of questions in the exam Studied from Mid December to April, I was so close the first time in January. So yes that’s a summary of my Journey !