CISA and CISSP PreparationJuly 31, 2008
Recently I have received a number of questions seeking preparation tips and insights for the CISA and CISSP certifications. I hold both of these certifications, and passed them both on the first attempt using very different preparation approaches. I took the CISA first, and based on a few lessons learned, I radically changed my preparation plan for the CISSP.
FYI, the official preparation information, qualification requirements, exam requirements, etc. can be found at:
- Certified Information Systems Auditor (CISA) : http://www.isaca.org/cisa/
- Certified Information Systems Security Professional : https://www.isc2.org/cissp
Are You Ready ?
A few basic questions to ask yourself to gauge how ready you are:
- Do I meet the spirit, and not just the letter, of the experience requirements ?
- Has there been sufficient diversity in my experience ?
Five Step Approach to CISA or CISSP Exam Preparation
- Perform an initial benchmark and assessment of your readiness
- Read a “survey” level preparation guide cover to cover
- Perform a secondary benchmark, and compare your readiness
- Review official, or “deep dive”, preparation materials on areas identified as your weaknesses
- Re-benchmark, and repeat targeted reviews until ready