Study Plan

CISSP – Study Plan

A 12-week expert plan for the CISSP exam. Master the 8 domains of security and risk management, asset security, security architecture, and more.

ISC2CISSPExperienced security practitioners with 5+ years in at least 2 domains11-Apr-202630 views

11 WeeksDuration

~120 hrsTotal Study Time

3 ModesRookie·Challenger·Legend

Stay consistent by setting a target date for this certification.

Set target

How to use this plan

1Start each week by reading the official (ISC)² study guide and reviewing domain objectives.
2Take ExamOS quizzes in the recommended mode:
3Repeat the weekly Challenger quiz until you pass it 2–3 times in a row.
4Only move to Legend mode after you have consistent Challenger passes.

Rookie ModeChallenger ModeLegend Mode

Week-by-Week Breakdown

Week 1

Security & Risk Management

Topics

CIA triad, confidentiality, integrity, availability
Governance, policies, standards, procedures
Risk management (identification, assessment, treatment)
Compliance, legal, and regulatory issues

Activities

Review the (ISC)² Code of Ethics.
Perform a qualitative risk assessment for a sample scenario.
Take ExamOS Rookie mode quiz (30 questions) on Security & Risk Management.

Week 2

Asset Security

Topics

Data classification (confidential, internal, public)
Data lifecycle (creation, storage, use, sharing, archival, destruction)
Retention policies and data sovereignty
Privacy protection (PII, PHI)

Activities

Create a data classification policy for a mock company.
Review GDPR and CCPA requirements.
Take ExamOS Challenger mode quiz on Asset Security.

Week 3

Security Architecture & Engineering

Topics

Secure design principles (defence in depth, least privilege, zero trust)
Encryption (symmetric, asymmetric, hashing)
PKI and certificate management
Database, cloud, and web security models

Activities

Design a secure network architecture diagram.
Compare encryption algorithms and their use cases.
Take ExamOS Challenger mode quiz on Security Architecture.

Week 4

Communication & Network Security

Topics

OSI and TCP/IP models
Secure network components (firewalls, IDS/IPS, VPN)
Network attacks (DoS, MITM, sniffing)
Wireless and remote access security

Activities

Configure a simple firewall rule set (conceptual).
Identify network attack vectors in a sample scenario.
Take ExamOS Challenger mode quiz on Network Security.

Week 5

Identity & Access Management (IAM)

Topics

Authentication factors (something you know/have/are)
Single sign‑on (SSO) and federation (SAML, OAuth, OpenID)
Access control models (DAC, MAC, RBAC, ABAC)
Identity lifecycle and provisioning

Activities

Map an IAM solution to a business scenario (e.g., cloud migration).
Compare RBAC vs. ABAC.
Take ExamOS Challenger mode quiz on IAM.

Week 6

Security Assessment & Testing

Topics

Vulnerability assessments vs. penetration testing
Security audit and logging
Test outputs (reports, remediation)
Business continuity and disaster recovery testing

Activities

Plan a vulnerability assessment program.
Interpret a sample penetration test report.
Take ExamOS Challenger mode quiz on Assessment & Testing.

Week 7

Security Operations

Topics

Incident response process (preparation, detection, containment, eradication, recovery, lessons learned)
Forensics and evidence handling
Patch and change management
Physical security (facilities, access controls)

Activities

Create an incident response plan template.
Practice chain of custody documentation.
Take ExamOS Challenger mode quiz on Security Operations.

Week 8

Software Development Security

Topics

Secure SDLC (SSDLC)
Common vulnerabilities (OWASP Top 10)
Security testing (SAST, DAST, IAST)
DevSecOps and CI/CD security

Activities

Review OWASP Top 10 for a sample application.
Map security activities to software development phases.
Take ExamOS Challenger mode quiz on Software Security.

Week 9

Full‑Domain Practice (Domains 1–4)

Topics

Cumulative review of first 4 domains
Time management for 125–175 questions (3 hours)

Activities

Take ExamOS Challenger mode full quizzes (all domains) – at least 2.
Review every incorrect answer.
Repeat until you pass 2 Challenger quizzes in a row.

Goal:Consistent >70% on first half.

Challenger Mode

Week 10

Full‑Domain Practice (Domains 5–8)

Topics

Cumulative review of domains 5–8
Time management

Activities

Take ExamOS Challenger mode full quizzes (all domains) – at least 2.
Identify persistent weak domains.
Repeat until you pass 2 Challenger quizzes in a row.

Goal:Consistent >70% on second half.

Challenger Mode

Week 11

Legend Mode & Exam Simulation

Topics

Full 3‑hour simulation (125–175 questions)
Adaptive exam style (CAT – Computerised Adaptive Testing)

Activities

Take ExamOS Legend mode full quizzes (80% hard) – at least 3.
Simulate the full exam length.
Review every incorrect answer.
Once you pass Legend mode twice in a row, schedule your real exam.

Consistent >80% on Legend mode.

Daily Study Routine

Suggested 2–3 Hour Day

Time	Activity
15 min	Review weak questions
90 min	Read (ISC)² official guide or video course
60 min	Practice with flashcards (concepts, frameworks)
30 min	ExamOS quiz
15 min	Review explanations

Stay consistent by setting a target date for this certification.

Set target

Share your feedback

CISSP – Study Plan

Security & Risk Management

Asset Security

Security Architecture & Engineering

Communication & Network Security

Identity & Access Management (IAM)

Security Assessment & Testing

Security Operations

Software Development Security

Full‑Domain Practice (Domains 1–4)

Full‑Domain Practice (Domains 5–8)

Legend Mode & Exam Simulation

Frequently Asked Questions

How many practice questions should I do?

What if I fail a Challenger quiz multiple times?

When should I book the real exam?