Share your feedback
Checking sign-in status...
Study Plan
CISSP – Study Plan
A 12-week expert plan for the CISSP exam. Master the 8 domains of security and risk management, asset security, security architecture, and more.
ISC2CISSPExperienced security practitioners with 5+ years in at least 2 domains11-Apr-20264 views Start date: _______________Target exam date: _______________
3 ModesRookie·Challenger·Legend Stay consistent by setting a target date for this certification.
Set targetHow to use this plan
- 1Start each week by reading the official (ISC)² study guide and reviewing domain objectives.
- 2Take ExamOS quizzes in the recommended mode:
- 3Repeat the weekly Challenger quiz until you pass it 2–3 times in a row.
- 4Only move to Legend mode after you have consistent Challenger passes.
Rookie ModeChallenger ModeLegend Mode
Week 1
Security & Risk Management
Topics
- CIA triad, confidentiality, integrity, availability
- Governance, policies, standards, procedures
- Risk management (identification, assessment, treatment)
- Compliance, legal, and regulatory issues
Activities
- Review the (ISC)² Code of Ethics.
- Perform a qualitative risk assessment for a sample scenario.
- Take ExamOS Rookie mode quiz (30 questions) on Security & Risk Management.
Topics
- Data classification (confidential, internal, public)
- Data lifecycle (creation, storage, use, sharing, archival, destruction)
- Retention policies and data sovereignty
- Privacy protection (PII, PHI)
Activities
- Create a data classification policy for a mock company.
- Review GDPR and CCPA requirements.
- Take ExamOS Challenger mode quiz on Asset Security.
Week 3
Security Architecture & Engineering
Topics
- Secure design principles (defence in depth, least privilege, zero trust)
- Encryption (symmetric, asymmetric, hashing)
- PKI and certificate management
- Database, cloud, and web security models
Activities
- Design a secure network architecture diagram.
- Compare encryption algorithms and their use cases.
- Take ExamOS Challenger mode quiz on Security Architecture.
Week 4
Communication & Network Security
Topics
- OSI and TCP/IP models
- Secure network components (firewalls, IDS/IPS, VPN)
- Network attacks (DoS, MITM, sniffing)
- Wireless and remote access security
Activities
- Configure a simple firewall rule set (conceptual).
- Identify network attack vectors in a sample scenario.
- Take ExamOS Challenger mode quiz on Network Security.
Week 5
Identity & Access Management (IAM)
Topics
- Authentication factors (something you know/have/are)
- Single sign‑on (SSO) and federation (SAML, OAuth, OpenID)
- Access control models (DAC, MAC, RBAC, ABAC)
- Identity lifecycle and provisioning
Activities
- Map an IAM solution to a business scenario (e.g., cloud migration).
- Compare RBAC vs. ABAC.
- Take ExamOS Challenger mode quiz on IAM.
Week 6
Security Assessment & Testing
Topics
- Vulnerability assessments vs. penetration testing
- Security audit and logging
- Test outputs (reports, remediation)
- Business continuity and disaster recovery testing
Activities
- Plan a vulnerability assessment program.
- Interpret a sample penetration test report.
- Take ExamOS Challenger mode quiz on Assessment & Testing.
Week 7
Security Operations
Topics
- Incident response process (preparation, detection, containment, eradication, recovery, lessons learned)
- Forensics and evidence handling
- Patch and change management
- Physical security (facilities, access controls)
Activities
- Create an incident response plan template.
- Practice chain of custody documentation.
- Take ExamOS Challenger mode quiz on Security Operations.
Week 8
Software Development Security
Topics
- Secure SDLC (SSDLC)
- Common vulnerabilities (OWASP Top 10)
- Security testing (SAST, DAST, IAST)
- DevSecOps and CI/CD security
Activities
- Review OWASP Top 10 for a sample application.
- Map security activities to software development phases.
- Take ExamOS Challenger mode quiz on Software Security.
Week 9
Full‑Domain Practice (Domains 1–4)
Topics
- Cumulative review of first 4 domains
- Time management for 125–175 questions (3 hours)
Activities
- Take ExamOS Challenger mode full quizzes (all domains) – at least 2.
- Review every incorrect answer.
- Repeat until you pass 2 Challenger quizzes in a row.
Goal:Consistent >70% on first half.
Challenger Mode
Week 10
Full‑Domain Practice (Domains 5–8)
Topics
- Cumulative review of domains 5–8
- Time management
Activities
- Take ExamOS Challenger mode full quizzes (all domains) – at least 2.
- Identify persistent weak domains.
- Repeat until you pass 2 Challenger quizzes in a row.
Goal:Consistent >70% on second half.
Challenger Mode
Week 11
Legend Mode & Exam Simulation
Topics
- Full 3‑hour simulation (125–175 questions)
- Adaptive exam style (CAT – Computerised Adaptive Testing)
Activities
- Take ExamOS Legend mode full quizzes (80% hard) – at least 3.
- Simulate the full exam length.
- Review every incorrect answer.
- Once you pass Legend mode twice in a row, schedule your real exam.
Consistent >80% on Legend mode.
Daily Study Routine
Suggested 2–3 Hour Day
| Time | Activity |
|---|
| 15 min | Review weak questions |
| 90 min | Read (ISC)² official guide or video course |
| 60 min | Practice with flashcards (concepts, frameworks) |
| 30 min | ExamOS quiz |
| 15 min | Review explanations |
Stay consistent by setting a target date for this certification.
Set targetGoal:Baseline understanding. Don’t worry about the score.
Rookie ModeSign in to practice Goal:2 consecutive Challenger passes on asset security.
Challenger ModeSign in to practice Goal:Understand how to build secure systems.
Challenger ModeSign in to practice Goal:Secure network design and threat mitigation.
Challenger ModeSign in to practice Goal:Design and implement access control.
Challenger ModeSign in to practice Goal:Validate security controls effectively.
Challenger ModeSign in to practice Goal:Operationalise security processes.
Challenger ModeSign in to practice Goal:Integrate security into development.
Challenger ModeSign in to practice Goal:
Legend ModeSign in to practice