ISC2 CISSP Study Plan: Security Domains, Decision Cues, and Review in 30, 60, and 90 Days

Use this study plan when you want a real route through CISSP instead of randomly reading security topics. CISSP rewards judgment under broad scope: the right control family, the right governance boundary, the right lifecycle step, and the right business-risk decision.

Background-based pacing

Default 8-week route

1. Week 1: Risk plus Assets
2. Week 2: Architecture
3. Week 3: Network
4. Week 4: IAM
5. Week 5: Testing
6. Week 6: Operations
7. Week 7: Software plus cross-domain weak spots
8. Week 8: mixed scenario review with the cheat sheet, glossary, faq, and official references from resources

Weekly loop

    flowchart LR
	  R["Read one CISSP domain cluster"] --> C["Classify the real decision type"]
	  C --> P["Pick the most risk-aware scalable control"]
	  P --> M["Log misses as short rules"]
	  M --> X["Revisit mixed scenario sets"]

What strong prep usually does

• studies across domains without treating them as isolated silos
• turns misses into short rules such as contain before eradicate when evidence matters
• prefers risk, policy, and architecture reasoning over raw tool memorization
• practices broad scenario reading instead of chasing only fact-card recall

Booking signal

You are getting close when:

• crypto, IAM, network, and operations answers feel like different decision families instead of one blur
• your misses narrow into specific weak domains rather than general uncertainty
• you naturally choose preventive, auditable, and least-privilege answers before flashy reactive ones

Final 72-hour plan

• reread the cheat sheet once for high-confusion pairs and core models
• use the glossary only for weak terms that still blur together
• use the resources page to confirm the current ISC2 outline and maintenance rules
• use the faq if you need a final reset on endorsement, experience, or exam mindset