ISC2 study guides give you a structured, domain-by-domain path through each ISC2 cybersecurity certification.[1] ISC2 administers the flagship CISSP along with CCSP, SSCP, CC, CGRC, CSSLP, and the three CISSP concentrations — and each exam is built on an official outline of domains.
This page gathers free study guides for all 9 ISC2 certifications we cover. Each guide is organized around the official ISC2 exam outline for that credential and written to explain the reasoning, so you understand the material instead of memorizing it.
ISC2 Certs at a Glance
| Detail | ISC2 Certifications |
|---|---|
| Certifying Body | ISC2 — International Information System Security Certification Consortium |
| Flagship Credential | CISSP (Certified Information Systems Security Professional) |
| Entry Point | CC (Certified in Cybersecurity) — free, no experience required |
| Concentrations | ISSAP, ISSEP, ISSMP build on an active CISSP |
| After You Pass | Endorsement by an ISC2 professional, then ongoing CPE credits |
| Focus | Information security: architecture, cloud, governance, software, operations |
All 9 ISC2 Study Guides
Choose your certification below. Guides are grouped by where the credential sits in the ISC2 lineup — pick a single guide to study, or work through several as you advance. Each links to a free, domain-by-domain study guide.
Entry & Practitioner
Where most people begin — the free entry credential and the hands-on practitioner cert.
| Certification | Focus | Open |
|---|---|---|
| CC — Certified in Cybersecurity | Entry-level, no experience required | Open study guide |
| SSCP — Systems Security Certified Practitioner | Hands-on security practitioner | Open study guide |
CISSP & Concentrations
The flagship CISSP and the three advanced concentrations that build on it.
| Certification | Focus | Open |
|---|---|---|
| CISSP — Certified Information Systems Security Professional | Flagship, eight security domains | Open study guide |
| ISSAP — Information Systems Security Architecture Professional | CISSP concentration — architecture | Open study guide |
| ISSEP — Information Systems Security Engineering Professional | CISSP concentration — engineering | Open study guide |
| ISSMP — Information Systems Security Management Professional | CISSP concentration — management | Open study guide |
Specialized Credentials
Focused certifications for cloud, governance, and secure software roles.
| Certification | Focus | Open |
|---|---|---|
| CCSP — Certified Cloud Security Professional | Cloud security | Open study guide |
| CGRC — Certified in Governance, Risk and Compliance | Governance, risk and compliance | Open study guide |
| CSSLP — Certified Secure Software Lifecycle Professional | Secure software lifecycle | Open study guide |
The CISSP Concentrations
The three ISSxP credentials are CISSP concentrations — advanced certifications you study toward after earning the CISSP, and you must hold an active CISSP to sit them.[4] Each concentration guide goes deeper into one focused area of the security field.
- ISSAP — Information Systems Security Architecture Professional, focused on security architecture and design.
- ISSEP — Information Systems Security Engineering Professional, focused on building security into systems and engineering processes.
- ISSMP — Information Systems Security Management Professional, focused on leading and managing an enterprise security program.
How to Use These Study Guides
- Start at the right level. If you are new, begin with the CC guide; if you are experienced, study toward CISSP and the concentrations.
- Study domain by domain. Each guide follows the official ISC2 exam outline, so work through the domains in order and weight your time toward the larger ones.
- Understand, don’t memorize. ISC2 exams — especially CISSP — reward applying security concepts to scenarios, so focus on the reasoning behind each topic.[2]
- Pair with practice tests. Read the guide for a domain, then test yourself on it to confirm the concepts stuck before moving on.
- Plan for endorsement and CPEs. Remember that passing is one step — most ISC2 credentials also need endorsement and ongoing continuing-education credits.
ISC2 Study Guide FAQ
An ISC2 study guide is a structured walkthrough of everything an ISC2 exam tests, organized around the official exam outline (domains) for that certification. Each guide on Career Employer breaks a credential — CISSP, CCSP, SSCP, CC, CGRC, CSSLP, or a CISSP concentration — into its domains, then explains the key concepts in each so you can study with direction instead of guessing what matters.
If you are new to cybersecurity, start with the Certified in Cybersecurity (CC) study guide — CC is the free, entry-level credential with no work-experience requirement, so it is the natural on-ramp. Experienced professionals usually study toward CISSP, the flagship credential. SSCP suits hands-on practitioners, while CCSP, CGRC, and CSSLP serve specialized cloud, governance, and software-security roles.
The CISSP study guide is organized around the eight CISSP domains: Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, and Software Development Security. Because the CISSP is broad and experience-oriented, the guide focuses on understanding concepts and how they connect rather than rote memorization.
The English CISSP exam is delivered as a Computerized Adaptive Test (CAT) of 100 to 150 items in up to 3 hours. The adaptive format means the difficulty adjusts based on your answers, and you must score a scaled 700 out of 1000 to pass. Knowing this structure shapes how you study: breadth across all eight domains matters more than deep memorization of any single area.
The CISSP concentrations — ISSAP, ISSEP, and ISSMP — are advanced credentials that build on the CISSP, and you must hold an active CISSP to earn them. ISSAP focuses on security architecture, ISSEP on security engineering, and ISSMP on security management. Each concentration study guide assumes you already understand the CISSP foundations and goes deeper into its specialty.
Most do. CISSP, CCSP, SSCP, CGRC, and CSSLP each require a defined amount of relevant work experience (some allow partial substitutions), and after you pass you must be endorsed by an existing ISC2 certified professional to be fully certified. The Certified in Cybersecurity (CC) credential is the exception — it has no experience requirement, which makes it the recommended entry point.
ISC2 certifications must be maintained through Continuing Professional Education (CPE) credits and an Annual Maintenance Fee. You earn CPEs over a three-year cycle by doing approved professional-development activities. Our study guides focus on passing the exam, but it is worth knowing that earning the credential is the start of an ongoing CPE commitment, not a one-time event.
Yes. Every ISC2 study guide on Career Employer is completely free, with no account required. Each guide is organized around the official ISC2 exam outline for that certification and written to explain the reasoning behind the concepts, so you build genuine understanding rather than memorizing answers.
References
- 1.ISC2. “ISC2 — Cybersecurity Certifications & Training.” isc2.org, 2026. ↑
- 2.ISC2. “CISSP — Certified Information Systems Security Professional.” isc2.org, 2026. ↑
- 3.ISC2. “Certified in Cybersecurity (CC).” isc2.org, 2026. ↑
- 4.ISC2. “CISSP Concentrations (ISSAP, ISSEP, ISSMP).” isc2.org, 2026. ↑

Career Employer
Career Employer is the ultimate resource to help you get started working the job of your dreams. We cover topics from general career information, career searching, exam preparation with free study materials, career interviewing, and becoming successful in your career of choice.
All PostsCareer Employer’s Editorial Process
Here at Career Employer, we focus a lot on providing factually accurate information that is always up to date. We strive to provide correct information using strict editorial processes, article editing, and fact-checking for all of the information found on our website. We only utilize trustworthy and relevant resources. To find out more, make sure to read our full editorial process page here.
