I know a few colleagues and friends have passed or looking at doing their CISSP (Certified Information Systems Security Professional) from the ISC2 (International Information Systems Security Certification Consortium). There are two common questions when people find out I'm a CISSP and they are; what books or course did you use? and how easy is it to maintain your CPE (Continuing Professional Education) credits?
I read a few books during my studies, but the ones I would recommend are Eric Conrad's books. I used the CISSP Study Guide (Second Edition) for my main reading, which I supplemented with the Sybex CISSP Study Guide, when I needed to read about a topic is a different way. I found Eric Conrad writes is a technically minded way, which I mean it's written for someone with a technical background. We often don't need the stories and the "fluff" used to pack out study guides making then 1,500 to 1,600 pages! The Eric Conrad book is just over 500 pages which great when you still have a full time job to do as well.
I used the Exam Cram CISSP Practice Questions to test and validate my newly learnt knowledge. I also used the questions available from Eric Conrad's companion site. On the run up to the exam, I used Eric Conrad's Eleventh Hour CISSP: Study Guide. I hold Eric Conrad in high regard even though I've never met him, without his study guides, I'm not sure I would have passed the exam.
When you have passed the exam, you have to be in good standing and maintain CPEs by continuing your education. If you work in IT Security, you should been keeping up to date regardless of the CISSP! I have managed to complete 3 years of required CPE credits in less than six months!
I work in the "channel" which means I have interaction with my vendors regarding security solutions, and have to attend a number of conferences, webcasts, training session, webinars and meetings. I also read various industry magazines to keep up to date regarding the threat landscape. Many of these activities count towards your CPE credits. I read somewhere that you only need to spend an hour a week over the three years to maintain your CPE credits.
There are regular webcasts and InfoSecurity Professional magazine from ISC2, which count towards your CPEs. Here are other resources that will count towards your CPEs:
SC Magazine UK
Register on these sites and you will receive notifications of webcasts that will keep you up to date as well as count towards your CPEs.
Good luck if you are studying for your exam and happy reading if you are maintaining your CPEs!