What study approach did you take for CISSP -for anyon who has passed and had no exp.

chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□

As title says im interested on study approaches taken by anyone who has passed the CISSP and did not have any/little infosec
experience before doing so.



  • tiagotavarestiagotavares Member Posts: 18 ■■■□□□□□□□
    I'm not CISSP yet, but those who has never had contact with InfoSEC, All-In-One (Shon Harris) maybe is the best resource.
  • dustervoicedustervoice Member Posts: 877 ■■■■□□□□□□
    Read CISSP for dummies first then Shon Harris (AIO) would be my recommendation.
  • chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
    ya im thinking, CISSP for dummies-conrad study guide-trying to avoid the inevitable (AIO) icon_smile.gif
    I know its not a bad book just not my reading style.
  • 5ekurity5ekurity Member Posts: 346 ■■■□□□□□□□
    The AIO is the best book hands down, and if you don't have a lot of exposure to many of the areas, will be of the most help in filling your knowledge gaps.
  • chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
    yeah i hear ya.
  • 5ekurity5ekurity Member Posts: 346 ■■■□□□□□□□
    One of the things that helped me through some of the areas I was less familiar with was to write out my notes to explain the concept in my own words, not just a copy of the book's explanation.

    Example: Bell-LaPadula - no read up, no write down - why would you want to do this? Well, I wouldn't want someone without the appropriate clearance to read extremely sensitive data restricted for only specific people - so "no read up" makes sense.

    Well what about writing down? So let's assume people with a high level of security clearance are communicating with one another and editing documentation. We must assume that the contents of their communication and documents they are working on are also extremely sensitive, and we wouldn't want to risk information leakage - so writing anything to a lower security level may cause data leakage or a security exposure, since anyone with less than that high level of security clearance could potentially see it. They could also begin to infer information - take the data they have access to at their security level, combine this data with the information that was unintentionally 'leaked' from a higher level - begins to paint a larger picture.
Sign In or Register to comment.