CISSP Memorisation Techniques

in SSCP
Hi all,
So I'm prepping for the exam, and have a strict, obsessive study regime I've adhered to for the last few months, and will continue to until the exam. I've written extensive notes, which I'm reading over and over again. However, one weakness I have is memorising facts that include numbers or phases. So far I've written up the following memorisation charts to accompany my notes:
Symmetric Algorithms
Hashing Algorithms
Bitwise operations
IEEE 802, ICMP Type Codes, TCP Flags, Ports
Common Criteria EALs, ITSEC, Orange Book
SDLC, S-SDLC, CMMI, IDEAL, ACID, Aggregate functions
BCP, BIA, DRP, Fire
Risk formulas and framework phases
Control types & functionalities
Classification labels
RAID levels
Anything I'm missing? And does anyone have any tips? Particularly to memorising how Orange Book, ITSEC and CC EALs relate to each other. Also, which NIST 800 series are worth memorising? Surely not all of them.
Thanks.
Jon
So I'm prepping for the exam, and have a strict, obsessive study regime I've adhered to for the last few months, and will continue to until the exam. I've written extensive notes, which I'm reading over and over again. However, one weakness I have is memorising facts that include numbers or phases. So far I've written up the following memorisation charts to accompany my notes:
Symmetric Algorithms
Hashing Algorithms
Bitwise operations
IEEE 802, ICMP Type Codes, TCP Flags, Ports
Common Criteria EALs, ITSEC, Orange Book
SDLC, S-SDLC, CMMI, IDEAL, ACID, Aggregate functions
BCP, BIA, DRP, Fire
Risk formulas and framework phases
Control types & functionalities
Classification labels
RAID levels
Anything I'm missing? And does anyone have any tips? Particularly to memorising how Orange Book, ITSEC and CC EALs relate to each other. Also, which NIST 800 series are worth memorising? Surely not all of them.
Thanks.
Jon
Comments
C = D
C1= DSP
C2= CAP
B = M
B1= LS
B2= SP
B3 = SD
A = V
A1 = VD
Risk Mgmt (NIST 800-30) = SVT CLI RCR
Great, thanks!
....Just trying to save you some time.
This is true, try to understand the info and where to apply it.
Sometimes when I tried to remember the different models for example I wrote it in a blog and try to explain in my words how the model works, because I was thinking "I was explaining to a person that doesn't have a lot of knowledge" I used easy words, then begin to click in my head.
It is your personal IPS to stop the attack.
A good point. I guess I'm afraid I'll be asked something I should've memorised. Regarding understanding, I think I'm 70% of the way to understanding all the concepts. I struggle on some of the models (risk, SDLC, S-SDLC) and processes/phases. This is because I've not have real-world experience in many of them (except NIST 800-30). Any suggestions? I've read about all of the models etc. until I'm blue in the face, but it's just words, lol.
Make a list of symmetric and asymmetric algorithms and out them side by side. You will see that the majority of the popular symmetric algorithms are just acronyms but the asymmetric algorithms have the names of their invetors. That's how i did it.
Again, do you understand the concept of Risk, SDLC, S-SDLC and why they do what they do? Do you understand why NIST 800-30 is there and what it does? Understand the why's more than the facts. Explain some of these concepts to people that have no idea what they are. If you can explain it to someone then you have understood the topic.
BRAIDS/REDD
Blow Fish 2 Fish
Rc4 and others
Aes
Idea
Des/ 3Des
Serpant
Rsa
Elliptical Curve
El Gambel
Diffie Hellmam
Totally agree with this. I used CISSP All in One (Shon Harris) for 95% of exam prep and it was very good.
When I said learn the information means you will not able to repeat all the symmetric and asymmetric encryptions, no, you will able to identify where to apply those and also identify what kind of encryption is better, etc, etc.
People says that it is one 1 inch deep and 1 mile wide, it is true, but remember, the better you know the info lets say 2 or 3 inches deep then the better you will increase the chance to pass because you will know better where to apply the knowledge.
It is your personal IPS to stop the attack.