CobIT on CISSP exam - v4 or v5?
jonwinterburn
Member Posts: 161 ■■■■□□□□□□
in SSCP
Reading the AIO or the CBK, they refer to CobIT 4 (with 34 processes), but don't mention CobIT 5, which is completely restructured (see: COBIT 5 FAQs). I've not studied version 5 at all. Do I need to? Or is it safe to assume as it's not in the CBK or AIO that it's not in the exam?
Thanks,
Jon
Thanks,
Jon
Comments
-
philz1982
Member Posts: 978
Very little focus on COBIT, I would focus on ISO, CC, and NISTRead my blog @ www.buildingautomationmonthly.com
Connect with me on LinkedIn @ https://www.linkedin.com/in/phillipzito -
jonwinterburn
Member Posts: 161 ■■■■□□□□□□
Thanks. Presumably focusing on the concepts within those frameworks will be more valuable to me than rote memorisation of framework numbers? I'm assuming I'm not going to be asked "which NIST framework covers risk assessment?" but rather "which of the following best describes risk assessment"? - would you say that's about right?
-
philz1982
Member Posts: 978
I vaguely recall being asked specific things around ISO and CC but not NIST. The point is to understand how it flows and when you would use stuff.
FIPS->NIST
ISO Flow. 27001 vs 27002
Common Criteria Levels ( I remember this one)
Trusted vs Untrusted
RBAC vs Tier
Ect.
Yes there is some memorization but if you memorize the Sunflower PDF you should be solid. Then it becomes just how to use the tools and when to use themRead my blog @ www.buildingautomationmonthly.com
Connect with me on LinkedIn @ https://www.linkedin.com/in/phillipzito