WGU Round 3: MSISA

ratbuddy

Will do, thanks.

I did my usual routine of talking to the course mentor before I even looked at the material. I requested (and received) all of their tip sheets and templates, etc. These materials should really be part of the courses, but I guess WGU must have their reasons for withholding them until requested.

ratbuddy

Task 1 for VLT2 passed on the first attempt. I just did it as a single Word document, about 7 pages or so. Two or three sentence intro, a list of the 15 attacks/vulnerabilities, another brief intro for part B, then another list with likelihood and countermeasures for each threat.

Task 2 is a bit more daunting due to slightly ambiguous wording in the task instructions, I will read some of the material this time. I *think* I know what they're looking for, but I don't want to waste time writing the wrong stuff. Specifically, "3. A justification of the processes that should be included in the scope" is the part I'm not super clear on. What exactly constitutes a process? I'll figure it out soon enough, I guess

NicWhite

Just dropped in to say that you are an awesome inspiration. Keep up the good work.

ratbuddy

Thanks, and will do

I'm off all next week (took FMLA for 4x wisdom teeth extraction - cheesy, but no other way to get unpaid time off here), and my goal is to both finish VLT2, and take the cryptography exam. After that, who knows?

markulous

Any recommended path on the order of courses?(I start on Jan 1st) Only thing I know I want to wait on is the CEH since it's a v9 and there's no v9 material.

ratbuddy

I can't offer too many suggestions yet, since I've only done a few courses, but so far:

LYT2 (Current and Emerging Technology) was a cakewalk; pure fluff course unless you don't know anything about IT.
TFT2 (Cyberlaw, Regulations, and Compliance) was a pain in the butt. Material not difficult, but task instructions ambiguous and graders fairly arbitrary.
JIT2 (Risk Management) super easy if you write to the rubric.

I would definitely save CEH for last due to the EC Council clusterfsck, but beyond that, I can't offer (good) advice on a suggested order yet. I'll update in a few months :P

markulous

Thanks! That really helps. I'll make sure LYT2 and JIT2 are on my first term.

ratbuddy

Well, I winged it for VLT2 task 2, and actually got a pass on my first try. Four pages, just under one page for each section of the task instructions. I pasted the instruction outline into a Word document and threw out some fluff. Hit on integrity, availability, and confidentiality issues, and you'll be fine.

Next up, the as-is. It's very short, a page or two, I will submit it tonight or tomorrow. Haven't even looked at task 4 yet, no idea what that one entails.

ratbuddy

Hrmph, task 3 also passed on the first try. They must have seriously nerfed the grading on this course, because I really halfassed it.

Task 4 is really confusing - the material is pretty straightforward, but it's really unclear what they are asking for.

I might take a break from VLT2 and do cryptography

JoJoCal19

ratbuddy wrote: »

Hrmph, task 3 also passed on the first try. They must have seriously nerfed the grading on this course, because I really halfassed it.

Task 4 is really confusing - the material is pretty straightforward, but it's really unclear what they are asking for.

I might take a break from VLT2 and do cryptography

Crypto was soooooooo easy. I just read the Crypto section of Conrad's CISSP Study Guide twice and passed it easily.

ratbuddy

Nice

I'm watching this series, Essentials of Cryptography and Network Security | Lynda.com and I will read that chapter of the Conrad book as well - it's available on Books24x7 free through WGU

JoJoCal19

Yea, forgot to add, the pre-assessment (not the uCertify one) was fairly close to the actual exam. I believe I even saw some of the same questions just worded a little different.

ratbuddy

Awesome, thanks again. I have the pre recorded from a few months ago. As always, I'll use it as a last-minute study guide.

Where I could really use some guidance is on VLT2 task 4 - the "External documents needed for task" column is just throwing me for a loop. Do I need to dig up a reference/standard for every single line item? How am I supposed to know where to even look?

JoJoCal19

Ah, I haven't done VLT2 Task 4 yet. But do post if you find out.

fullcrowmoon

I'm doing the MSISA at Norwich University, so I'll be really interested in reading about your MSISA at WGU. It sounds interesting!

cyberguypr

Is task 4 the one comparing/contrasting COBIT, ITIL, and the other frameworks?

Verruckt

ratbuddy wrote: »

I can't offer too many suggestions yet, since I've only done a few courses, but so far:

LYT2 (Current and Emerging Technology) was a cakewalk; pure fluff course unless you don't know anything about IT.
TFT2 (Cyberlaw, Regulations, and Compliance) was a pain in the butt. Material not difficult, but task instructions ambiguous and graders fairly arbitrary.
JIT2 (Risk Management) super easy if you write to the rubric.

I would definitely save CEH for last due to the EC Council clusterfsck, but beyond that, I can't offer (good) advice on a suggested order yet. I'll update in a few months :P

I'm having this same issue - I do this crap daily, and followed the rubric and tips and tricks exactly and got an assignment kicked back for revision.

The graders frequently come up with stuff outside of the scope of the rubric and scenario and ask for revisions on that and I feel it's a crap shoot on the grader you get.

They definitely could improve on it.

Verruckt

ratbuddy wrote: »

Awesome, thanks again. I have the pre recorded from a few months ago. As always, I'll use it as a last-minute study guide.

Where I could really use some guidance is on VLT2 task 4 - the "External documents needed for task" column is just throwing me for a loop. Do I need to dig up a reference/standard for every single line item? How am I supposed to know where to even look?

Ask the course mentor for some tips - they generally have a good idea of whats needed.

cs8400

JoJoCal19 wrote: »

Let me know if you need tips on VLT2. I'm about to resubmit task 1. I also received a bunch of tips and stuff from the course mentor on VLT2. Shoot me a PM.

ratbuddy wrote: »

Well, I winged it for VLT2 task 2, and actually got a pass on my first try. Four pages, just under one page for each section of the task instructions. I pasted the instruction outline into a Word document and threw out some fluff. Hit on integrity, availability, and confidentiality issues, and you'll be fine.

Next up, the as-is. It's very short, a page or two, I will submit it tonight or tomorrow. Haven't even looked at task 4 yet, no idea what that one entails.

Any suggestions for VLT2 Task2? I got my paper kicked back to me, specifically because of section B "Recommend additional step". The evaluator's comments were not very helpful...

ratbuddy

cyberguypr wrote: »

Is task 4 the one comparing/contrasting COBIT, ITIL, and the other frameworks?

Yep, although that part seemed pretty easy. I was having issues with the to-do list format and what they were looking for in the 'external documents' section. I think this really shoulda been two separate tasks. I just powered through the whole mess in about 4 hours, hopefully it doesn't get kicked back, but I won't be surprised if it does

cs8400 wrote: »

Any suggestions for VLT2 Task2? I got my paper kicked back to me, specifically because of section B "Recommend additional step". The evaluator's comments were not very helpful...

Task 2 Part B:

WGU wrote:

B. Recommend additional steps that the organization would need to take to implement the ISMS plan.
1. Discuss what each recommended step entails.
2. Justify each recommended step.

I just did what they instructed. I thought of three extra steps that would be helpful in implementing the plan, then provided a paragraph of fluff surrounding each.

I always find it helpful to beat the graders over the head with what I'm about to present them with. Give them something ripped directly from the task instructions, such as "I recommend the following additional steps the organization should take to implement the ISMS plan:" so they know exactly which part of the task instructions and rubric is about to hit their eyeballs. Then, in each bullet point, provide parts 1 and 2, with fluff like 'This step entails...' and 'This step can be justified by...' so they can't miss what you're aiming for.

I think I'll take the cryptography exam Monday. I have the day off, and taking it then will let me relax and study over the weekend. The Eric Conrad CISSP Study Guide is quite clear and concise, I'm liking it a lot - no extra fluff or storytelling, just the facts I'll need to remember in order to pass.

ratbuddy

Well, somehow I passed all four tasks for VLT2 on my first try. Onward to crypto...

ratbuddy

Passed UVC2 (Cryptography) with an 82%, cut score is 65%. I was pretty disappointed with how poorly the preassessment lined up with the final - make sure you study SSL in a bit more detail than is covered by the preassessment or the CISSP crypto domain stuff in the Conrad study guide.

Next up.. Vulnerability Assessment, I think? Talking to mentor in a few hours, will find out then

JoJoCal19

ratbuddy wrote: »

Passed UVC2 (Cryptography) with an 82%, cut score is 65%. I was pretty disappointed with how poorly the preassessment lined up with the final - make sure you study SSL in a bit more detail than is covered by the preassessment or the CISSP crypto domain stuff in the Conrad study guide.

Next up.. Vulnerability Assessment, I think? Talking to mentor in a few hours, will find out then

Congrats on the pass. That's weird to hear about the preassessment tho. Mine was just like my exam and even had some of the same questions just re-worded.