What does "think like ISC2" mean?

Hello community,

First, I'd like to thank everyone who is a contributor to this forum, I just recently discovered this site only a few days ago, so I am for all intents and purposes a newbie here.

I've got 18 years IT experience and about 3 years of Security related experience.
I took the CISSP bootcamp, studied hard for about 5 weeks, took the exam and scored a 689.

Like many of you, I found the questions very subjective, where 2 of the answers of a given question would be so close that
it really came down to opinion on who is the author of the exam content.

That being said, I read in several places that you must "think" like ISC2 does in order to pass.
What does this mean and can someone shed some examples or give me the right frame of mind to help me and others with this?

I will be retaking the exam in a month with hopes that I can get those subjective questions correct.
Appreciate the replies.

Marc

Find more posts tagged with

Comments

renacido

I can't speak for others, but I believe they're saying that when the right answer according to the CBK is in conflict with what you know it the paradigm you're accustomed to in your work experience, go with the CBK's answer.

qptp

Yamahasx701,
Good question! I am trying to understand that verbiage as well.....

I was trying to send you a pm, but the system is not letting me. What did you think of the bootcamp? Was it a official ISC2 training? Just trying to figure out if the official training will help one to "think more like ISC2."

renacido

I did a boot camp (isc2 official) a month ago, not recommended. Basically a cursory skim of the material. You could get as much info simply by reading the table of contents and the glossary of any CISSP study guide official or otherwise.

beads

Often confused with the management of Security. To reflect on renacido's comment sometimes the CBK is a poor interpretation of what are referred as "good" or "best" practices - a posting unto itself. Perhaps the editor's just mean well but misinterpret what they see in writing. I dunno.

In effect what throws people off in these types of exams breaks down as follows: Its a psychometric exam designed to fill your head with obstructions and distractions making a conclusion feel more like a best guess than truly confident in your answer selection; the CISSP is an exam that relies heavily on your work experience rather than book learning; amount of depth and scope presented is so large no one is going to feel completely prepared in every aspect of every domain. This last point is geared toward those with a good deal of security experience but generally concentrated in one area and weaker in another unrelated area. This often leads to a bit of false confidence. You may have 20 years of "security" experience but only a small practice in one or two aspects of Computer Information Systems Security (Practice (in lieu of profession)) - particularly with government types.

Love it when people confuse security and information security. Folks, there is a huge difference between the two.

- b/eads