CISSP concepts

Dear all,

So many times written on this forum that CISSP exam requires knowledge of concepts. I kindly ask all those who passed the exam to briefly highlight aforementioned concepts.

Thanks in advance

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

cyberguypr

Hmm.. everything in the CBK? That may take a while.

The "concepts " comment you mention means that you shouldn't be focusing on memorizing much, but instead understanding how things work, the purpose they serve, and how to use them. An example that comes to mind is categorization of controls. Some people try to put controls into buckets. Firewalls are X, cameras are Y, policies are Z. They forget to consider that controls need to be analyzed in the context of the purpose they serve. This is the kind of stuff that you will see in the exam. Instead of asking "what is a corrective control" expect to see a scenario where you need to apply the selection of controls.

I'm sure others will chime in with more details/examples but this should give you an idea.

protacticus

Cyberguypr thank you for input. Some of the concepts may be:

Keep focus on HUMAN SAFETY, COST, ROI,
Balance of costs and solving the problem,
Security is a service to business,
What is the best symmetric encryption and why? What is the worst and why?
Risk Analysis will analyze the risk of particular controls (IPsec, TCB, etc...) in particular situations in hopes of mitigating a particular risk.