Home
Certification Preparation
(ISC)²
SSCP
CISSP concepts
protacticus
Dear all,
So many times written on this forum that CISSP exam requires
knowledge of concepts
. I kindly ask all those who passed the exam to
briefly highlight
aforementioned concepts.
Thanks in advance
Find more posts tagged with
Comments
cyberguypr
Hmm.. everything in the CBK? That may take a while.
The "concepts " comment you mention means that you shouldn't be focusing on memorizing much, but instead understanding how things work, the purpose they serve, and how to use them. An example that comes to mind is categorization of controls. Some people try to put controls into buckets. Firewalls are X, cameras are Y, policies are Z. They forget to consider that controls need to be analyzed in the context of the purpose they serve. This is the kind of stuff that you will see in the exam. Instead of asking "what is a corrective control" expect to see a scenario where you need to apply the selection of controls.
I'm sure others will chime in with more details/examples but this should give you an idea.
protacticus
Cyberguypr thank you for input. Some of the concepts may be:
Keep focus on HUMAN SAFETY, COST, ROI,
Balance of costs and solving the problem,
Security is a service to business,
What is the best symmetric encryption and why? What is the worst and why?
Risk Analysis will analyze the risk of particular controls (IPsec, TCB, etc...) in particular situations in hopes of mitigating a particular risk.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
