Options
Different books have differing descriptions
They say KISS principle should always be respected. May be "they" had read CISSP Books!
I am going through 3 books - CBK book, SYbex and 11th Hour.
It is frustrating to see that different books mention different steps as first step or even differ in defining roles.
Example Data Custodian - Common sense would make me believe that data owner is more responsible for classification, data administrator will assign or enforce permissions and a custodian will simply ensure backups and access control.
Yet CBK book states that both Data Owner and Custodian can be responsible for backups.
Sybex marks my answer wrong if I go by what CBK states.
So dear CISSPs - Can you please put on your managerial hat and advise me how to solve such conflicting issues so as not to lose marks in exam?
I am going through 3 books - CBK book, SYbex and 11th Hour.
It is frustrating to see that different books mention different steps as first step or even differ in defining roles.
Example Data Custodian - Common sense would make me believe that data owner is more responsible for classification, data administrator will assign or enforce permissions and a custodian will simply ensure backups and access control.
Yet CBK book states that both Data Owner and Custodian can be responsible for backups.
Sybex marks my answer wrong if I go by what CBK states.
So dear CISSPs - Can you please put on your managerial hat and advise me how to solve such conflicting issues so as not to lose marks in exam?
Comments
-
Options
TheFORCE
Member Posts: 2,297 ■■■■■■■■□□
What are you confused on? Which description? I don't think i have heard of any KISS principle in the CBK. -
Options
Raransky
Member Posts: 18 ■□□□□□□□□□
Hello,
I think the trick here is not in the books, it is in questions. This where you experience comes out. Different scenarios have different answers as different organizations have different structures and might have roles shifted a bit. Read carefully and apply BEST answer to specific scenario.
As to Backups responsibility - Data Owner is responsible for HOW and WHAT, when Data Custodian is responsible for the actual implementation, backup process itself and verification. This is how I understand it. -
Optionsgespenstern
Member Posts: 1,243 ■■■■■■■■□□
There are inconsistencies in less tangible areas. Everyone has their own opinion on what IR steps are, for example. Also, according to Shon Harris, for the purpose of CISSP exam, TLS is a network layer protocol (while in reality it is clearly not). I've posted here a lot of threads on this, some were deleted though, lol.
Your goal is to make at least 700 out of 1000 instead of getting everything right 100%.
For this purpose be aware of the most trendy explanation of less tangible things and for tangible things (like crypto, no ambiguity here) make sure you know how it works and you'll be fine. -
Options
jcundiff
Member Posts: 486 ■■■■□□□□□□
What are you confused on? Which description? I don't think i have heard of any KISS principle in the CBK.
KISS
Keep It Simple, Stupid... typically more of a military thing
or at least thats where I learned the Kiss rule/principle 
"Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke