Different books have differing descriptions

They say KISS principle should always be respected. May be "they" had read CISSP Books!
I am going through 3 books - CBK book, SYbex and 11th Hour.
It is frustrating to see that different books mention different steps as first step or even differ in defining roles.
Example Data Custodian - Common sense would make me believe that data owner is more responsible for classification, data administrator will assign or enforce permissions and a custodian will simply ensure backups and access control.
Yet CBK book states that both Data Owner and Custodian can be responsible for backups.
Sybex marks my answer wrong if I go by what CBK states.
So dear CISSPs - Can you please put on your managerial hat and advise me how to solve such conflicting issues so as not to lose marks in exam?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

TheFORCE

What are you confused on? Which description? I don't think i have heard of any KISS principle in the CBK.

Raransky

Hello,

I think the trick here is not in the books, it is in questions. This where you experience comes out. Different scenarios have different answers as different organizations have different structures and might have roles shifted a bit. Read carefully and apply BEST answer to specific scenario.

As to Backups responsibility - Data Owner is responsible for HOW and WHAT, when Data Custodian is responsible for the actual implementation, backup process itself and verification. This is how I understand it.

gespenstern

There are inconsistencies in less tangible areas. Everyone has their own opinion on what IR steps are, for example. Also, according to Shon Harris, for the purpose of CISSP exam, TLS is a network layer protocol (while in reality it is clearly not). I've posted here a lot of threads on this, some were deleted though, lol.

Your goal is to make at least 700 out of 1000 instead of getting everything right 100%.

For this purpose be aware of the most trendy explanation of less tangible things and for tangible things (like crypto, no ambiguity here) make sure you know how it works and you'll be fine.

jcundiff

TheFORCE wrote: »

What are you confused on? Which description? I don't think i have heard of any KISS principle in the CBK.

KISS

Keep It Simple, Stupid... typically more of a military thing

or at least thats where I learned the Kiss rule/principle