CISSP frustrations

CyberCop123CyberCop123 Senior MemberMember Posts: 337 ■■■■□□□□□□
Just a minor thing, but I did want to vent about some parts of the CISSP, in particular the conceptual parts where it talks about BCP and DRPs. So much of it seems overly complex and wordy. There also appears to be a lot of different views on the same material and conflicting or slightly varying descriptions.

For example, the Eric Conrad book (the 600 page one) states:
  1. Recovery Time Objective (RTO) is the maximum time allowed to recovery business or IT systems
  2. Mean Time To Repair (MTTR) describes how long it will take to recover a failed system
Surely they are pretty much the same and if there is a difference, it doesn't seem worth the two different categories.

Also:

The Eric Conrad book (the 600 page one) states:
  • Maximum Tolerable Downtime (MTD)
  • Recovery Point Objective (RPO)
  • Recovery Time Objective (RTO)
  • Work Recovery Time (WRT)
  • Mean Time Between Failures (MTBF)
  • Mean Time to Repair (MTTR)
  • Minimum Operating Requirements (MOR)

Where as the Sybex book doesn't cover half of this, it simply goes over:
  • Recovery Time Objective (RTO)
  • Maximum Tolerable Outage (MTO) ... which is the same as Maximum Tolerable Downtime
Very bad for the head and just is overly confusing. I think this is a prime example of where you have to properly understand the topic ... not necessarily the terms, the definitions, the language. If you understand properly, then it doesn't matter I guess what they call it, it makes sense.
My Aims
2017: OSCP -
COMPLETED
2018: CISSP -
COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
COMPLETED
           GIAC GREM - Reverse Engineering of Malware -
COMPLETED

2020: MCSA, OSCE

Comments

  • CyberCop123CyberCop123 Senior Member Member Posts: 337 ■■■■□□□□□□
    Oh and one last thing, the test questions at the end of the chapter in the Conrad book...

    Q: What is the primary goal of disaster recovery planning (DRP)

    A) Integrity of Data
    B) Preservation of Business Capital
    C) Restoration of Business Processes
    D) Safety of Personnel

    ..................................... what do you think?

    My initial answer wasn't there, I thought it was focussed on specific, technical parts of the IT system. However, the answer is D - safety of personnel. The book doesn't really mention that anywhere though - I searched the PDF for it.

    Just silly things like this are frustrating... but anyway, less of my moaning, got some reading to do!
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2020: MCSA, OSCE
  • RinzlerRinzler Member Posts: 34 ■■■□□□□□□□
    Human life and safety are without question the top concerns in security... icon_study.gif
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,125 ■■■■■■■■□□
    Rinzler wrote: »
    Human life and safety are without question the top concerns in security... icon_study.gif

    Yes! And if you see a question like that on the exam, ALWAY choose the answer regarding the safety of human life.
  • PC509PC509 CISSP, CEH, CCNA: Security/CyberOps, Sec+, CHFI, A+, Proj+, Server+, MCITP Win7, Vista, MCP Server 2 Oregon, USMember Posts: 796 ■■■■■■□□□□
    I believe Kelly Handerhan goes over the RTO & MTTR and others. I know that there was a resource I used that was really lacking, and I think (not 100%) that it was Kelly's material that went into the detail and explained it to where I understood exactly what each was, and the differences.
  • CyberCop123CyberCop123 Senior Member Member Posts: 337 ■■■■□□□□□□
    Good tips - thanks! Nice and easy to remember human life is the top priority... unless it's someone you really don't like icon_twisted.gif

    I'm listening to Kelly's MP3s everyday in the car, and about to start Domain 7 so I will listen out for that bit
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2020: MCSA, OSCE
  • Tekn0logyTekn0logy CISSP, C|EH, Security+, Netwoork+ Member Posts: 106 ■■■□□□□□□□
    You must fill gaps with other sources. Shon Harris audio book, albeit old, drives the point home about personnel safety being paramount. Also, industry knowledge would key on the differences between RTO and MTD.
  • luisbeeluisbee CISSP / CRISC / CISM / CISA / ISO 27001:2013 LA LondonMember Posts: 28 ■■■□□□□□□□
    Tips for any CISSP & Golden Rules for any CISSP takers out there...

    1. People Safety First
    2. Management Buy-in is Critical
    3. Everyone is Responsible for Security
    4. Training is Essential
    5. Policy is the Key to (nearly) everything

    If you remember these Golden Rules, then you are Good to GO!!!
    Certs Achieved: CISA / CISM / CISSP / ISO 27001 Lead Auditor / CRISC
    Currently Studying: ISSAP / Python

    "Be silly. Be fun. Be different. Be crazy. Be you, because life is too short to be anything but happy." - Anon
  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    For example, the Eric Conrad book (the 600 page one) states:
    1. Recovery Time Objective (RTO) is the maximum time allowed to recovery business or IT systems
    2. Mean Time To Repair (MTTR) describes how long it will take to recover a failed system
    Surely they are pretty much the same and if there is a difference, it doesn't seem worth the two different categories.

    These seem similar, but consider how they are used and what they really mean.

    RTO relates to how long you've got to restore your critical systems. This relates to operations as a whole and is a standard for planning recovery operations.

    MTTR generally relates to a specific system or even a specific piece of hardware. This is usually coupled with the mean time to failure. If we say that a hard disk of a specific make has a mean time to failure of, say, 7 years, we'll also want to know the mean time to repair that failure.
    When you go the extra mile, there's no traffic.
Sign In or Register to comment.