CISSP Exam: Nov 2008 Attempt

down77

I am curious to see if anyone else is attempting to take the CISSP exam in November or around the end of the year? If you are scheduling your exam in this time frame please list the exam date, materials you are using to study, and/or whether or not you plan to take a review course before the exam. Feel free to post any other information such as words of advice/encouragement and I'll try to update the post as my exam date comes near. Good luck to all!

Exam Date: Tenatively Nov 15, 2008

Materials Used: Shon Harris All in One 4th Edition
Sybex CISSP 3rd Edition
Career Academy CISSP 2007 Platinum Edition

Review Course: None scheduled at this time. Unfortuantely work refused and the $3k out of pocket expense is a little steep at this time.

Additional Materials: CCCure.org and the suggestions from this forum!

bcairns

I put a pretty detailed post of my CISSP experience...

http://www.techexams.net/forums/viewtopic.php?t=32374

The best advice (which I am sure you have heard) is use multiple sources.
And CCCURE / FreePracticeTests.org are amazing resources for the CISSP exam.

JDMurray

I'm scheduled for 11/16 and I'm already starting to freak out now. I've passed the SSCP, but there's soooooo much more material on the CISSP I don't know if I can keep it all in my brain. All I can do is study one day at a time and avoid long-term computer games (Spore, Warhammer Online) until after the exam.

I'm using AIO3 & 4, CISSP Gold Book, InfoSec Handbook (6th), NIST docs, cccure.org notes and forums, Yahoo and cccure.org CISSP mailing lists, and the variety of free CISSP study notes and tutorials available over the Web, such as:

http://www.guidetocissp.com/
http://www.securitydocs.com/Certifications/CISSP
http://www.issa-hr.org/index.php?name=CMODSDownload
http://www.veridion.net/fligne_eng.html
http://www.searchsecurity.com/CISSPessentials

LarryDaMan

Oct. 19th here...

I have a TON of stuff, but I am using Shon Harris and the OIG as my primary reads. I have most of the other major books as well. (Gold Book, Sybex, Dummies)

I have the Shon Harris, TestOut, and CBT Nuggets for video training. I ripped the Shon Harris videos into MP3s to play while driving or working.

I am fortunate to have access to a lot of materials through work and co-workers, plus all of the stuff I have purchased. I have more materials than I would ever have time to use, but it is helpful if a certain topic is not sticking with me.

I am big into flash cards to remember brief facts and concepts. I am probably up to 300 flash cards, I try to make atleast 10 per day. You would be suprised how much you can remember and maintain just be casually flipping through the cards everyday for a few minutes

What NIST documents is everyone reading?

down77

I almost forgot to list the NIST materials! Additionally I asked my boss for permission to print out our copies of ISO 17799, 27001:2005, and downloaded CoBIT 4.1 for a review.

A few of the NIST Docs to read:

NIST SP 800-12 - An introduction to computer security
NIST SP 800-18 - Guidelines for developing security plans
NIST SP 800-31 - Intrusion Detection Systems
NIST SP 800-34 - IT contingency planning guidelines NIST SP 800-34 *Great for BCP/DR Domain
NIST SP 800-41 - Guidelines on Firewalls and Firewall Policy **Rev1 posted 7-2008
NIST SP 800-42 - Security testing
NIST SP 800-48 - Wireless Network Security

mog27

Does anyone have the Preplogic audio CDs and if so how are they?

LarryDaMan

Most Prep Logic audio makes me very sleepy. It is very dry and the guy has a serious monotone

A lot of the videos translate pretty well if you rip them into MP3s. The Shon Harris videos are great as audio.

Some people think Prep Logic audio is great, so opinions differ, but I am not a fan.

JDMurray

LarryDaMan wrote:

Most Prep Logic audio makes me very sleepy. It is very dry and the guy has a serious monotone

Ya, I've heard samples of them and they do have a "Nation Public Radio"-like quality about them. The information sounded good, tho.

LarryDaMan

down77 wrote:

I almost forgot to list the NIST materials! Additionally I asked my boss for permission to print out our copies of ISO 17799, 27001:2005, and downloaded CoBIT 4.1 for a review.

A few of the NIST Docs to read:

NIST SP 800-12 - An introduction to computer security
NIST SP 800-18 - Guidelines for developing security plans
NIST SP 800-31 - Intrusion Detection Systems
NIST SP 800-34 - IT contingency planning guidelines NIST SP 800-34 *Great for BCP/DR Domain
NIST SP 800-41 - Guidelines on Firewalls and Firewall Policy **Rev1 posted 7-2008
NIST SP 800-42 - Security testing
NIST SP 800-48 - Wireless Network Security

Ugh, I live literally next door to NIST. When I pick up my daugher from school everyday, the route is such that I pass by both of the main entrances. The huge NIST signs haunt me... reminding me that I must read these documents again!

I need to get a job there so I can walk to work.

down77

I feel your pain! I just got finished reading the first 3 NIST publications and ISO 27001 (thankfully that one wasn't too long). 52 days left until the exam and I'm starting to review the Shon Harris material as well as re-read the AIO a second time (quarter of the way done, again). I'm saving the Overly review from CCCure for the last week before the exam.

I did find out that work scheduled me for an ITIL v3 upgrade 2 weeks before the exam... I'm not sure the impact it will have on the study time but the evenings will be concentrated on CBK domains rather than ITIL notes.

Hope everyone else is doing well in their CISSP studies!

JDMurray

I'm taking a few days off work before the exam for last-minute studying. A week before the exam all you can really look at are your notes to try and cram all the details into your head. The majority of my wrote memorization of detailed organization and lists (Orange Book, Common Criteria, crypto tables, investigation procedures, BGP/BIA/DRP processes, etc.) will be done at the 11th hour. I'll probably slack-off on the telcom domain if I need to save time.

I will say that I'm learning a lot of new stuff studying for this exam. It's fascinating how much of the CISSP's legal domain is applicable to the current Federal financial situation.

shednik

How long until your exam JD?

JDMurray

Sunday, 11/16/08. Not close enough to really panic (yet).

down77

JDMurray wrote:

Sunday, 11/16/08. Not close enough to really panic (yet).

52 days left my friend! I need to put in my vacation request to take the last 3 days off before the exam. I'll be using that time to do a last minute cram of information (I smell a marathon review session of the Shon Harris CBTs!!!!)

I have to agree, its interesting how so many corporations fell victim to lack of control processes. Part of the failure can also be related to Information Security and Risk Management domain; if they had executed an updated and thorough risk analysis they may have been able to identify the gaps and then implement the necessary policies and standards to help mitigate some of the financial damage that they are currently experiencing. I guess this is why they say the CISSP is for the "C" level as well as for the IT minions.

JDMurray

down77 wrote:

I have to agree, its interesting how so many corporations fell victim to lack of control processes. Part of the failure can also be related to Information Security and Risk Management domain; if they had executed an updated and thorough risk analysis they may have been able to identify the gaps and then implement the necessary policies and standards to help mitigate some of the financial damage that they are currently experiencing. I guess this is why they say the CISSP is for the "C" level as well as for the IT minions.

I blame it on the lack of enforcement of the existing regulations. Administrative laws were already in place, but part of the system of check-and-balances that governs the "gray areas" was being ignored for a variety of reasons from, "Look how much money we are making!" to "I don't want to make waves so I won't be fired!" It's just amazing how many people think that America is a bottomless pit of wealth and they can grab from it what they can without there being any consequences. It's no wonder that resisting temptation is a fundamental lesson in most religions.

Paul Boz

I've considered taking it at the end of the year in New Orleans but I'm just going to wait and deal with the changes to the exam. I went from being able to study 4-5 hours a day to maybe 1-2 because my new job is very demanding. I hope they don't change up the exam too much.

LarryDaMan

Got my 21-Day Warning/Admission Letter this morning!

I worked on Cryptography for at least 9 hours yesterday. I gotta believe it will be one of my top 3 strongest domains... but I'll never know that because passers don't get a score.

I took two days off before my bootcamp, so I will have a Thursday-Sunday mini camp at home before it starts. My goal all along was to walk into the bootcamp being able to pass on day one, and just use the time at camp for distraction free studying. If I learn something new, it will be a bonus.

When I started studying for real about 2 months ago, I made this nifty spread sheet to keep track of every practice question that I took. It breaks it down by domain and then totals everything. I will use that as an indicator of where to focus on those last few days. I also scribble down in a notebook every topic that I don't FULLY grasp, so I can wiki/google it at a later time.

So far I have taken 1755 practice questions from Shon Harris, OIG, Transcender, CCCURE, Preplogic, Expresscerts (ISC2).... and I have about an 80%. Most of my worst scores were in July and August... so I have improved.

I will frankly and freely admit that I am obsessed with this, and to think all of this was voluntary on my part, no one seems to care too much at work. I am even flipping through flash cards during football today, THAT is dedication.

Good luck to everyone else.

JDMurray

LarryDaMan wrote:

I took two days off before my bootcamp, so I will have a Thursday-Sunday mini camp at home before it starts. My goal all along was to walk into the bootcamp being able to pass on day one, and just use the time at camp for distraction free studying. If I learn something new, it will be a bonus.

That's the way to do it. The recommendation is that people should start studying 2-3 months before a bootcamp so they will be prepared to understand the information that's being thrown to them at light-speed. People who walk into a bootcamp unprepared and thinking that they'll be taught everything they need to know for the exam usually don't do very well because the information is presented so quickly and there's no time to fully understand it only in class.

LarryDaMan wrote:

When I started studying for real about 2 months ago, I made this nifty spread sheet to keep track of every practice question that I took. It breaks it down by domain and then totals everything. I will use that as an indicator of where to focus on those last few days. I also scribble down in a notebook every topic that I don't FULLY grasp, so I can wiki/google it at a later time.

So far I have taken 1755 practice questions from Shon Harris, OIG, Transcender, CCCURE, Preplogic, Expresscerts (ISC2).... and I have about an 80%. Most of my worst scores were in July and August... so I have improved.

I'm taking a more cognitive approach, where I keep track of the possible exam question topics and gauge my progress by my ability to give a 1-2 minute speech on each concept. The practice exams are just to find factual and reasoning details that I may have missed. And because most of the practice exams questions out there aren't of the same format and quality of the actual CISSP exams, I don't put much stock in the scores that I get; I'm just using the questions as fodder for data mining and stamina-training my brain.

LarryDaMan

JDMurray wrote:

I'm taking a more cognitive approach, where I keep track of the possible exam question topics and gauge my progress by my ability to give a 1-2 minute speech on each concept.

Good approach. If you can potentially give a knowledgeable 1 minute speech on every concept, you will surely pass.

I look at practice questions as a gage of progress and as brain conditioning. There are a finite number of topics and a finite number of ways to ask about them, so taking many practice questions from several different sources helps me gain confidence and identify weaknesses.

Also, the test is a mental and physical challenge, so forcing myself to take 150 questions at 10pm after a long day of work and sitting in traffic is a good way to simulate the fatigue and stress that the exam may bring.

There is more than one way to skin a cat however, I just prefer to take a lot of practice questions... but nothing can substitute for sticking your nose in a book.

JDMurray

LarryDaMan wrote:

Good approach. If you can potentially give a knowledgeable 1 minute speech on every concept, you will surely pass.

There is more than one way to skin a cat however, I just prefer to take a lot of practice questions... but nothing can substitute for sticking your nose in a book.

I really do enjoy learning through practice questions. But I get to a point where I just can't face reading large blocks of text anymore, and I'd rather do practice questions or watch/listen to training material instead. But at 10PM at night, I'm either writing software or playing computer games, and not trying to memorize vast sums of knowledge.

alangoh03

Hi guys

Would like to check whether the new requirement introduced in Oct this year include any syallabus changes.

I am using the Official (ISC)2 CISSP textbook published in 2004. Are there any update to the required 10 CBK domains? If yes, where can I find the difference.

Thanks a lot in advance

Warm regards,
Alan

JDMurray

alangoh03 wrote:

Would like to check whether the new requirement introduced in Oct this year include any syallabus changes.

There were changes in October 2007 that renamed a few domains and added the requirement of getting an endorser. To what changes this year are you referring?

alangoh03 wrote:

I am using the Official (ISC)2 CISSP textbook published in 2004. Are there any update to the required 10 CBK domains? If yes, where can I find the difference.

You need the 2007 edition of the Official (ISC)2 Guide to the CISSP CBK for the latest material. Shon Harris' All-in-One 4th ed. is also highly recommended.

alangoh03

JDMurray wrote:

alangoh03 wrote:

Would like to check whether the new requirement introduced in Oct this year include any syallabus changes.

There were changes in October 2007 that renamed a few domains and added the requirement of getting an endorser. To what changes this year are you referring?

alangoh03 wrote:

I am using the Official (ISC)2 CISSP textbook published in 2004. Are there any update to the required 10 CBK domains? If yes, where can I find the difference.

You need the 2007 edition of the Official (ISC)2 Guide to the CISSP CBK for the latest material. Shon Harris' All-in-One 4th ed. is also highly recommended.

I have the Official (ISC)2 guide to the CISSP Exam (C) 2004. Do you know what are the domains that are renamed? Hopefully, I don't need to buy the 2007 edition.

JDMurray

alangoh03 wrote:

I have the Official (ISC)2 guide to the CISSP Exam (C) 2004. Do you know what are the domains that are renamed? Hopefully, I don't need to buy the 2007 edition.

All of that information is on www.isc2.org. The pages on that site are also filled with information that might be on the exam too, so you really need to become familiar with it. And it's best not to use CISSP prep materials that are older than three years, so you may want to upgrade your study materials.

down77

Well it looks like the 2 exam dates here in town were both canceled... I will have to wait until december to take the test and drive 4hrs away. This has me a little nervous because I will have to adjust my work/school schedule and ensure to balance the load with continued studying.

I spoke with ISC2 this afternoon and they assured me that the december attempt would have a higher chance of going through. They also asked that I sit with the person who will provide the endorsement ahead of time if possible to have them "assist" in ensuring my experience meets the requirements. This won't be a problem and seemed to be a general suggestion which I can appreciate. My endorser is a coworker who I have worked with for the last 3 years.

LarryDaMan good luck this weekend with the exam and please do give feedback on your experience.

LarryDaMan

Thanks man. Sorry about your test cancellation, during this process I have definitely noticed a lot of problems with ISC2 from an organization/business/bureaucracy perspective. Not much anyone can do about it, because the actual certification is well respected, and we want it!

This bootcamp has been really mentally draining so far. It's 10-12 hour days with 2-3 hours a day group study outside of class. We do breakfast and lunch at our tables, it is literally non-stop. 5 domains down, 5 to go.

I feel good about 99% percent of the areas being highlighted, so confidence is high... but I am SO tired. Eat, sleep, CISSP... that's about it.

Good luck and of course I will be happy to provide any tips that I can after I get that congratulations e-mail.

JDMurray

Exactly 30 days to go for me. I need to start writing up the areas of my notes that I really need to memorize in detail for the exam. This is also where running through practice tests will do me the most good. I can't wait to one day do something other than lug around heavy CISSP books.

down77

I guess its about 52 days left for me now, should have been ~30. I'm submitting my application tomorrow so that I can reserve my seat for the out of town venue.

Keeping my fingers cross that all 3 of us pass... in the meantime going over my 2nd pass on Operational security and then to read the CBK a second time as well.

RTmarc

I'm sure you'll all do fine. One thing to remember, as difficult as it will be, leave the anxiety at the test center. Everyone that I have encountered - including myself - felt like they failed the exam when they left. Most of us passed. Some didn't. Everyone that I've talked with that said they felt good about it were rudely surprised when they received their failure notice.

What it boils down to, you are going to feel like crap when you leave. My advice is to not even think about it. Leave that garbage at the testing center because it is going to do nothing but eat at you until you get the scores if you bring it along with you.

Good luck!

JDMurray

I'm sure that I'll be drinking heavily that evening.

LarryDaMan

Test taken. It sucked. The waiting begins.