Question? For JD?

LarryDaMan

This is for JD, but feedback from anyone would be great...

Aside from "mainstream" study materials (books, videos, practice tests..etc..), what else are you using?

Which NIST documents will you look at?
Any other standards or government documents or whitepapers?
Besides cccure.org/techexams what other study related groups or boards do you recommend?
Any other alternative study tools you could recommend?

I have done plenty of research into these very things, but I wanted to get opinions and see what I may have missed.

There are plently of people who have passed the CISSP browsing through 1 book for a short time and yet others who studied mass amounts of material for over a year... I think both ends of that spectrum are a little extreme for me, but with 7 weeks left, I am trying to devour as much as I can...

Thanks!

dynamik

My typical method for studying something like this is to just research a topic I want to understand better. Type it into Wikipedia, Google, etc. and see whatever I can find. Just keep following the links until you're satisfied

JDMurray

NIST Special Publications and ISO 27001 (formerly ISO 17799) are big keys to understanding the material in the CISSP CBK and how the (ISC)2 thinks about InfoSec. (I don't know if it's worth looking at BS 7799 anymore.) Most ISO documents are not freely available, and I don't have a copy of ISP 27001, so I've been relying on second-hand write-ups that interpret what it says. For NIST Special Publications docs, look for the titles that correspond to the domains of the CISSP CBK or are generic guides or guidelines (especially "Federal"), such as 800-12, 800-14, 800-21, 800-34, 800-35, 800-42, 800-64, etc. You can also skim the SP titles and check which ones coorispond to the topics you've already seen in CISSP study guides.

down77

If you are using the Shon Harris AIO 4th edition she gives recommended NIST SP readings for practically each domain as well as other sources of material. Unfortunately a few of the personal and university links are no longer active but the majority of them are there.

JDMurray

The only NIST docs I found in the AIO4 references sections are: 7, 12, 16, 26, 30, 32, 33, 34, 55, 60, and 66. It looks like 30, 34 and 60 are real important ones. Is there a formal list somewhere?

I really don't like the way the author includes URL throughout AIO. Many of those links are broken or subject to changes (e.g., Wikipedia). I'd rather she have a companion Web page for the AIO on her site, www.LogicalSecurity.com, that is continually updated as needed.

down77

JDMurray wrote:

The only NIST docs I found in the AIO4 references sections are: 7, 12, 16, 26, 30, 32, 33, 34, 55, 60, and 66. It looks like 30, 34 and 60 are real important ones. Is there a formal list somewhere?

I really don't like the way the author includes URL throughout AIO. Many of those links are broken or subject to changes (e.g., Wikipedia). I'd rather she have a companion Web page for the AIO on her site, www.LogicalSecurity.com, that is continually updated as needed.

I definately agree with the need to update the links on her site or under the publishers site. In the interim, might I suggest a coordinate effort to update the sticky (or add one) with recommended NIST SP 800 readings?

JDMurray

down77 wrote:

I definitely agree with the need to update the links on her site or under the publishers site. In the interim, might I suggest a coordinate effort to update the sticky (or add one) with recommended NIST SP 800 readings?

I can't do stickies in the security forums, but I can make a blog posting. Actually, I'll probably be posting a lot of my study notes as blog articles as well. One day, TE will have a working Wiki and we can all use it to collaborate on writing a common collection of technotes to study from.

astorrs

JDMurray wrote:

One day, TE will have a working Wiki and we can all use it to collaborate on writing a common collection of technotes to study from.

Is this just a dream of yours, or a reality that's being worked on?

dynamik

astorrs wrote:

JDMurray wrote:

One day, TE will have a working Wiki and we can all use it to collaborate on writing a common collection of technotes to study from.

Is this just a dream of yours, or a reality that's being worked on?

I've always thought something like that would be awesome. With all the talent we have here, we could develop an amazing number of extremely high-quality resources.

JDMurray

dynamik wrote:

astorrs wrote:

JDMurray wrote:

One day, TE will have a working Wiki and we can all use it to collaborate on writing a common collection of technotes to study from.

Is this just a dream of yours, or a reality that's being worked on?

I've always thought something like that would be awesome. With all the talent we have here, we could develop an amazing number of extremely high-quality resources.

It's on the TODO list for the future TE site upgrades, but there's currently no estimated time of availability.

A TE TechNotes Wiki project would require supervision by the moderators, the TechNotes would be worked on by approved members in a non-public area, and the TechNote would need to be edited for correctness and continuity before they were made public. That's a significant project to manage. I'm also not sure how much actual continual contributions we would get from the TE community. Most of us have a full-time job, families, and are studying for certs. I know that I don't have the time to blog nearly as much as I'd like because of those factors. I've tried writing TechNotes for the MCTS .NET exams and it does take a big chunk of your personal time.

astorrs

JDMurray wrote:

It's on the TODO list for the future TE site upgrades, but there's currently no estimated time of availability.

A TE TechNotes Wiki project would require supervision by the moderators, the TechNotes would be worked on by approved members in a non-public area, and the TechNote would need to be edited for correctness and continuity before they were made public. That's a significant project to manage. I'm also not sure how much actual continual contributions we would get from the TE community. Most of us have a full-time job, families, and are studying for certs. I know that I don't have the time to blog nearly as much as I'd like because of those factors. I've tried writing TechNotes for the MCTS .NET exams and it does take a big chunk of your personal time.

By requiring an approval process you're kind of going away from the whole Wiki mentality. It's the community that ensures the content is correct with mods to enforce copyright and anything inappropriate - or at least it should be - what you're proposing could be just as easily done by writing a complete TechNote and emailing it to Johan. The problem with that is I and probably others don't have time (like you said) to write entire articles on our own, but coaborating with others on them would be very doable. I think with that model you would get sufficient support from the members, anyway - something to think about...

dynamik

astorrs wrote:

JDMurray wrote:

It's on the TODO list for the future TE site upgrades, but there's currently no estimated time of availability.

A TE TechNotes Wiki project would require supervision by the moderators, the TechNotes would be worked on by approved members in a non-public area, and the TechNote would need to be edited for correctness and continuity before they were made public. That's a significant project to manage. I'm also not sure how much actual continual contributions we would get from the TE community. Most of us have a full-time job, families, and are studying for certs. I know that I don't have the time to blog nearly as much as I'd like because of those factors. I've tried writing TechNotes for the MCTS .NET exams and it does take a big chunk of your personal time.

By requiring an approval process you're kind of going away from the whole Wiki mentality. It's the community that ensures the content is correct with mods to enforce copyright and anything inappropriate - or at least it should be - what you're proposing could be just as easily done by writing a complete TechNote and emailing it to Johan. The problem with that is I and probably others don't have time (like you said) to write entire articles on our own, but coaborating with others on them would be very doable. I think with that model you would get sufficient support from the members, anyway - something to think about...

I meant to reply to this, but I forgot. It worked out because he basically said what I was going to, so that saved me some time. I can understand the need for something like requiring edits to be approved, so people don't just vandalize it. However, there's always going to be errors and plagiarism, and all we can do is respond to those sorts of things as they're discovered. Like he said, what you're describing really doesn't sound like a wiki at all, and I don't see how that would be significantly different than the way the current technotes are done.

JDMurray

There is the philosophy of Wiki as community-tended source of information, and the technology of Wiki as a content management system. The use of the technology does not obligate anyone to subscribe to the philosophy. TE's ultimate goal is to generate useful, high-quality content using the most efficient means possible. It's possible that the Wiki philosophy might not be the best means for that ends. That decision is not mine to make; I'm only suggesting a reasonable way that it may be achieved.

dynamik

Continued here.

Kaminsky

dynamik wrote:

astorrs wrote:

JDMurray wrote:

One day, TE will have a working Wiki and we can all use it to collaborate on writing a common collection of technotes to study from.

Is this just a dream of yours, or a reality that's being worked on?

I've always thought something like that would be awesome. With all the talent we have here, we could develop an amazing number of extremely high-quality resources.

Folks still wouldn't read the subnetting Wiki /sigh