Beginnins CISSP training

dorawedorawe Member Posts: 106
Everyone,
I just passed the Security+ exam yesterday(852) and promised myself that I would take some time off before beginning the CISSP training, but I find myself a bit ancy to start gathering information about it. I've heard from recent posts that the Shon Harris AIO ver4 is a good book to use, but could anyone offer additional study material for this?

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,890 Admin
    I highly recommend reading as many of the postings in the CISSP forums at www.cccure.org as possible--especially those that talk about CISSP exam item topics. Doing so really helps to understand how to interpret the exam questions and what the philosophy behind the CISSP CBK is. I was able to read several hundred of the postings and it helped me.
  • dorawedorawe Member Posts: 106
    Thanks JD, I'll definitely head over there. I read somewhere (probably here on TE) that the CISSP is geared more towards a manager's thought process, instead of the nuts-and-bolts approach that a technician would take. Is that a correct assessment?
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,890 Admin
    Yeah, there is technical information in the exam, but the approach to solving for the correct answer is more from the managerial thought process. In fact, it's possible to over-think the exam items from a technical point of view and get yourself into an "analysis paralysis" situation. It you find this is happening to you, realize that deep technical knowledge isn't required to pass the CISSP exam, so you need to switch to a different tactic for solving the problem.
  • dorawedorawe Member Posts: 106
    Do you know if/when there will be an update to the exam next year? I am going to shoot for sitting within the first four months of 2010, but don't want to get blind-sided by a change in the criteria if that will happen early next year.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,890 Admin
    The (ISC)2 exams do not go through major revisions like other IT cert exams do. The changes are made gradually, typically in the form of items being retired and new items be added. The CISSP objectives (in the Candidate Information Bulletin) are occasionally updated to add new topics, but older topics are rarely (if ever) dropped. For example, you'll still need to know about the older Orange Book in addition to the newer Common Criteria.

    Shon Harris posted a blog article about upcoming changes in the CISSP exam, which is mostly about new and updated topics. She's does not work directly with the (ISC)2 (just the opposite, in fact), so I have no idea how accurate the info in her blog article is.
  • dorawedorawe Member Posts: 106
    Thanks again for the info. Right now, I'm a bit intimidated by this one, but it could also be from the urgency I feel to get this cert under my belt fast. My current employer was bought out earlier this year, and as a result I will be out of a job in June of 2010.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,890 Admin
    Do you have at least five years of verifiable InfoSec work experience in at least two of the CISSP CBK domains? That's a requirement to get the CISSP cert (four years if you have a 4-year college degree).
  • dorawedorawe Member Posts: 106
    Yes, in Access Controls and Application Security. It has mostly been focused on the various ERP systems that the company has used (BPCS, SAP)
  • mukuljackmukuljack Member Posts: 25 ■□□□□□□□□□
    HI Guys,
    I have one question.
    The one of the requirement of CISSP is that the candidate must have exp in two domains.Now who actually verifies this requirment.If its the mentor(already CISSP),is there any requirement for making some one as your mentor?


    Thanks
    Mukul
    Mukul
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,890 Admin
    The purpose of the endorser is to perform a preliminary investigation of your qualifications to become CISSP-certified. This includes verifying your work experience. The (ISC)2 then may decide to do a further audit beyond the endorser's recommendation.
Sign In or Register to comment.