Favorite CISSP domain? Least favorite?
There's almost zero actual content on this board beyond "pass/fail" threads or people asking what resources to use for the umpteenth time. It feels like people get the cert for the sake of having it and not for increasing one’s knowledge. I'd like to see more content related to the CBK and knowledge learned from the various domains. I'll get the dialogue rolling by asking the above question: What is your favorite CISSP domain? What's your least favorite? Why?
For me, I really enjoy physical security. I think the reason is because it deviates the furthest from what would be considered traditional IT so the material stimulates my brain because it doesn’t feel like “work”. At my last job I had to do physical security inspections and the physical security domain gave me much more insight into that side of my job than any other domain did for any other parts of my job. It also has a tangible impact on the way I perceive the buildings and security around me. I can’t walk into a Subway sandwich shop without observing camera placement.
I’m sure 9/10 people that respond to this will say that access control is their least favorite domain and I am in that bucket. I really have to peel my eyes back open to be able to churn through RBAC, Biba, Bell-LaPadula, etc. While this is great information to have, it has zero relevance to my current environment and certainly little to no value in my last job. The information is largely theoretical for non-DoD or government work and while I understand the value of the access models, its hard to embrace the information because I will more than likely never use it.
I’m interested to hear what others feel about this subject.
For me, I really enjoy physical security. I think the reason is because it deviates the furthest from what would be considered traditional IT so the material stimulates my brain because it doesn’t feel like “work”. At my last job I had to do physical security inspections and the physical security domain gave me much more insight into that side of my job than any other domain did for any other parts of my job. It also has a tangible impact on the way I perceive the buildings and security around me. I can’t walk into a Subway sandwich shop without observing camera placement.
I’m sure 9/10 people that respond to this will say that access control is their least favorite domain and I am in that bucket. I really have to peel my eyes back open to be able to churn through RBAC, Biba, Bell-LaPadula, etc. While this is great information to have, it has zero relevance to my current environment and certainly little to no value in my last job. The information is largely theoretical for non-DoD or government work and while I understand the value of the access models, its hard to embrace the information because I will more than likely never use it.
I’m interested to hear what others feel about this subject.
CCNP | CCIP | CCDP | CCNA, CCDA
CCNA Security | GSEC |GCFW | GCIH | GCIA
pbosworth@gmail.com
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/
CCNA Security | GSEC |GCFW | GCIH | GCIA
pbosworth@gmail.com
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/
Comments
-
novovictus Member Posts: 192I really didn't think access control was that bad, maybe because i have experience contracting on the public sector side.
My favorites were Telecommunications and Network Security (obviously) and Cryptography, but you could have guessed that. They came very easy but shed light on the topics from a different angle.
The three domains I struggled with the most where Bussiness Continuity and Disaster Recovery Planning, Information Security Governance and Risk Management, and Legal, Regulations, Investigations and Compliance and therefore where my least favorite. I really had a hard time with 'thinking like a manager'....Working on: Doctor of Information Technology Information Assurance and Security @ Capella -
Paul Boz Member Posts: 2,620 ■■■■■■■■□□I re-read the BCP/DRP domain in the Dummies book last night and its pretty straight forward with regards to the BCP/DRP development I did at my last job. The legal section is pretty awful though, I agree with you there.
Is there anything that you learned through the CISSP study / certification process that you feel was particularly beneficial to your current job?CCNP | CCIP | CCDP | CCNA, CCDA
CCNA Security | GSEC |GCFW | GCIH | GCIA
pbosworth@gmail.com
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/ -
hustlin_moe20 Member Posts: 225Access Control is my fav with Crypto being my least fav, boooooooooo. Man I can't stand Crypto.On deck; PMP, C|EH
Web: http://cyberresearchgroup.com
Facebook https://www.facebook.com/cyberresearchgroup
LinkedIn: www.linkedin.com/in/mauricemoore1 -
Paul Boz Member Posts: 2,620 ■■■■■■■■□□hustlin_moe20 wrote: »Access Control is my fav with Crypto being my least fav, boooooooooo. Man I can't stand Crypto.
Can you go into more details about what you liked and disliked about these subjects? I want to engage in a discussion with this thread. I honestly don't care about what domains you like and dislike so much as why you like and dislike them.CCNP | CCIP | CCDP | CCNA, CCDA
CCNA Security | GSEC |GCFW | GCIH | GCIA
pbosworth@gmail.com
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/ -
botbill Member Posts: 48 ■■□□□□□□□□Nice post Paul Boz -
My favorites are Crppto/Physical/Acces control. I deal with network/tele daily so it is a very strong domain for me. I thought Law Domain is very easy and it is a nice knowledge to have. My least would be Application, even though I interface with these developers daily but I am not in it.
Cheersworking on cissp, ceh and pmp -
colemic Member Posts: 1,569 ■■■■■■■□□□Is there anything that you learned through the CISSP study / certification process that you feel was particularly beneficial to your current job?
Kind of - since I work for DoD, my 'value' comes more from knowing, and understanding, applicable DoD and Army regulations, policies, and requirements.
It would be awesome if they came out with a DoD-centric version of CISSP... and would have a far greater value, since many of the tested principles don't necessarily apply (such as compliance with some fed. regs, like SOX or NCUA rules.)
ETA, I will answer the original question here in a few minutes.Working on: staying alive and staying employed -
colemic Member Posts: 1,569 ■■■■■■■□□□My least favorite was crypto, but it is probably one of the ones I have the least experience in... Again, since I work for DoD, even as an IA professional I have no visibilty into the COMSEC or crypto sides of the house.
Information Security/Rm is probably the one I like the most, but then it is the one that I deal with every single day, so that may factor in as well. From a pure learning/hey-I-think-this-is-cool-stuff POV, I would Security Architecture and Design... but it's outside the scope of my position.Working on: staying alive and staying employed -
JDMurray Admin Posts: 13,092 AdminI'd like to see more content related to the CBK and knowledge learned from the various domains.What is your favorite CISSP domain? What's your least favorite? Why?
-
flippedman Member Posts: 15 ■□□□□□□□□□I haven't even taken the test but I know I was weak in Cryptography, so I decided to make it a little fun and bought a book on the history of Cryptography. I read "The Code Book" by Simon Singh. It's a fun read, puts the history of Cryptography into context (esp. its importance in wartime) and gives details into how the great codebreakers of our time were able to break ciphers which were thought to be 'unbreakable'.
I highly recommend it if you want to really get down the basics of encryption and have a fun read at the same time. -
ibcritn Member Posts: 340Telecommunications and Network Security is by far my favorite!
Why? I love networking and its my strongest background.
Least favorite is Application and Systems Development Security.CISSP | GCIH | CEH | CNDA | LPT | ECSA | CCENT | MCTS | A+ | Net+ | Sec+
Next Up: Linux+/RHCSA, GCIA -
megatran808 Member Posts: 53 ■■■□□□□□□□Not a fan of application and operations security. The telecommunications is my favorite and easiest."Love your Job, but never fall in love with your company....because you never know when your company stops loving you!"