Favorite CISSP domain? Least favorite?

Paul BozPaul Boz Member Posts: 2,621 ■■■■■■■■□□
There's almost zero actual content on this board beyond "pass/fail" threads or people asking what resources to use for the umpteenth time. It feels like people get the cert for the sake of having it and not for increasing one’s knowledge. I'd like to see more content related to the CBK and knowledge learned from the various domains. I'll get the dialogue rolling by asking the above question: What is your favorite CISSP domain? What's your least favorite? Why?

For me, I really enjoy physical security. I think the reason is because it deviates the furthest from what would be considered traditional IT so the material stimulates my brain because it doesn’t feel like “work”. At my last job I had to do physical security inspections and the physical security domain gave me much more insight into that side of my job than any other domain did for any other parts of my job. It also has a tangible impact on the way I perceive the buildings and security around me. I can’t walk into a Subway sandwich shop without observing camera placement.

I’m sure 9/10 people that respond to this will say that access control is their least favorite domain and I am in that bucket. I really have to peel my eyes back open to be able to churn through RBAC, Biba, Bell-LaPadula, etc. While this is great information to have, it has zero relevance to my current environment and certainly little to no value in my last job. The information is largely theoretical for non-DoD or government work and while I understand the value of the access models, its hard to embrace the information because I will more than likely never use it.

I’m interested to hear what others feel about this subject.
CCNP | CCIP | CCDP | CCNA, CCDA
CCNA Security | GSEC |GCFW | GCIH | GCIA
[email protected]
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/

Comments

  • novovictusnovovictus Member Posts: 192
    I really didn't think access control was that bad, maybe because i have experience contracting on the public sector side.

    My favorites were Telecommunications and Network Security (obviously) and Cryptography, but you could have guessed that. They came very easy but shed light on the topics from a different angle.

    The three domains I struggled with the most where Bussiness Continuity and Disaster Recovery Planning, Information Security Governance and Risk Management, and Legal, Regulations, Investigations and Compliance and therefore where my least favorite. I really had a hard time with 'thinking like a manager'....
    Working on: Doctor of Information Technology Information Assurance and Security @ Capella
  • Paul BozPaul Boz Member Posts: 2,621 ■■■■■■■■□□
    I re-read the BCP/DRP domain in the Dummies book last night and its pretty straight forward with regards to the BCP/DRP development I did at my last job. The legal section is pretty awful though, I agree with you there.

    Is there anything that you learned through the CISSP study / certification process that you feel was particularly beneficial to your current job?
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    [email protected]
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • hustlin_moe20hustlin_moe20 Member Posts: 225
    Access Control is my fav with Crypto being my least fav, boooooooooo. Man I can't stand Crypto.
  • Paul BozPaul Boz Member Posts: 2,621 ■■■■■■■■□□
    Access Control is my fav with Crypto being my least fav, boooooooooo. Man I can't stand Crypto.

    Can you go into more details about what you liked and disliked about these subjects? I want to engage in a discussion with this thread. I honestly don't care about what domains you like and dislike so much as why you like and dislike them.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    [email protected]
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • botbillbotbill Member Posts: 48 ■■□□□□□□□□
    Nice post Paul Boz -
    My favorites are Crppto/Physical/Acces control. I deal with network/tele daily so it is a very strong domain for me. I thought Law Domain is very easy and it is a nice knowledge to have. My least would be Application, even though I interface with these developers daily but I am not in it.

    Cheers
    working on cissp, ceh and pmp
  • colemiccolemic Member Posts: 1,568 ■■■■■■■□□□
    Paul Boz wrote: »
    Is there anything that you learned through the CISSP study / certification process that you feel was particularly beneficial to your current job?


    Kind of - since I work for DoD, my 'value' comes more from knowing, and understanding, applicable DoD and Army regulations, policies, and requirements.

    It would be awesome if they came out with a DoD-centric version of CISSP... and would have a far greater value, since many of the tested principles don't necessarily apply (such as compliance with some fed. regs, like SOX or NCUA rules.)

    ETA, I will answer the original question here in a few minutes.
    Working on: CCSP, definitely, maybe. On the twitters: @mcole1008
  • colemiccolemic Member Posts: 1,568 ■■■■■■■□□□
    My least favorite was crypto, but it is probably one of the ones I have the least experience in... Again, since I work for DoD, even as an IA professional I have no visibilty into the COMSEC or crypto sides of the house.

    Information Security/Rm is probably the one I like the most, but then it is the one that I deal with every single day, so that may factor in as well. From a pure learning/hey-I-think-this-is-cool-stuff POV, I would Security Architecture and Design... but it's outside the scope of my position.
    Working on: CCSP, definitely, maybe. On the twitters: @mcole1008
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,900 Admin
    Paul Boz wrote: »
    I'd like to see more content related to the CBK and knowledge learned from the various domains.
    I haven't encouraged this type of discourse because people start talking about actual items they they've seen on the exam. I see this happening on other IT cert sites and I'm glad it very rare here.
    Paul Boz wrote: »
    What is your favorite CISSP domain? What's your least favorite? Why?
    I really like the Application Security and Telecom/Networking Security domains because that's mostly what I do for a living. The Risk Management and Legal/Reg/Comp domains are my favorites for stuff that I don't do, but I find very interesting. I really don't have a, " Boy, I hate that stuff," domain.
  • flippedmanflippedman Member Posts: 15 ■□□□□□□□□□
    I haven't even taken the test but I know I was weak in Cryptography, so I decided to make it a little fun and bought a book on the history of Cryptography. I read "The Code Book" by Simon Singh. It's a fun read, puts the history of Cryptography into context (esp. its importance in wartime) and gives details into how the great codebreakers of our time were able to break ciphers which were thought to be 'unbreakable'.

    I highly recommend it if you want to really get down the basics of encryption and have a fun read at the same time.
  • ibcritnibcritn Member Posts: 340
    Telecommunications and Network Security is by far my favorite!
    Why? I love networking and its my strongest background.

    Least favorite is Application and Systems Development Security.
    CISSP | GCIH | CEH | CNDA | LPT | ECSA | CCENT | MCTS | A+ | Net+ | Sec+

    Next Up: Linux+/RHCSA, GCIA
  • megatran808megatran808 Member Posts: 53 ■■■□□□□□□□
    Not a fan of application and operations security. The telecommunications is my favorite and easiest.
    "Love your Job, but never fall in love with your company....because you never know when your company stops loving you!"
Sign In or Register to comment.