for those that took the cissp recentlywhat info. did you study for the "new" domains?

looking to take my CISSP when I get back from my deployment in January. i know they just updated the CISSP with new domains, etc... what did any recent test takers use to study up on the new information that is now being tested? i already have harris and conrads books based on the old test (going to order conrads new book next month when it comes out)...i have a long time to study (6 months) and want to really knock this test out of the ball park when i sit for it come jan/feb so let me know what you used to pass the test with the new information/domains...

(***note: i am already up to speed on the rest of the CISSP, just need to know what to use to study for the new stuff on the cissp ****)

Find more posts tagged with

Comments

universalfrost

so nobody has taken the CISSP new domains seriously???? must not have been very many questions on the exam for the new information..... correct me if i am wrong....

paul78

I think that perhaps the challenge is that anyone that took the previous exam will not be familiar with the newer materials and similarly anyone taking the new materials will not have any context on the old stuff.

When the updated domains were published, I did review the Candidate Information Bulletins - you can find it here - https://www.isc2.org/cib/default.aspx. The updates are explained on what changed and was added.

I haven't read the new CBK but my initial impression of the new changes is that the material is a lot more relevant to today's world and some of the nomenclature used is more consistent.

In the previous ISC2 materials, I had thought that coverage on certain areas like software development and legal was a bit too light. And there was focus in areas of networking which I thought was a bit obsolete.

If you are up-to-date on your foundational knowledge, the new materials should actually make it easier.

Good luck.

ps. Congrats on passing your PMP (I saw that in another thread)

JDMurray

paul78 wrote: »

In the previous ISC2 materials, I had thought that coverage on certain areas like software development and legal was a bit too light. And there was focus in areas of networking which I thought was a bit obsolete.

Software enginnering really requires specialized experience to understand well, even in the context of application security, so it's not suprising that the CISSP CBK's "inch deep" coverage seems hardly sufficient to explain it thoroughly. You'll need to suppliment with additional references from the CISSP CIB.

The CISSP is global InfoSec exam, and therefore it's not likely to have detailed legal information for any one country (i.e., the USA). It may be that the US CISSP exam has legal questions that won't appear in non-US CISSP exams, but it probably won't be too deep.

The (ISC)2 has always considered it important for InfoSec professionals to know the (short) history of how their profession has evolved. This is why you are likely to see deprecated and obsolete technologies (e.g., token ring, DOS, Netware, Orange Book) mentioned in the CISSP CBK.

paul78

I guess I was always surprised that the previous CBK didn't really cover aspects of software development such as threat modeling, risk assessments, or penetration testing. And I don't recall if there was even any mention of any application of security in Agile frameworks. I'm wasn't really envisioning anything too in-depth or even specialized.

I do agree that the legal information should not be US-centric. I should have clarified. I was preferring to the limited content on privacy. The legal aspects of privacy vary tremendously across the world and in some parts of the world the concept of legal identity is quite different than in the US. Given the global aspects of internet security, I am hoping the that new CBK updates cover the various differences a bit more.

I don't actually don't object to ISC2's use of deprecated technologies. I actually am a proponent of providing historical context, I thought that the way that the CBK lays out the history of Cryptography is very good.

Ultimately though, to pass the exam, it doesn't really matter what I think should be in the CBK

it's pretty much what the ISC2 says is the "common knowledge" that counts. But I guess that's true for any certifying body.

Lob

I did my course before the changes and the exam after the changes. I'd say there is little change to hamper a budding CISSP assuming that daily business for that person is a role dedicated to security. The changes are largely a modernisation of the CBK to reflect the challenges we have before us today.

https://www.isc2.org/uploadedFiles/Credentials_and_Certifcation/About_Our_Credentials_and_Process/2012-CIB-Updates.pdf

The updates also reflect what you should be aiming to achieve with your CPEs

Jcast

universalfrost wrote: »

looking to take my CISSP when I get back from my deployment in January. i know they just updated the CISSP with new domains, etc... what did any recent test takers use to study up on the new information that is now being tested? i already have harris and conrads books based on the old test (going to order conrads new book next month when it comes out)...i have a long time to study (6 months) and want to really knock this test out of the ball park when i sit for it come jan/feb so let me know what you used to pass the test with the new information/domains...

(***note: i am already up to speed on the rest of the CISSP, just need to know what to use to study for the new stuff on the cissp ****)

I took and passed the test in June. I used Shon Harris' 5th edition exam guide and CCCure to study.

!nf0s3cure

As I understood it, they have realigned the domains and updated them, not introduce new ones. Can some one confirm this?

universalfrost

i know about the realigning of the domains, but i was under the impression that they added a lot on virtual computing (VM's, etc..) and security associated with it.. would be interesting if they did , since more and more that is the way the server side is going and even the end users are many times on a machine that is nothing more than a thin client (even if they don't know it).

Iristheangel

According to the official ISC2 instructor who was running my bootcamp a couple of months ago, not much was added in terms of content. She claims (I can neither deny nor confirm 100% since I took the test about 2 months ago) that ISC2 changed a couple domain names but the core content is the same.

Jcast

universalfrost wrote: »

i know about the realigning of the domains, but i was under the impression that they added a lot on virtual computing (VM's, etc..) and security associated with it.. would be interesting if they did , since more and more that is the way the server side is going and even the end users are many times on a machine that is nothing more than a thin client (even if they don't know it).

I took the test on June 26th and if I saw 1 question on virtualization that was a lot.

JDMurray

paul78 wrote: »

I guess I was always surprised that the previous CBK didn't really cover aspects of software development such as threat modeling, risk assessments, or penetration testing. And I don't recall if there was even any mention of any application of security in Agile frameworks. I'm wasn't really envisioning anything too in-depth or even specialized.

Look at the CSSLP certification to cover those topics.