for those that took the cissp recentlywhat info. did you study for the "new" domains?
universalfrost
Member Posts: 247
in SSCP
looking to take my CISSP when I get back from my deployment in January. i know they just updated the CISSP with new domains, etc... what did any recent test takers use to study up on the new information that is now being tested? i already have harris and conrads books based on the old test (going to order conrads new book next month when it comes out)...i have a long time to study (6 months) and want to really knock this test out of the ball park when i sit for it come jan/feb so let me know what you used to pass the test with the new information/domains...
(***note: i am already up to speed on the rest of the CISSP, just need to know what to use to study for the new stuff on the cissp ****)
(***note: i am already up to speed on the rest of the CISSP, just need to know what to use to study for the new stuff on the cissp ****)
"Quando Omni Flunkus Moritati" (when all else fails play dead) -Red Green
Comments
-
universalfrost Member Posts: 247so nobody has taken the CISSP new domains seriously???? must not have been very many questions on the exam for the new information..... correct me if i am wrong...."Quando Omni Flunkus Moritati" (when all else fails play dead) -Red Green
-
paul78 Member Posts: 3,016 ■■■■■■■■■■I think that perhaps the challenge is that anyone that took the previous exam will not be familiar with the newer materials and similarly anyone taking the new materials will not have any context on the old stuff.
When the updated domains were published, I did review the Candidate Information Bulletins - you can find it here - https://www.isc2.org/cib/default.aspx. The updates are explained on what changed and was added.
I haven't read the new CBK but my initial impression of the new changes is that the material is a lot more relevant to today's world and some of the nomenclature used is more consistent.
In the previous ISC2 materials, I had thought that coverage on certain areas like software development and legal was a bit too light. And there was focus in areas of networking which I thought was a bit obsolete.
If you are up-to-date on your foundational knowledge, the new materials should actually make it easier.
Good luck.
ps. Congrats on passing your PMP (I saw that in another thread) -
JDMurray Admin Posts: 13,092 AdminIn the previous ISC2 materials, I had thought that coverage on certain areas like software development and legal was a bit too light. And there was focus in areas of networking which I thought was a bit obsolete.
The CISSP is global InfoSec exam, and therefore it's not likely to have detailed legal information for any one country (i.e., the USA). It may be that the US CISSP exam has legal questions that won't appear in non-US CISSP exams, but it probably won't be too deep.
The (ISC)2 has always considered it important for InfoSec professionals to know the (short) history of how their profession has evolved. This is why you are likely to see deprecated and obsolete technologies (e.g., token ring, DOS, Netware, Orange Book) mentioned in the CISSP CBK. -
paul78 Member Posts: 3,016 ■■■■■■■■■■I guess I was always surprised that the previous CBK didn't really cover aspects of software development such as threat modeling, risk assessments, or penetration testing. And I don't recall if there was even any mention of any application of security in Agile frameworks. I'm wasn't really envisioning anything too in-depth or even specialized.
I do agree that the legal information should not be US-centric. I should have clarified. I was preferring to the limited content on privacy. The legal aspects of privacy vary tremendously across the world and in some parts of the world the concept of legal identity is quite different than in the US. Given the global aspects of internet security, I am hoping the that new CBK updates cover the various differences a bit more.
I don't actually don't object to ISC2's use of deprecated technologies. I actually am a proponent of providing historical context, I thought that the way that the CBK lays out the history of Cryptography is very good.
Ultimately though, to pass the exam, it doesn't really matter what I think should be in the CBK it's pretty much what the ISC2 says is the "common knowledge" that counts. But I guess that's true for any certifying body. -
Lob Member Posts: 25 ■■■□□□□□□□I did my course before the changes and the exam after the changes. I'd say there is little change to hamper a budding CISSP assuming that daily business for that person is a role dedicated to security. The changes are largely a modernisation of the CBK to reflect the challenges we have before us today.
https://www.isc2.org/uploadedFiles/Credentials_and_Certifcation/About_Our_Credentials_and_Process/2012-CIB-Updates.pdf
The updates also reflect what you should be aiming to achieve with your CPEs -
Jcast Member Posts: 51 ■■□□□□□□□□universalfrost wrote: »looking to take my CISSP when I get back from my deployment in January. i know they just updated the CISSP with new domains, etc... what did any recent test takers use to study up on the new information that is now being tested? i already have harris and conrads books based on the old test (going to order conrads new book next month when it comes out)...i have a long time to study (6 months) and want to really knock this test out of the ball park when i sit for it come jan/feb so let me know what you used to pass the test with the new information/domains...
(***note: i am already up to speed on the rest of the CISSP, just need to know what to use to study for the new stuff on the cissp ****) -
!nf0s3cure Member Posts: 161 ■■□□□□□□□□As I understood it, they have realigned the domains and updated them, not introduce new ones. Can some one confirm this?
-
universalfrost Member Posts: 247i know about the realigning of the domains, but i was under the impression that they added a lot on virtual computing (VM's, etc..) and security associated with it.. would be interesting if they did , since more and more that is the way the server side is going and even the end users are many times on a machine that is nothing more than a thin client (even if they don't know it)."Quando Omni Flunkus Moritati" (when all else fails play dead) -Red Green
-
Iristheangel Mod Posts: 4,133 ModAccording to the official ISC2 instructor who was running my bootcamp a couple of months ago, not much was added in terms of content. She claims (I can neither deny nor confirm 100% since I took the test about 2 months ago) that ISC2 changed a couple domain names but the core content is the same.
-
Jcast Member Posts: 51 ■■□□□□□□□□universalfrost wrote: »i know about the realigning of the domains, but i was under the impression that they added a lot on virtual computing (VM's, etc..) and security associated with it.. would be interesting if they did , since more and more that is the way the server side is going and even the end users are many times on a machine that is nothing more than a thin client (even if they don't know it).
-
JDMurray Admin Posts: 13,092 AdminI guess I was always surprised that the previous CBK didn't really cover aspects of software development such as threat modeling, risk assessments, or penetration testing. And I don't recall if there was even any mention of any application of security in Agile frameworks. I'm wasn't really envisioning anything too in-depth or even specialized.