How I Studied For, And Passed The CISSP Exam - David C. Brown

teancum144teancum144 Member Posts: 229 ■■■□□□□□□□
I found this on the web: It appears a bit dated, but I found parts of it useful - especially the information at the top of page 2.
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. :D

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,901 Admin
    This PDF article explains exam strategy for the paper-based CISSP exam, which is not useful anymore.

    I found the following opinions and assertions by the author to be uninformed and bordering on the bizarre:
    I did not use any of ISC2’s tests. I thought that they were way too expensive and since they were retired questions, I did not want to study old stuff.

    Additionally, I did not expect that they would really have my best interests at heart because their business model is to make money by selling tests and they make more if you fail.
  • teancum144teancum144 Member Posts: 229 ■■■□□□□□□□
    Yeah, like I said, dated. I agree with you that some parts seem off. Still, I found the following paragraphs useful:
    As I studied, I realized that the people who said that they had the most difficulty with the exam were technical people who had system/network administration experience and so I surmised that the CISSP exam must be slanted more toward a business manager’s perspective. I was right, so pretend that you are a consultant and are approaching assessing, implementation and maintenance of information How I Studied For, And Passed The security for a company from that view point and you will be better able to answer correctly. For example, if you are tasked to implement a business security program for your company. Where will you start? How will you convince management that they need to spend money on your project vs. another project? What types of encryption will you chose for security risks 1, 2, and 3, and why is that the best solution for that particular situation? Which IDS type will you place where and why? The difference is subtle but very important.

    You still must know the technical subject matter (OSI layers, crypto techniques, application development, security frameworks, access models, and such), but you must also know how to research and implement a complete Information security plan from a business management perspective, this where knowledge of policies, people, frameworks and money come into play. Shon’s video and AIO book are the best for this.
    If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. :D
Sign In or Register to comment.