Options
CISSP frustrations
CyberCop123
Member Posts: 338 ■■■■□□□□□□
in CISSP
Just a minor thing, but I did want to vent about some parts of the CISSP, in particular the conceptual parts where it talks about BCP and DRPs. So much of it seems overly complex and wordy. There also appears to be a lot of different views on the same material and conflicting or slightly varying descriptions.
For example, the Eric Conrad book (the 600 page one) states:
Also:
The Eric Conrad book (the 600 page one) states:
Where as the Sybex book doesn't cover half of this, it simply goes over:
For example, the Eric Conrad book (the 600 page one) states:
- Recovery Time Objective (RTO) is the maximum time allowed to recovery business or IT systems
- Mean Time To Repair (MTTR) describes how long it will take to recover a failed system
Also:
The Eric Conrad book (the 600 page one) states:
- Maximum Tolerable Downtime (MTD)
- Recovery Point Objective (RPO)
- Recovery Time Objective (RTO)
- Work Recovery Time (WRT)
- Mean Time Between Failures (MTBF)
- Mean Time to Repair (MTTR)
- Minimum Operating Requirements (MOR)
Where as the Sybex book doesn't cover half of this, it simply goes over:
- Recovery Time Objective (RTO)
- Maximum Tolerable Outage (MTO) ... which is the same as Maximum Tolerable Downtime
My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
Comments
-
OptionsCyberCop123 Member Posts: 338 ■■■■□□□□□□Oh and one last thing, the test questions at the end of the chapter in the Conrad book...
Q: What is the primary goal of disaster recovery planning (DRP)
A) Integrity of Data
Preservation of Business Capital
C) Restoration of Business Processes
D) Safety of Personnel
..................................... what do you think?
My initial answer wasn't there, I thought it was focussed on specific, technical parts of the IT system. However, the answer is D - safety of personnel. The book doesn't really mention that anywhere though - I searched the PDF for it.
Just silly things like this are frustrating... but anyway, less of my moaning, got some reading to do!My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
OptionsRinzler Member Posts: 34 ■■■□□□□□□□Human life and safety are without question the top concerns in security...
-
Optionstedjames Member Posts: 1,179 ■■■■■■■■□□Human life and safety are without question the top concerns in security...
Yes! And if you see a question like that on the exam, ALWAY choose the answer regarding the safety of human life. -
OptionsPC509 Member Posts: 804 ■■■■■■□□□□I believe Kelly Handerhan goes over the RTO & MTTR and others. I know that there was a resource I used that was really lacking, and I think (not 100%) that it was Kelly's material that went into the detail and explained it to where I understood exactly what each was, and the differences.
-
OptionsCyberCop123 Member Posts: 338 ■■■■□□□□□□Good tips - thanks! Nice and easy to remember human life is the top priority... unless it's someone you really don't like
I'm listening to Kelly's MP3s everyday in the car, and about to start Domain 7 so I will listen out for that bitMy Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
OptionsTekn0logy Member Posts: 113 ■■■■□□□□□□You must fill gaps with other sources. Shon Harris audio book, albeit old, drives the point home about personnel safety being paramount. Also, industry knowledge would key on the differences between RTO and MTD.
-
Optionsluisbee Member Posts: 28 ■■■□□□□□□□Tips for any CISSP & Golden Rules for any CISSP takers out there...
1. People Safety First
2. Management Buy-in is Critical
3. Everyone is Responsible for Security
4. Training is Essential
5. Policy is the Key to (nearly) everything
If you remember these Golden Rules, then you are Good to GO!!!Certs Achieved: CISA / CISM / CISSP / ISO 27001 Lead Auditor / CRISC
Currently Studying: ISSAP / Python
"Be silly. Be fun. Be different. Be crazy. Be you, because life is too short to be anything but happy." - Anon -
OptionsNotHackingYou Member Posts: 1,460 ■■■■■■■■□□For example, the Eric Conrad book (the 600 page one) states:
- Recovery Time Objective (RTO) is the maximum time allowed to recovery business or IT systems
- Mean Time To Repair (MTTR) describes how long it will take to recover a failed system
These seem similar, but consider how they are used and what they really mean.
RTO relates to how long you've got to restore your critical systems. This relates to operations as a whole and is a standard for planning recovery operations.
MTTR generally relates to a specific system or even a specific piece of hardware. This is usually coupled with the mean time to failure. If we say that a hard disk of a specific make has a mean time to failure of, say, 7 years, we'll also want to know the mean time to repair that failure.When you go the extra mile, there's no traffic.