for those that took the cissp recentlywhat info. did you study for the "new" domains?

universalfrost · July 2012

looking to take my CISSP when I get back from my deployment in January. i know they just updated the CISSP with new domains, etc... what did any recent test takers use to study up on the new information that is now being tested? i already have harris and conrads books based on the old test (going to order conrads new book next month when it comes out)...i have a long time to study (6 months) and want to really knock this test out of the ball park when i sit for it come jan/feb so let me know what you used to pass the test with the new information/domains...

(***note: i am already up to speed on the rest of the CISSP, just need to know what to use to study for the new stuff on the cissp ****)

universalfrost · July 2012

so nobody has taken the CISSP new domains seriously???? must not have been very many questions on the exam for the new information..... correct me if i am wrong....

paul78 · July 2012

I think that perhaps the challenge is that anyone that took the previous exam will not be familiar with the newer materials and similarly anyone taking the new materials will not have any context on the old stuff.

When the updated domains were published, I did review the Candidate Information Bulletins - you can find it here - https://www.isc2.org/cib/default.aspx. The updates are explained on what changed and was added.

I haven't read the new CBK but my initial impression of the new changes is that the material is a lot more relevant to today's world and some of the nomenclature used is more consistent.

In the previous ISC2 materials, I had thought that coverage on certain areas like software development and legal was a bit too light. And there was focus in areas of networking which I thought was a bit obsolete.

If you are up-to-date on your foundational knowledge, the new materials should actually make it easier.

Good luck.

ps. Congrats on passing your PMP (I saw that in another thread)

JDMurray · July 2012

paul78 wrote: »

In the previous ISC2 materials, I had thought that coverage on certain areas like software development and legal was a bit too light. And there was focus in areas of networking which I thought was a bit obsolete.

Software enginnering really requires specialized experience to understand well, even in the context of application security, so it's not suprising that the CISSP CBK's "inch deep" coverage seems hardly sufficient to explain it thoroughly. You'll need to suppliment with additional references from the CISSP CIB.

The CISSP is global InfoSec exam, and therefore it's not likely to have detailed legal information for any one country (i.e., the USA). It may be that the US CISSP exam has legal questions that won't appear in non-US CISSP exams, but it probably won't be too deep.

The (ISC)2 has always considered it important for InfoSec professionals to know the (short) history of how their profession has evolved. This is why you are likely to see deprecated and obsolete technologies (e.g., token ring, DOS, Netware, Orange Book) mentioned in the CISSP CBK.

paul78 · July 2012

I guess I was always surprised that the previous CBK didn't really cover aspects of software development such as threat modeling, risk assessments, or penetration testing. And I don't recall if there was even any mention of any application of security in Agile frameworks. I'm wasn't really envisioning anything too in-depth or even specialized.

I do agree that the legal information should not be US-centric. I should have clarified. I was preferring to the limited content on privacy. The legal aspects of privacy vary tremendously across the world and in some parts of the world the concept of legal identity is quite different than in the US. Given the global aspects of internet security, I am hoping the that new CBK updates cover the various differences a bit more.

I don't actually don't object to ISC2's use of deprecated technologies. I actually am a proponent of providing historical context, I thought that the way that the CBK lays out the history of Cryptography is very good.

Ultimately though, to pass the exam, it doesn't really matter what I think should be in the CBK

it's pretty much what the ISC2 says is the "common knowledge" that counts. But I guess that's true for any certifying body.

Lob · July 2012

I did my course before the changes and the exam after the changes. I'd say there is little change to hamper a budding CISSP assuming that daily business for that person is a role dedicated to security. The changes are largely a modernisation of the CBK to reflect the challenges we have before us today.

https://www.isc2.org/uploadedFiles/Credentials_and_Certifcation/About_Our_Credentials_and_Process/2012-CIB-Updates.pdf

The updates also reflect what you should be aiming to achieve with your CPEs

Jcast · July 2012

universalfrost wrote: »

looking to take my CISSP when I get back from my deployment in January. i know they just updated the CISSP with new domains, etc... what did any recent test takers use to study up on the new information that is now being tested? i already have harris and conrads books based on the old test (going to order conrads new book next month when it comes out)...i have a long time to study (6 months) and want to really knock this test out of the ball park when i sit for it come jan/feb so let me know what you used to pass the test with the new information/domains...

(***note: i am already up to speed on the rest of the CISSP, just need to know what to use to study for the new stuff on the cissp ****)

I took and passed the test in June. I used Shon Harris' 5th edition exam guide and CCCure to study.

!nf0s3cure · July 2012

As I understood it, they have realigned the domains and updated them, not introduce new ones. Can some one confirm this?

universalfrost · July 2012

i know about the realigning of the domains, but i was under the impression that they added a lot on virtual computing (VM's, etc..) and security associated with it.. would be interesting if they did , since more and more that is the way the server side is going and even the end users are many times on a machine that is nothing more than a thin client (even if they don't know it).

Iristheangel · July 2012

According to the official ISC2 instructor who was running my bootcamp a couple of months ago, not much was added in terms of content. She claims (I can neither deny nor confirm 100% since I took the test about 2 months ago) that ISC2 changed a couple domain names but the core content is the same.

Jcast · July 2012

universalfrost wrote: »

i know about the realigning of the domains, but i was under the impression that they added a lot on virtual computing (VM's, etc..) and security associated with it.. would be interesting if they did , since more and more that is the way the server side is going and even the end users are many times on a machine that is nothing more than a thin client (even if they don't know it).

I took the test on June 26th and if I saw 1 question on virtualization that was a lot.

JDMurray · July 2012

paul78 wrote: »

I guess I was always surprised that the previous CBK didn't really cover aspects of software development such as threat modeling, risk assessments, or penetration testing. And I don't recall if there was even any mention of any application of security in Agile frameworks. I'm wasn't really envisioning anything too in-depth or even specialized.

Look at the CSSLP certification to cover those topics.

for those that took the cissp recentlywhat info. did you study for the "new" domains?

Comments