Security Basics mailing list archives
RE: CISSP Examination Practices ?
From: "Clement Dupuis" <cdupuis () cccure org>
Date: Tue, 5 Feb 2008 12:08:17 -0500
In such case I would recommend you listen to my flash based presentation at: http://www.cccure.org/modules.php?name=Web_Links&l_op=viewlink&cid=167 It covers everything you need to know about the CISSP exam. It will tell you which of the domains have more weight on the exam. Which one you must master in order to pass and which one will not have as many questions on the exam. It talks about what to do a few days before the exam, the days before the exam, and even on exam day. It is a good overview of what to do and what not to do Take care Clement
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Yousef Syed Sent: Monday, February 04, 2008 3:38 PM To: david.a.harley () gmail com Cc: m.farid.shawara () gmail com; security-basics () securityfocus com Subject: Re: CISSP Examination Practices ? I'm thinking more about the approach that is needed to pass the exam - not necessarily whom the exam is for. The guy that asked the initial question was worried about the exam. So i was just telling him what worked for me. He's already been on a course and already has extensive Security experience (as you'd expect for someone planning to take the exam). However, I know MANY security professionals that are great with security issues at the techy level. Hence my emphasis on the management aspects being necessary for passing the exam. I don't want to split hairs, however, the instructor that taught us the CISSP course made a point of telling us that it was a Management focused exam. That doesn't mean it is an ITIL or PRINCE style exam. But rather that it has a management focus as opposed to a technical focus - if it had a technical focus, I doubt there'd be many CISSPs out there with the required depth of knowledge in all the 10 Security Domains. And to return once again to the original question, approaching the paper from the management perspective (despite my extensive techy/developer background) served me well. ys On 04/02/2008, David Harley <david.a.harley () gmail com> wrote:It was a generallization.Exactly my point. And that's why it's misleading.The CISSP is a maagement exam.I disagree. It's a broad-rather-than-deep security certification for information security professionals, which is often particularlysuitable formanagers in the security field, but it's also perfectly suitable forsomeonewith specialist expertise who wants/needs to prove they have areasonableamount of knowledge in the other domains. It's certainly not amanagementexam in the same way that an ITIL qualification is, for instance.If you focus on learning all the technical matters of each of the domains (though commendable and useful) would not necessarily mean you'll ace the exam.There, I agree. In fact, I wouldn't regard every CISSP question I'veeverseen as technically correct, though (ISC)2 do go to some lengths tomaketheir questions as good as possible.When answering many of the questions, you need to put a manager's "hat" on and that means you have to weigh things up on a budgetary basis, or policy basis, or HR/Legal/compliance basis, or Employee safety basis; as well as weighing up the more technical security pros and cons.You can't go very deep technically on a multi-choice question. Ithink youseriously overestimate the degree to which these are "different" tosecurityknowledge as it's measured by (ISC)2. If you're saying that security professionals who qualify for CISSPmay seethings differently to freelance vulnerability researchers, forexample, Iwon't disagree, but I don't think the exam particularly reflectsthat. It'snot what I'd call a management exam, and I've taken a few of those.I hope that helps clarify the matter.Likewise. -- David Harley CISSP :)-- Yousef Syed CISSP http://www.linkedin.com/in/musashi
Current thread:
- CISSP Examination Practices ? m.farid.shawara (Feb 04)
- Re: CISSP Examination Practices ? mgk.mailing (Feb 04)
- Re: CISSP Examination Practices ? Yousef Syed (Feb 04)
- RE: CISSP Examination Practices ? Mark Spivey (Feb 05)
- RE: CISSP Examination Practices ? David Harley (Feb 05)
- RE: CISSP Examination Practices ? Nick Duda (Feb 05)
- RE: CISSP Examination Practices ? David Harley (Feb 05)
- Re: CISSP Examination Practices ? Yousef Syed (Feb 05)
- RE: CISSP Examination Practices ? David Harley (Feb 05)
- Re: CISSP Examination Practices ? Yousef Syed (Feb 05)
- RE: CISSP Examination Practices ? Clement Dupuis (Feb 05)
- RE: CISSP Examination Practices ? Osvaldo Casagrande (Feb 05)
- RE: CISSP Examination Practices ? Frank Herrera (Feb 05)
- <Possible follow-ups>
- Re: CISSP Examination Practices ? zenmasterbob123 (Feb 05)