Security Basics mailing list archives
Re: CISSP Examination Practices ?
From: "Yousef Syed" <yousef.syed () gmail com>
Date: Mon, 4 Feb 2008 21:38:28 +0100
I'm thinking more about the approach that is needed to pass the exam - not necessarily whom the exam is for. The guy that asked the initial question was worried about the exam. So i was just telling him what worked for me. He's already been on a course and already has extensive Security experience (as you'd expect for someone planning to take the exam). However, I know MANY security professionals that are great with security issues at the techy level. Hence my emphasis on the management aspects being necessary for passing the exam. I don't want to split hairs, however, the instructor that taught us the CISSP course made a point of telling us that it was a Management focused exam. That doesn't mean it is an ITIL or PRINCE style exam. But rather that it has a management focus as opposed to a technical focus - if it had a technical focus, I doubt there'd be many CISSPs out there with the required depth of knowledge in all the 10 Security Domains. And to return once again to the original question, approaching the paper from the management perspective (despite my extensive techy/developer background) served me well. ys On 04/02/2008, David Harley <david.a.harley () gmail com> wrote:
It was a generallization.Exactly my point. And that's why it's misleading.The CISSP is a maagement exam.I disagree. It's a broad-rather-than-deep security certification for information security professionals, which is often particularly suitable for managers in the security field, but it's also perfectly suitable for someone with specialist expertise who wants/needs to prove they have a reasonable amount of knowledge in the other domains. It's certainly not a management exam in the same way that an ITIL qualification is, for instance.If you focus on learning all the technical matters of each of the domains (though commendable and useful) would not necessarily mean you'll ace the exam.There, I agree. In fact, I wouldn't regard every CISSP question I've ever seen as technically correct, though (ISC)2 do go to some lengths to make their questions as good as possible.When answering many of the questions, you need to put a manager's "hat" on and that means you have to weigh things up on a budgetary basis, or policy basis, or HR/Legal/compliance basis, or Employee safety basis; as well as weighing up the more technical security pros and cons.You can't go very deep technically on a multi-choice question. I think you seriously overestimate the degree to which these are "different" to security knowledge as it's measured by (ISC)2. If you're saying that security professionals who qualify for CISSP may see things differently to freelance vulnerability researchers, for example, I won't disagree, but I don't think the exam particularly reflects that. It's not what I'd call a management exam, and I've taken a few of those.I hope that helps clarify the matter.Likewise. -- David Harley CISSP :)
-- Yousef Syed CISSP http://www.linkedin.com/in/musashi
Current thread:
- CISSP Examination Practices ? m.farid.shawara (Feb 04)
- Re: CISSP Examination Practices ? mgk.mailing (Feb 04)
- Re: CISSP Examination Practices ? Yousef Syed (Feb 04)
- RE: CISSP Examination Practices ? Mark Spivey (Feb 05)
- RE: CISSP Examination Practices ? David Harley (Feb 05)
- RE: CISSP Examination Practices ? Nick Duda (Feb 05)
- RE: CISSP Examination Practices ? David Harley (Feb 05)
- Re: CISSP Examination Practices ? Yousef Syed (Feb 05)
- RE: CISSP Examination Practices ? David Harley (Feb 05)
- Re: CISSP Examination Practices ? Yousef Syed (Feb 05)
- RE: CISSP Examination Practices ? Clement Dupuis (Feb 05)
- RE: CISSP Examination Practices ? Osvaldo Casagrande (Feb 05)
- RE: CISSP Examination Practices ? Frank Herrera (Feb 05)
- <Possible follow-ups>
- Re: CISSP Examination Practices ? zenmasterbob123 (Feb 05)