RE: CISSP Examination Practices ?

["Clement Dupuis" <cdupuis () cccure org>]

In such case I would recommend you listen to my flash based presentation at:

http://www.cccure.org/modules.php?name=Web_Links&l_op=viewlink&cid=167

It covers everything you need to know about the CISSP exam.

It will tell you which of the domains have more weight on the exam.  Which
one you must master in order to pass and which one will not have as many
questions on the exam.

It talks about what to do a few days before the  exam, the days before the
exam, and even on exam day.

It is a good overview of what to do and what not to do

Take care

Clement


> -----Original Message-----
> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com] On Behalf Of Yousef Syed
> Sent: Monday, February 04, 2008 3:38 PM
> To: david.a.harley () gmail com
> Cc: m.farid.shawara () gmail com; security-basics () securityfocus com
> Subject: Re: CISSP Examination Practices ?
>
> I'm thinking more about the approach that is needed to pass the exam -
> not necessarily whom the exam is for.
> The guy that asked the initial question was worried about the exam. So
> i was just telling him what worked for me. He's already been on a
> course and already has extensive Security experience (as you'd expect
> for someone planning to take the exam). However, I know MANY security
> professionals that are great with security issues at the techy level.
> Hence my emphasis on the management aspects being necessary for
> passing the exam.
>
> I don't want to split hairs, however, the instructor that taught us
> the CISSP course made a point of telling us that it was a Management
> focused exam. That doesn't mean it is an ITIL or PRINCE style exam.
> But rather that it has a management focus as opposed to a technical
> focus - if it had a technical focus, I doubt there'd be many CISSPs
> out there with the required depth of knowledge in all the 10 Security
> Domains.
> And to return once again to the original question, approaching the
> paper from the management perspective (despite my extensive
> techy/developer background) served me well.
>
> ys
>
>
> On 04/02/2008, David Harley <david.a.harley () gmail com> wrote:
> > > It was a  generallization.
> >
> > Exactly my point. And that's why it's misleading.
> >
> > > The CISSP is a maagement exam.
> >
> > I disagree. It's a broad-rather-than-deep security certification for
> > information security professionals, which is often particularly
> suitable for
> > managers in the security field, but it's also perfectly suitable for
> someone
> > with specialist expertise who wants/needs to prove they have a
> reasonable
> > amount of knowledge in the other domains. It's certainly not a
> management
> > exam in the same way that an ITIL qualification is, for instance.
> >
> > > If you focus on learning all the technical matters of each of
> > > the domains (though commendable and useful) would not
> > > necessarily mean you'll ace the exam.
> >
> > There, I agree. In fact, I wouldn't regard every CISSP question I've
> ever
> > seen as technically correct, though (ISC)2 do go to some lengths to
> make
> > their questions as good as possible.
> >
> > > When answering many of
> > > the questions, you need to put a manager's "hat" on and that
> > > means you have to weigh things up on a budgetary basis, or
> > > policy basis, or HR/Legal/compliance basis, or Employee
> > > safety basis; as well as weighing up the more technical
> > > security pros and cons.
> >
> > You can't go very deep technically on a multi-choice question. I
> think you
> > seriously overestimate the degree to which these are "different" to
> security
> > knowledge as it's measured by (ISC)2.
> >
> > If you're saying that security professionals who qualify for CISSP
> may see
> > things differently to freelance vulnerability researchers, for
> example, I
> > won't disagree, but I don't think the exam particularly reflects
> that. It's
> > not what I'd call a management exam, and I've taken a few of those.
> >
> > > I hope that helps clarify the matter.
> >
> > Likewise.
> >
> > --
> > David Harley CISSP :)
>
>
> --
> Yousef Syed
> CISSP
>
> http://www.linkedin.com/in/musashi