RE: CISSP Examination Practices ?

In such case I would recommend you listen to my flash based presentation at:

http://www.cccure.org/modules.php?name=Web_Links&l_op=viewlink&cid=167

It covers everything you need to know about the CISSP exam.

It will tell you which of the domains have more weight on the exam. Which
one you must master in order to pass and which one will not have as many
questions on the exam.

It talks about what to do a few days before the exam, the days before the
exam, and even on exam day.

It is a good overview of what to do and what not to do

Take care

Clement


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Yousef Syed
Sent: Monday, February 04, 2008 3:38 PM
To: david.a.harley@xxxxxxxxx
Cc: m.farid.shawara@xxxxxxxxx; security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: CISSP Examination Practices ?

I'm thinking more about the approach that is needed to pass the exam -
not necessarily whom the exam is for.
The guy that asked the initial question was worried about the exam. So
i was just telling him what worked for me. He's already been on a
course and already has extensive Security experience (as you'd expect
for someone planning to take the exam). However, I know MANY security
professionals that are great with security issues at the techy level.
Hence my emphasis on the management aspects being necessary for
passing the exam.

I don't want to split hairs, however, the instructor that taught us
the CISSP course made a point of telling us that it was a Management
focused exam. That doesn't mean it is an ITIL or PRINCE style exam.
But rather that it has a management focus as opposed to a technical
focus - if it had a technical focus, I doubt there'd be many CISSPs
out there with the required depth of knowledge in all the 10 Security
Domains.
And to return once again to the original question, approaching the
paper from the management perspective (despite my extensive
techy/developer background) served me well.

ys


On 04/02/2008, David Harley <david.a.harley@xxxxxxxxx> wrote:
It was a generallization.

Exactly my point. And that's why it's misleading.

The CISSP is a maagement exam.

I disagree. It's a broad-rather-than-deep security certification for
information security professionals, which is often particularly
suitable for
managers in the security field, but it's also perfectly suitable for
someone
with specialist expertise who wants/needs to prove they have a
reasonable
amount of knowledge in the other domains. It's certainly not a
management
exam in the same way that an ITIL qualification is, for instance.

If you focus on learning all the technical matters of each of
the domains (though commendable and useful) would not
necessarily mean you'll ace the exam.

There, I agree. In fact, I wouldn't regard every CISSP question I've
ever
seen as technically correct, though (ISC)2 do go to some lengths to
make
their questions as good as possible.

When answering many of
the questions, you need to put a manager's "hat" on and that
means you have to weigh things up on a budgetary basis, or
policy basis, or HR/Legal/compliance basis, or Employee
safety basis; as well as weighing up the more technical
security pros and cons.

You can't go very deep technically on a multi-choice question. I
think you
seriously overestimate the degree to which these are "different" to
security
knowledge as it's measured by (ISC)2.

If you're saying that security professionals who qualify for CISSP
may see
things differently to freelance vulnerability researchers, for
example, I
won't disagree, but I don't think the exam particularly reflects
that. It's
not what I'd call a management exam, and I've taken a few of those.

I hope that helps clarify the matter.

Likewise.

--
David Harley CISSP :)







--
Yousef Syed
CISSP

http://www.linkedin.com/in/musashi

Relevant Pages
Quantcast