May 10th, 2004, 08:52 PM
CISSP Study Notes: Netgage
If you are like me and getting down to the last crunch time for studying, you may want to use some great review notes I found at GoNetgage.com: http://www.gonetgage.com/cissp_study_notes.htm
I printed out each section, double-sided and have a little handy review package that's about 60 pages long.
In addition, if you haven't checked it, CCCure CISSP Forums has an Online Quiz that can help you prepare for the exam. There are numerous questions and you can determine how difficult the questions are from Easy to Pro. Lastly, ISC2 has introduced an online quiz. Keep in mind for the $50 USD price you can only do the quiz ONCE. So choose to do it at a time to verify how close or how far you are from being successful. It doesn't indicate what you got wrong and doesn't give a numeric value but instead seems to indicate "Weak" and "Strong" (I honestly don't know what the low end value is since I got strongs through all 10 domains).
For those trying in the next few weeks, best of luck.
May 10th, 2004, 10:14 PM
Thanks for the link MsM.
I'm currently studying for my CISSP to be taken this summer. I took the SANS course by Eric Cole, which I found VERY good. I am reading The CISSP Prep Guide: Gold Edition by Ronald L. Krutz and Russell Dean Vines which I found to contain concise material as opposed to some others that flood you with tons of material much of which is not needed for the test.
Sounds like your taking the test soon. Let me wish you the best of luck!!!
May 10th, 2004, 10:19 PM
I'd love to have the cash for the courses but .. eh.. I have used however the Official ISC2 Guide to the CISSP Exam, the All-in-One CISSP Guide by Shon Harris and the Krutz book you mentioned. It's interesting to get different points of view. the Krutz book seems to be a little more accurate on the information required (such as the Take-Grant Model, which isn't even mentioned in the other two books).
The Official Guide still needs work so I wouldn't suggest it as a study guide just yet. Because there are so many different authors, it can be confusing but the details is at a higher end than the other two (even if they are missing some facts).
May 11th, 2004, 02:54 PM
The CISSP Prep guide is kinda garbage. My old roommate had it, and although it is an excellent resouce book, it is a poor tool for preparing for the exam.
Remember, the CISSP is geard toward consulting and not technical knowledge. Know how your encryption formats are used, not how they work. Don't worry about specific laws or HIPAA stuff as the book goes on and on about... only a few such questions are on the test and then tend to be logical and requiring no specific knowledge, same for other specific standards or guidelines.
Just know how technologies, policies, and standards are intended to be used and you will pass with flying colors.
May 11th, 2004, 03:37 PM
For me it's not the encryption itself that's the issue but rather remembering which one is used for which type of cryptography (symmetric, asymmetric, PKI, etc. -- You'd think I'd remember this stuff). And while specific laws aren't critical, certain specifics are like some specifics of the Rainbow books and Common Criteria as well as specifics to things like Security Models. Some of these are used in real life but just not thought of as say Biba or Bell-LaPadula models. It's more like certain people can't read all the information about salaries and those that make the salaries can't alter information on the cheques.
Know how your encryption formats are used, not how they work. Don't worry about specific laws or HIPAA stuff as the book goes on and on about...
And generally speaking, at least for me, when I study for an exam I use more than one source for reference. In addition, I have found -- speaking to various people -- that the exam content truly varies from exam to exam. A colleague said she didn't get any encryption on her exam but others she knew had it. *shrug*
Just become a know-it-all and probably pass (ain't I the optimistic one)
May 11th, 2004, 04:28 PM
Hmm, might want to review security models again. The ones you described are least privilged/need to know and seperation of duties, not the BL. The BL is based on the simple, *, strong and tranquility security properties and trusted subjects.
I was just stating what was covered on the CISSP, and what is covered is very little specific technical knowledge even though many books will have pages on the math of a specific encrtpyion standard.
May 11th, 2004, 04:48 PM
I never said it was BL.
The ones you described are least privilged/need to know and seperation of duties, not the BL. The BL is based on the simple, *, strong and tranquility security properties and trusted subjects.