Hey there -
I'm getting ready to take the CISSP exam this weekend, and I think I
have things pretty much under control. I've used the ISC2 and Sybex
study guides, along with the Meyers Passport book, as primary
materials.
The biggest area of confusion I have right now is with control types:
access vs physical, and the grouping within each, particularly
physical. There doesn't seem to be any consistency between the
materials. One says light, fences, locks are "deterrent" controls -
specifically NOT "preventative", another calls them "preventative".
Another says that fire suppression systems are "preventative", which
seems just wrong to me - they don't prevent fire at all! Again,
another calls suppression systems "corrective" controls, which is a
category not even found in the other texts.
Is there a clear, definitive guide to the various control categories
(administrative, technical/logical, physical, ???) and types within
each that I can refer to? Or should I ignore everything but the ISC2
book and hope for the best?
KeS
(Oh, BTW, another sanity check - the Myers book says that the maximum
value for ARO is 1. This seems blatantly wrong - for a threat like a
virus attack you may experience many, many incidents per year. It also
conflicts with the ISC2 book on this. Can someone confirm?)
------------------------ Yahoo! Groups Sponsor --------------------~-->
$9.95 domain names from Yahoo!. Register anything.
http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/kgFolB/TM
--------------------------------------------------------------------~->
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
<*> To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
