Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] Re: Q: why not create file "study groups by city"?

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] Re: Q: why not create file "study groups by city"?
Date: Sun, 27 Mar 2005 10:24:10 -0800 

Date sent:              Sun, 27 Mar 2005 03:54:59 -0000
From:                   "howard_nyc" <howard_nyc@yahoo.com>


given the frequency of Q's about F2F groups... could we create a file 
entitled "study groups by city"?


Actually, we've got a section on that in the FAQ, still under development.  
Here's 
the latest draft:


CISSP-Discuss-FAQ   20050320

1.1 Introduction

This document is the FAQ (Frequently Asked Questions) for the
"CISSP-Discuss" Yahoo group.  It is a collection of answers to
questions that are repeatedly asked in the forum or important
information related to its use. Please keep the most recent version of
this file for future reference.

The originator and owner of the CISSP-Discuss list is Kate Wakefield,
who also runs the CISSP-PNW local study list for Seattle and the
surrounding area.  Current co-moderators are Clement Dupuis, founder
and maintainer of the excellent cccure.org study site, and Rob Slade. 
All three can be reached by sending email to 
CISSP-Discuss-owner@yahoogroups.com.


1.2 Changes since the last revision

20050310 was the first version.

20050314 added questions on experience and exam writing, and dropped
some of this initial fat.

20050320 added items on job postings and the CISSP-Discuss moderators.

1.3 Policies and guidelines

This group is for those studying for the CISSP exam.  Questions or
comments should be of interest in that process.  Those who wish to
argue about how the CISSP is a paper cert for a bunch of elitist snobs
should see cissp-wannabe.

Further guidelines and help are available at
http://groups.yahoo.com/group/CISSP-Discuss/files/ in the file
++CISSP-Discuss.doc.


1.4 Editor

The FAQ editor is Rob Slade, rslade@computercrime.org.  He will gladly
accept help and suggestions for improving this FAQ.  You can send
suggested questions, particularly those with attached answers, to him
via email.


2.0 LIST CONTENT


2.1 Is this the proper place to compare certifications?

Probably not.  The question has been raised, and you'll get replies,
some thoughtful, some not.


2.2 Is it OK to ask about topics previously covered?

Everybody does it, but it would be appreciated if you go and check out
the archives.


2.3 Is it OK to post job offers or resumes?

No.  For that, see:
http://groups.yahoo.com/group/CISSPjobsforum/ or
http://groups.yahoo.com/group/securityjobs/


2.4 Kan eye p40m0t3 my 133t h@xor website?

Go back to alt.script-kiddies where you belong.


3.0 TOPICS PREVIOUSLY COVERED

3.1 What is the best review guide for studying for the CISSP?

The various guides have been reviewed (and compared) at 
http://victoria.tc.ca/techrev/mnbkscci.htm or 
http://sun.soci.niu.edu/~rslade/mnbkscci.htm by Rob Slade.  (The two
sites are mirrors.)  It is Rob's opinion that the "Official (ISC)^2
Guide to the CISSP Exam," published by Auerbach, is the best of the
lot.  Rob feels that this work is the most up to date, has the
greatest breadth of material (important when studying for the CISSP)
and has the best sample questions.  (Rob is hardly unbiased: he
reviewed the work in process, in light of the other available guides,
and wrote the appendix on resources and references.)

3.2 Resources

For terminology resources:
http://victoria.tc.ca/techrev/secgloss.htm
http://sun.soci.niu.edu/~rslade/secgloss.htm

For book resources, by domain
http://victoria.tc.ca/techrev/mnbksccd.htm
http://sun.soci.niu.edu/~rslade/mnbksccd.htm

(For those who find a similarity between this page and the reference
appendix in "Official (ISC)^2 Guide to the CISSP Exam," well, it
stands to reason, don't it?)

For web resources, mostly by domain
http://victoria.tc.ca/techrev/mnbkscsm.htm
http://sun.soci.niu.edu/~rslade/mnbkscsm.htm

For CISSP study resources
http://cccure.org
http://egroups.com/group/CISSP-Discuss/
http://www.cccure.org/Documents/HISM/ewtoc.html


3.2 Where can I find sample questions?

Every study guide book will have some.  Most are pretty simplistic. 
The best set is in the "Official (ISC)^2 Guide to the CISSP Exam."

Don't buy the Boson exams.  They are *really* simplistic.

The largest freely available set of questions is at the cccure.org
site, which also has a *terrific* quiz generator, with lots of
options.  (Hint: don't bother with anything below "Pro" level.) 
HOWEVER, make sure you check out the answers carefully, particularly
the section that says where the question came from.  Any questions
taken from CISSP study guides, by whatever author, are likely to be
... less thoughtful than other questions from "original" sources.


3.3 What the four years of experience in Information Security?  Many
aspects of my job involve security but that isn't all I do.

First of all, this is partly what the test evaluates: the exam is
constructed in such a way as to assess your experience, background,
and judgement on matters of security.

If, once you pass the exam, you are chosen for audit, you will be
given a form to have someone vouch for the fact that you have the
requisite length of experience.  This is typically your boss. 
However, in the case of individual work or research, your can get
another CISSP, or other "certified" professional (professional
engineer, chartered accountant, etc.) who knows you and your work to
verify it.

Experince in any of the ten domains counts.  The domains are:
 - security management
 - access control
 - security architecture
 - physical security
 - operational security
 - cryptography
 - telecom and network security
 - business continuity
 - application security
 - law, investigation, and ethics

If part of your job involves security, then you take the percentage of
the work that you do that it related to security.  For example, if you
are a network admin, and 25% of your time is related to security
functions on the net, then 16 years work equates to 4 years FTE
security.


3.4 Got any tips for actually writing the exam?

You'll be told to take two F2/HB (soft) pencils.  Also take a really
good eraser: one of the white plasticky-looking ones.  Worth it's
weight in gold.

Do not skip any questions.  Answer *everything*, even if you have to
guess.  You do not get marks taken off for incorrect answers, so, if
you don't know the answer, "guessing" gives you a 25% chance of
getting the marks for those questions.  Do not leave anything
unanswered.

READ THE QUESTION, AND *ALL* THE ANSWERS, CAREFULLY.

Some say to do the easy questions first, and then come back and do the
hard ones.  Others say to go straight through and answer every
question as you get to it.  I would recommend going straight through:
it is really easy to outsmart yourself by second-guessing yourself. 
If you have the experience (see 3.3), very often your first answer is
correct.

(I have heard from all kinds of people that they got absolutely
panicked over the first dozen questions.  The CISSP exam is very
different from other you may have taken, and it takes a while to get
into the swing of the style.  Don't let the first dozen questions
throw you.)

However, I would suggest going through and doing every tenth question,
first.  (Question 10, 20, 30, etc.)  The answer sheet is a mark sense
card with about 400 rows of circles on it.  It is really easy to get
out of synch and answer the question in the wrong row (which, of
course, means you get all the answers wrong).  Doing every tenth
question gives you a regular checkpoint to make sure you are on the
right line.

You have six hours to answer 250 questions.  It isn't a race, but six
hours should be sufficient time (if you have experience, see 3.3,
etc).  To keep on track you should not answer less than 43 questions
per hour.  Anything faster is fine.

You are allowed to bring a lunch or refreshments.  Some proctors or
hosts provide refreshments.  Officially, all refreshments are at a
table at the back, and only one person at a time is allowed to go for
a break at the back.  Many people get stressed when they get thirsty,
and thirsty when they get stressed.  So remember that you have the
option.  On the other hand, try not to rely on that option.  (One of
the worst suggestions that I ever heard about the exam was to drink
three cups of coffee before you start.  Only one person at a time is
allowed to use the bathroom, as well ...)

Do not study right up until the last minute.  Remember the four years
experience thing.  An extra five minutes, or even a day, of studying
is not going to help.  Better to take the day before the exam off, and
get some rest.  Get a good sleep the night before.


4.0 MISCELLANY


4.1 What other CISSP-related mailing lists are there?

Please note that none of the following are (ISC)2 sponsored or
endorsed.

http://groups.yahoo.com/group/CISSPjobsforum 
http://groups.yahoo.com/group/HIPAA-CISSP
cissp-techgeeks@yahoogroups.com
cissp-wannabe@yahoogroups.com
cissp-ethics@yahoogroups.com
cissp-fiction@yahoogroups.com

There is an inactive but archived group at
http://groups.yahoo.com/group/cissp/

Regional/Area study groups

http://groups.yahoo.com/group/Toronto_CISSP 
http://groups.yahoo.com/group/Rochester_CISSP
cisspstudy@issabuffaloniagara.org
CISSP_PNW@yahoogroups.com (Pacific North West)
http://groups.yahoo.com/group/CISSP_CMH (Columbus, Ohio)
cissp-lagos@yahoogroups.com (also has members from other parts of
Africa and Asia)
cissp-regina@yahoogroups.com

These last groups are meant in fun. In particular, note that none of
these last are (ISC)2 sponsored or endorsed.

cissp-cynics@yahoogroups.com
cissp-flying-pigs@yahoogroups.com 
cissp-guns-and-butter@yahoogroups.com
cissp-pointless-discussions@yahoogroups.com
cissp-religious-wars@yahoogroups.com
cissp-self-promotion@yahoogroups.com
cissp-sushi-ayce@yahoogroups.com
cissp-tasteless@yahoogroups.com
cissp-usual-suspects@yahoogroups.com
cissp-why-not-create-new-subgroups@yahoogroups.com 

cissp-women-only@yahoogroups.com started as a response to a thread
about a conference restricted to female infosecurity professionals. 
I'm willing to have it used by anyone wanting to use it for something
serious, but so far no takers.  cissp-men-only@yahoogroups.com was, of
course, part of the same joke, and there are a couple of members. 
cissp-neuter-only@yahoogroups.com is also part of the same joke:
people keep joining it and leaving it almost immediately.  (I also had
"transgendered" for a while, but non-CISSPs kept trying to join it,
and I let it die.)


Contributors

Kate Wakefield

CISSP-Discuss-FAQ   20050320


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
                  Eat well, stay fit, die anyway
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade



 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [CISSP-D] Need ideas to volunteer some time, Terry . G . Turner
Next by Date:  RE: [CISSP-D] Need ideas to volunteer some time, Debi Piche
Previous by Thread:  [CISSP-D] Q: why not create file "study groups by city"?, howard_nyc
Next by Thread:  [CISSP-D] Study Outline Questions, scoupe11
Indexes:  [Date] [Thread] [Top] [All Lists]