[OT?] CISSP training guidance requested

George Magklaras georgios at biotek.uio.no
Thu Mar 6 11:52:34 UTC 2008



Bill Tangren wrote:
> I have a Linux background, but I am now the Information Assurance Manager
> here, and I have been "requested" to obtain CISSP certification. What I'd
> like to know is,
> 
> 1) anyone out there been certified, and willing to give pointers?
> 
After completing an MPhil in Information security I am preparing for 
CISSP, so my opinion is not strictly speaking fully qualified but it has 
a perspective.
> If so,
> 
> 2) what prerequisites will I need? What should I study?
You will see that there is quite a lot of theory about concepts in the 
CISSP exam. You have a number of CBK (10) domains that by and large 
concentrate on a thematic area of information security, you will get a 
booklet with 250 questions and 6 hours to answer them. That sounds a lot 
of time, but depending on the mixture of questions it might not be. I 
would start with the official ISC2 reading list here:

https://www.isc2.org/cgi-bin/content.cgi?category=698

this is (in my view) quite long, so I would bother with the CISSP exam 
guide and perhaps some of the textbooks they mention.


> 
> 3) are "boot camps" the way to go to get the certification?
> 
Personal view: "boot camps" are good when you have done a bit of 
homework, because they are normally quite intensive and oriented towards 
summarizing knowledge rather than grasping it in the first place.
> 4) how long before should I prepare for the exam?
> 
That depends purely on your aptitude towards *all* of the CBK domains. 
As a system professional, I was OK with some of the domains, but I had 
important gaps in other areas such as law, investigation and ethics and 
I needed to catch up.

> 5) Any study materials available on the web, or elsewhere?
> 
Apart from the reading list, there are also CISSP study guides, but 
frankly I find them poorly written. If you follow up the CISSP guide and 
some of the most recent textbooks and fill in with all sorts of web 
resources by subject and professional knowledge, you should be able to 
get the picture. Having said that, I have not yet sat for the exam, so, 
maybe someone who holds the credentials can give more input on this.

Best regards,
GM

-- 
--
George Magklaras
http://folk.uio.no/georgios

Senior Computer Systems Engineer/UNIX Systems Administrator
EMBnet Technical Management Board
The Biotechnology Centre of Oslo,
University of Oslo
http://www.biotek.uio.no/

EMBnet Norway:	http://www.no.embnet.org/






More information about the redhat-list mailing list