OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [CISSPSTUDY] CISSP EXAMS
From: Jay Heiser (jheiser@LUCENT.COM)
Date: Tue Nov 07 2000 - 03:04:36 CST


Ideally, the CISSP exam would not have 'questions pertaining' to a specific
book. The process for creating test questions works like this:
1) Committee creates wish list of categories based on CBK outline (some
areas need more questions than others)
2) Volunteers participate in test question creation workshops. This is
moderated by someone from the test committee, and with the assistance of
staff from the contractor who manages and grades the tests. The CISSP
volunteers devise questions in specific areas, along with a set of false
answers and the correct answer (the key). They also write a justification
for the key and find a written source that substantiates the question (the
set of books listed on the ISC2 web site is available to the workshop
participants). All of this information is entered into a database.
3) The participants review the questions, make suggestions, and the
questions & answers are modified accordingly.
4) The questions are reviewed by another committee.
5) CISSP volunteers take exams with the trial questions and proven
questions. Only questions that are consistently correctly answered by those
who do well on the proven questions are accepted.
6) Trial questions are also placed on the actual CISSP exam, again to look
for correlation between high-scoring test takers and the new questions.

Only after all this work and effort are questions actually used for scoring
purposes. It is a major hassle, and I don't think the value of it is
well-recognized in the industry. The CISSP exam is a very carefully crafted
artifact that accurately measures a person's understanding of a broad range
of security issues.

All of this is meant to address the issue of whether any particular book can
be considered a test prep guide. My response is "I hope not." I
contributed to this latest edition of the book, and the things I wrote were
meant to address some holes in the previous editions of the book in areas
that would be helpful in taking the exam. However, I hope that nobody would
pull questions directly out of the book, and I think the system is designed
to discourage it.

Jay Heiser, CISSP
Distinguished Member of Consulting Staff
Information Security Practice
Lucent NetworkCare Professional Services
Zurich, Switzerland
jheiser@lucent.com <mailto:jheiser@lucent.com>

> -----Original Message-----
> From: CISSP Study Mailing List [mailto:CISSPSTUDY@SECURITYFOCUS.COM]On
> Behalf Of Fletcher, Arlen
> Sent: Monday, November 06, 2000 5:36 PM
> To: CISSPSTUDY@SECURITYFOCUS.COM
> Subject: Re: CISSP EXAMS
>
>
> About 30% of the content of the ISMH changes from one edition
> to the next.
> I think I heard (don't quote me on this) that the 1999
> version is currently
> the most valuable - it takes a year or so for new questions
> to get into the
> exam, so questions pertaining to info in the 2000 edition
> won't be on the
> test immediately - so I've been told.
>
>
>
>
>
> "Brian J. Dyrehauge"
> <bjj@BANKDATA.DK> To:
> CISSPSTUDY@SECURITYFOCUS.COM
> Sent by: CISSP Study cc:
> Mailing List Subject:
> Re: [CISSPSTUDY] CISSP EXAMS
> <CISSPSTUDY@SECURITY
> FOCUS.COM>
>
>
> 11/06/2000 02:31 AM
> Please respond to
> CISSP Study Mailing
> List
>
>
>
>
>
>
> >Seriously, with 5 years experience in network & systems
> management with
> >lots of security projects, I studied the Info Sec Mgmt Handbook 4th
> >edition, the O'Reilly "key" book, and read lots of online
> articles (100+)
> >from strong sources, and invested about 150 hours, and passed.
> >
> >The key is that I had 5 years experience, which provided the
> basis for
> >study, and had had a passion for InfoSec for years. If you
> don't have the
> >experience, you don't have a chance.
>
>
> What if one has only worked with one subject for some years
> (eg. physical
> security or cryptography) would it then be too hard to get the CISSP?
>
> I see that there is a new volume of 'Info Sec Mgmt Handbook
> 4th Edition Vol
> II'.
> To read this one, do I need the 'Info Sec Mgmt Handbook 4th
> Edition Vol I'
> ?
>
> Yours sincerely,
> Brian J. Dyrehauge
>
> +--------------------------------------------+
> | You have received this email because you |
> | subscribed to the CISSPSTUDY mailing list. |
> | -- To unsubscribe, send an email to -- |
> | listserv@securityfocus.com |
> | with a message body of: |
> | UNSUBSCRIBE CISSPSTUDY |
> +--------------------------------------------+
>
> +--------------------------------------------+
> | You have received this email because you |
> | subscribed to the CISSPSTUDY mailing list. |
> | -- To unsubscribe, send an email to -- |
> | listserv@securityfocus.com |
> | with a message body of: |
> | UNSUBSCRIBE CISSPSTUDY |
> +--------------------------------------------+

             +--------------------------------------------+
             | You have received this email because you |
             | subscribed to the CISSPSTUDY mailing list. |
             | -- To unsubscribe, send an email to -- |
             | listserv@securityfocus.com |
             | with a message body of: |
             | UNSUBSCRIBE CISSPSTUDY |
             +--------------------------------------------+