OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Scott C. Sanchez, CISSP (scott@gungadin.com)
Date: Thu Jan 10 2002 - 08:58:44 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    This is a very comprehensive list of things to know when studying or
    preparing for the CISSP exam. It was written by Dan Houser, CISSP who is
    an active and well respected member in the InfoSec community. Thanks Dan
    for taking the time to put this together!

    (Note: these opinions in the list are his own and do not necessarily
    reflect those of any individual or entity)

    Enjoy,
    -Scott

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    The CISSP Study Guide List ver 3.2 - copyright 2001, 2002 by:
    ================================================================
    Dan Houser, CISSP, SSCP, CCP, GSEC
    Director of Education, ISSA Central Ohio Chapter
    1cissp@hushmail.com / alternate: Hello_World@bigfoot.com
    pgp key: pgp.mit.edu
    ================================================================
    About this list:
    ================================================================
    This list has been used as a study guide by a large number of
    people that now hold their CISSP. While this information
    cannot be a substitution for real experience in the InfoSec
    field, those with the requisite experience will find this
    information useful in refreshing and enlightening the broad
    range that the BoK covers.
    The end of the list contains tips on what to expect for the
    exam, and how to be best prepared for taking the exam and
    surviving for 6 hours. Many folks who now hold their CISSP
    have found this list to be invaluable, and I hope you find it
    of value as well.
    This list is provided free (with copyright retained) as a
    service to the InfoSec community at large.
    Kudos to ISSA.
    Fair Use: Sorry, just a few minor issues, since this bears my
    name & reputation.
    ================================================================
    You may use this list in any way you see fit, with 2 conditions:
    1) You must communicate via e-mail with the author, to report:
    - any stale/bad links, to continue improving this list.
    - any web page dissatisfaction, in case they've
    declined in value since publication.
    - when you pass your CISSP! :^)
    2) You can share this list however you like, provided:
    - no charge is ever assessed for access - this list
    must remain free!
    - the content between the PGP signature lines remains
    unchanged.
    - any comments in e-mail notes occur ABOVE the PGP
    line.
    - If posted online, the PGP signature is verified
    before posting. PGP key available at pgp.mit.edu.
    ================================================================
    Top 5 CISSP resources:
    ================================================================
    1) The CISSP Open Study Guide: http://www.cccure.org/
    (It's first on the list for a reason!)
    NOTE: See the left side, "Hal Tipton, Intro I" and "Hal Tipton
    Intro 2" - as in "editor of HISM, that Hal Tipton".
    He provided two CISSP review courses, and then posted the
    slides here. Same stuff you'd pay for in a CISSP Review class,
    but for free.
    2) Sample Exam:
    http://www.infosecuritymag.com/oct99/sampleexam.htm
    This is only published sample exam blessed & approved by ISC^2
    Use it to gauge your weaknesses, and to understand the format
    of the exam. When taking the sample exam, if you don't KNOW
    the answer and guess correctly, this would be an area of
    marginal weakness, and may indicate further study is needed.
    3) Tipton & KRause 3rd Edition:
    http://secinf.net/info/misc/handbook/ewtoc.html
    A major source of test questions in the past, still very useful
    stuff, and it's FREE.
    4) HIGHLY Recommended:
    Signup for the CISSPStudy_1 list, run by Ginger Doetsch:
    http://groups.yahoo.com/group/CISSPStudy_1
    Signup for the CISSPStudy e-mail list:
    http://infosec.gungadin.com/index2.shtml
    5) Why be a CISSP? :
    http://www.infosecuritymag.com/oct99/profcert.htm
    ================================================================
    Additional CISSP resources, loosely grouped:
    ================================================================
    CISSP Prep Course materials: http://www.consec.org
    CISSP Practice Exam:
    http://www.cissps.com/Cissp_Exam/Practice/practice.html
    CISSP Forums:
    http://forum.cissps.com/ubbcgi/Ultimate.cgi?action=intro
    The InfoSec Management 2000 Handbook:
    http://www.itknowledge.com/reference/standard/0849399742/ewtoc.html
    (you only get 1-2 clicks before you have to pay, so choose
    your chapter carefully!)
    For Crypto Newbies: http://15seconds.com/issue/991216.htm
    Crypto Made Easy:
    http://www.cissps.com/Cissp_Exam/Practice/crypto.html
    Intro to PKI:
    http://docs.iplanet.com/docs/manuals/security/pkin/index.htm
    Intro to SSL:
    http://docs.iplanet.com/docs/manuals/security/sslin/index.htm
    RSA Labs Crypto FAQ:
    http://www.rsasecurity.com/rsalabs/faq/index.html
    Bruce Schneier's Crypto Hotlinks:
    http://www.counterpane.com/hotlist.html
    W3.org's Internet Security Resource Page:
    http://www.w3.org/Security/
    TCSec Coverage WITH TESTS!!:
    http://www.radium.ncsc.mil/tpep/library/ramp-modules/
    (see especially 5,6,7,8,9,11 which have coverage beyond
    just TCSec)
    DoD Rainbow Series:
    http://www.radium.ncsc.mil/tpep/library/rainbow/
    (in theory no longer on the exam, but I've heard rumors in
    listservs that TSEC stuff still appears on the test)
    Role-Based Access Control:
    http://hissa.ncsl.nist.gov/rbac/
    RSA's Crypto Glossary:
    http://www.rsasecurity.com/developers/total-solution/glossary.html
    RSA's VPN Tutorial:
    http://www.rsasecurity.com/products/securid/whitepapers/vpns/index.htm
    l
    Computer Forensics Overview:
    http://www.ddj.com/articles/2000/0009/0009f/0009f.htm
    Firewalls Complete, online book:
    http://secinf.net/info/fw/complete/
    Trust in Cyberspace, online book (Internet Security Overview):
    http://www.nap.edu/readingroom/books/trust/
    TEMPEST: http://www.eskimo.com/~joelm/tempest.html
    Large Archive of Security Articles:
    http://www.nwfusion.com/newsletters/sec/
    (Mostly Physical Security, Network Security, and Security and
    Policy Management )
    HUGE compendium of InfoSec sources:
    http://www.infosyssec.net/index.html
    (note the left-hand side, which are all the topics covered)
    Computer Security Institute's Archive of InfoSec Articles:
    http://www.gocsi.com/excerpt.htm
    ACSA InfoSec Bookshelf:
    http://www.acsac.org/secshelf/book001/book001.html
    Discussion of Optical Lenses:
    http://www.photo.net/photo/optics/lensTutorial.html
    US Navy Physical Security Manual:
    http://neds.nebt.daps.mil/Directives/5530_14c.pdf
    Good source of quizzes: http://www.sans.org/infosecFAQ/index.htm
    (remember - GIAC and CISSP have a different focus)
    Many books/papers about firewalls: http://secinf.net/ifwe.html
    GASSP: http://www.all.net/books/GASSP2.html
    Big ol' List o' Crypto on Bruce Schneier's Site:
    http://www.counterpane.com/biblio/all-by-author.html
    Many miscellaneous papers, some definitely by hackers:
    http://www.insecure.org/reading.html
    ( set grain of salt = on)
    Now, once you've read all that, your brain should be tired.
    ================================================================
    CISSP Exam Tips - What to expect, & how to survive
    ================================================================
    Sorry, no tips on questions, I'm not allowed to share. However,
    I can provide some tips that can tell you how to be most
    successful at lasting for 6 hours and staying alert during the
    CISSP exam:
    > Don't cram the night before. Get a good night's rest.
    > Don't forget your photo ID!!!
    > Bring a couple bottles of juice and water, plus some snacks (
    cheese crackers, apple, etc.) in a cloth bag that isn't
    'noisy'. You don't want to make a lot of rustling noises
    during the exam.
    > You might want to bring along 2 doses of Excedrin, Tylenol,
    Cold & Sinus non-drowsy, Imodium AD, Rolaids, and any
    prescription medicine your are on. Getting a killer
    headache or heartburn during the CISSP would be rough.
    > Don't take anything else to the exam except your photo ID (
    no books, etc.) DO NOT wear a calculator or digital watch.
    > In case you ignore the above point, bring along a zippered
    backpack to store your phone and Palm Pilot, and stash them
    in the back of the room where the proctors can secure it and
    know your aren't compromising the exam. OOPS - don't do
    what I did, and forget to turn your Palm Pilot alarms off.
    :^)
    > Get to the exam 45 minutes before it starts to chat with the
    proctors about how they handle the exam, drinks, nature
    breaks, etc. Ask about the proper procedures for you to get
    up and stretch or use the bathroom.
    > Show the proctors your bag of goodies and that it doesn't
    contain anything except juice, water, snacks, and medicine,
    and determine from them how you could have access to your
    snacks during the exam.
    > Pace yourself through the exam. You should complete 50
    questions every 40-50 minutes.
    > After 100 questions, get up quietly and go to the back of
    the room and stretch, down a juice, eat a snack and refresh
    your mind for 5 minutes. Focus your eyes on the farthest
    point you can see.
    > Repeat the break when hitting the 200 and 250 question level.
    This break will do wonders to keep you fresh and alert.
    > As you take the exam, if you have a question that you want
    to contest or otherwise comment about, you can't talk to the
    proctor about it. However, bend the corner of the page and
    jot the question number on a piece of paper so you remember
    the "questionable" question. After the test, you are
    permitted to comment on questions through a special process
    the proctor will explain. Please take 20-30 minutes to do
    this at the end of the test to help yourself, and others.
    I've heard that graders DO read them. Your well-written
    statement might just be the issue that tosses out a question
    you got wrong, and be the margin for getting certified. Be
    calm, concise, and factual. This is not the place FOR
    YELLING!!! or other emphasis. Deep cleansing breath between
    each comment.
    > REMEMBER, 25 of the questions are being asked to test the
    validity of the question, so they don't count. If you see a
    question that really zings you, just think, "Oh, that must be
    a test question, so it doesn't count." Don't let the tough
    ones rattle you.
    > After the test, please don't drive a long distance before
    refreshing yourself, and don't plan on doing anything
    strenuous... you will be dog tired and your brain will hurt.
    I recommend getting a starchy meal or other complex
    carbohydrates and taking plenty of electrolytes in a relaxing
    setting. For me, that formula was plenty of nachos, crabdip
    and a beer by the Bay. There is a point to this- while you'
    re enjoying yourself and resting...
    > Though it's the last thing you'll want to do, within that 1st
    hour after the test, take 1-2 pages of notes about all the
    concepts that you were weakest on, in case you didn't pass.
    Store this in a secure location, and pull it out if you need
    to study again.
    > But MOST IMPORTANT, don't forget your PHOTO ID!!
    I wish you the best of luck!
    - -ddh
    The CISSP Study Guide List ver 3.2 - copyright 2001, 2002 by:
    ====================================================================
    Dan Houser, CISSP, SSCP, CCP, GSEC
    1cissp@hushmail.com / alternate: Hello_World@bigfoot.com
    ====================================================================
    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0.4
    iQA/AwUBPDyYp/i5GkWlFlcVEQKXRwCZARq88tyE7TZ4yescE8G6Ivr17/wAoJLn
    xSeUoCkkDE6q+ld2QJdZMiUb
    =TCoD
    -----END PGP SIGNATURE-----