Documente Academic
Documente Profesional
Documente Cultură
take it
Prasad Tiruvalluri, PMP, CISSP, PSM1, Hadooop, ISTQB, ITIL
www.techgadgettalk.com
E-mail: Prasad.Tiruvalluri@techgadgettalk.com
Contents
Eligibility
Job Profiles
What does CISSP Test
The actual process
How to study
In both cases, after passing the exam, one must be endorsed by an existing
CISSP and if you do not have anybody who can endorse you, then CISSP can
do the endorsement
Security consultant
Security analyst
Security manager
Security systems engineer
Security auditor
Director of security
Chief information security manager
IT manager/Director
Network Architect
Security Architect
Domain 2
Telecommunications and Network Security Discusses network
structures, transmission methods, transport formats and security
measures used to provide availability, integrity, and confidentiality
Network Architecture and Design
Communication Channels
Network Components
Network Attacks
Domain 3
Information Security Governance and Risk Management The
identification of an organizations information assets and the
development, documentation and implementation of policies,
standards, procedures, and guidelines
Security Governance and Policy
Information Classification/Ownership
Contractual Agreements and Procurement Processes
Domain 4
Software Development Security Refers to the controls that are
included within systems and applications software and the steps
used in their development
Systems Development Life Cycle (SDLC)
Application Environment and Security Controls
Effectiveness of Application Security
Domain 5
Cryptography The principles, means and methods of disguising
information to ensure its integrity, confidentiality, and authenticity
Encryption Concepts
Digital Signatures
Cryptanalytic Attacks
Public Key Infrastructure (PKI)
Information Hiding Alternatives
Domain 6
Security Architecture and Design Contains the concepts,
principles, structures and standards used to design, implement,
monitor, and secure, operating systems, equipment, networks,
applications, and those controls used to enforce various levels of
confidentiality, integrity, and availability
Fundamental Concepts of Security Models
Capabilities of Information Systems (e.g. memory protection,
virtualization)
Countermeasure Principles
Vulnerabilities and Threats (e.g. cloud computing, aggregation, data
flow control)
Domain 7
Operations Security Used to identify the controls over hardware,
media and the operators with access privileges to any of these
resources
Resource Protection
Incident Response
Attack Prevention and Response
Patch and Vulnerability Management
Domain 8
Business Continuity and Disaster Recovery Planning Addresses
the preservation of the business in the face of major disruptions to
normal business operations
Business Impact Analysis
Recovery Strategy
Disaster Recovery Process
Provide Training
Domain 9
Legal, Regulations, Investigations and Compliance Addresses
computer crime laws and regulations, the investigative measures
and techniques that can be used to determine if a crime has been
committed, and methods to gather evidence
Legal issues
Investigations
Forensic procedures
Compliance Requirements/Procedures
Domain 10
Physical (Environmental) Security Addresses the threats,
vulnerabilities, and countermeasures that can be utilized to
physically protect an enterprises resources and sensitive
information
Site/Facility Design Considerations
Perimeter Security
Internal Security
Facilities Security
Verify that you are eligible and schedule the exam. Let the commitment drive
you. Make sure you do not schedule the exam too far off. You may
procrastinate.
If you have experience in the info security field, plan for about 200 hrs to 250
hrs of study else plan for about 400 hrs to 450 hrs of study
Take tests daily and from different sources. Do not worry about the scores as
none of the existing questions even remotely resemble the actual test
questions. Use the tests to just gauge your state of preparation
Write the exam
Arrive early
One hour, if you can.
Bring your registration paperwork, government issued ID: Drivers License, passport etc.,
You have an option to mark the question for review later, use it
The questions are so crafted, you are never certain how well you have done. Do
not get discouraged. Most of the exam takers have felt that way.
You pass if you score more than 700. The score is scaled. The number of
questions is 250 with 25 being not used for scoring but you will not know which
ones.
The questions are multiple choice questions with single and multiple answers.
There are drag and drop and hotspot questions since 2014.
Do take a break
Review your answers
Review the questions that you dont have an answer first.
Review rest of your answers.
Your first answer likely be the right answer.
Official (ISC)2 Guide to the CISSP CBK the latest edition must read
CISSP Study guide, Eric Conrad
CISSP Study Guide 6E Sybex- James Stewart, Mike Chapple & Darril Gibson comes with questions
CISSP Training Kit-David R Miller - Microsoft Press comes with questions
Eleventh Hour CISSP Study Guide-Eric Conrad