Yet another progress report on the CISSP studying… I just finished the last domain in the Shon Harris book: “Operations Security”. Now I get to go back to the beginning of the book, and reread the three domains where I didn’t make note cards: “Information Security and Risk Management”, “Access Control”, “Security Architecture and Design”. Luckily, these are all areas I understand pretty well. I’m probably also going to do a separate set of note cards on the (ISC)2 Code of Ethics and the rules for being a CISSP, since I’m sure they will emphasize that on the exam somewhere (organizations like this often do).
For the record, the domains I have finished (i.e., with note cards) are: “Physical and Environmental Security”, “Telecommunications and Network Security”, “Cryptography”, “Business Continuity and Disaster Recovery”, “Legal, Regulations, Compliance, and Investigations”, “Application Security”, and “Operations Security”.
