Tag: cissp

Phase II of the CISSP studying is done: I’ve completed reading the CISSP for Dummies book. Next (i.e., starting tomorrow) will be reviewing the note cards from the Shon Harris book, and starting to take practice tests from the Shon Harris CD, the “For Dummies” CD, and the tests found at cccure.org. The exam is April 18.

…the process on CISSP studying continues: Three domains down in the “For Dummies” book.

Well, I’ve finished the first phase of my CISSP study: I’ve made it through the Shon Harris book. The last chapter went quick: 118 pages in a little over a day. Of course, it helped that the concepts in this chapter were 95% things that I already knew: process architectures, memory management, security models, evaluation criteria. I still think my note cards on Physical Security may be a bit weak (they were the first set, and I hadn’t gotten the style down yet), but I’ll augment them as I go through the second book.

So what’s next. Well, I’m off to Colorado Springs on business in a few hours, and I’ll bring with me my note cards, the CD from the Shon Harris book, the CISSP for Dummies book (and its accompanying CD). I figure I’ll spend my non-ST&E-ing time going over all this material, and doing practice tests. I’ll keep doing that when I return… for the next month until the test. That should all reinforce it in my head.

From the Shon Harris book:

“So, partially ordered means the system has to apply the most restrictive access controls to this set, and “least upper bound” means the system looks at one access control’s statement (Kathy can read the file) and the other access control’s statement (Kathy cannot write to the file) and takes the least upper bound value. Since no write is more restrictive than read, Kathy’s least upper bound access to this file is read, and her greatest lower bound is no write.”

Arrrrgh. No. No. No.

Partially ordered means a comparison (call it dominates) can return less than, greater than, equal, or incomparable. Least Upper Bound means there is a value in the set that is greater than or equal to every value in the set, and it is the lowest such value. Greatest Lower Bound means there is a value in the set that is less than or equal to every value in the set, and is the greatest such value.

This is why this chapter frustrates me so.

During lunch I finished the penultimate domain for which I need to take notes from the Shon Harris book. Only one remains:

I’ll start on the last domain, Security Architecture and Design, tomorrow morning, but I likely won’t finish it before I head off to Colorado Springs. I figure I’ll listen to the CISSP podcasts from our course last June on the plane while studying my cards, as well as reading the CISSP For Dummies book. Once I finish the note cards, I’ll start to do any practice test I can find. I’m scheduled to take the test on April 18^th. I still plan to take the four days before the test as vacation days, hiding in the stacks at Oviatt Library to study.

Well, working through the front chapters of the Shon Harris book is continuing (I’m making up for the early chapters where I didn’t do note cards). I’ve now only got two domains remaining:

Once I’ve done all the note cards, then I’m going to start listening to the CISSP podcasts from our course last June (although I’ll likely listen to those whilst flying back and forth to COS next week), going through the CISSP For Dummies book, and starting to do any practice test I can find. I’m scheduled to take the test on April 18^th, and plan to take the four days before the test as vacation days, hiding in the stacks at Oviatt Library to study.

Yet another progress report on the CISSP studying… I just finished the last domain in the Shon Harris book: “Operations Security”. Now I get to go back to the beginning of the book, and reread the three domains where I didn’t make note cards: “Information Security and Risk Management”, “Access Control”, “Security Architecture and Design”. Luckily, these are all areas I understand pretty well. I’m probably also going to do a separate set of note cards on the (ISC)² Code of Ethics and the rules for being a CISSP, since I’m sure they will emphasize that on the exam somewhere (organizations like this often do).

For the record, the domains I have finished (i.e., with note cards) are: “Physical and Environmental Security”, “Telecommunications and Network Security”, “Cryptography”, “Business Continuity and Disaster Recovery”, “Legal, Regulations, Compliance, and Investigations”, “Application Security”, and “Operations Security”.

I’ve checked off another domain from the Shon Harris book: Application Security. I still don’t like how she does her quizzes: she seems to forget when she puts not in a question. Next up is the last domain: Operations Security, and then I go back through the ones at the front where I wasn’t doing note cards. Steady progress is good.