Monday, June 29, 2009

Thoughts from the CISSP exam....

I took the CISSP exam last Saturday but don't know if I passed. Now I can say that there was only one out of the total of 250 questions that I didn't have a clue as to what the answer was. Typically I could identify what the possible right answer was and then reason it out. The key was to answer the questions the way that the ISC2 folks would want them answered.

The one thing that really stood out for me was that this was not a technical exam - it was a managerial exam. At least, that is my perspective. Instead of being down in the trenches, the questions come at you from a higher perspective - you must be able to see the forrest for the trees. A person must think in terms of how to implement & manage an asymmetric cryptography infrastructure within an organization, not just what algorithm does symmetric cryptography use. Think in terms of what would the most effective Access Control system be for an organization - do you want something that is role based or discrectionary? And whatever solution is picked, it must be cost effective.

After taking the test, I have a new appreciation for those folks in the IT Security / Information Assurance management ranks that have to make hard decisions every day.

1 comment:

cyberteacher said...

I have taken and passed the CISSP exam. You can read about my experince during the exam and about CISSP exam preparation resources at my blog, Search for the “CISSP” in the search box.

I have a TON of great CISSP exam resources over at my site that will help you decide what your best option is:

If you have any questions, post them in the blog or e-mail directly.

Best of luck to you!