Introduction to the CISSP-ISSEP Exam

April 28, 2011 By Mitchell Rowton 4 Comments

The Information System Security Engineering Professional (ISSEP) is a CISSP concentration that specializes in security engineering. In addition to the ISSEP, there are two other CISSP concentrations, the Information System Security Architecture Professional (ISSAP) and the Information System Security Management Professional (ISSMP). The ISSAP overlaps with many of the technical concepts from the CISSP, the ISSMP overlaps with many of the management aspects. The ISSEP is an entirely different animal with a distinctive U.S. government flavor to it.

CISSP-ISSEP

About the Exam

The ISSEP exam is made up of 150 questions and has a four hour time limit. Like other ISC2 test, 25 of these questions are used for research purposes only and are not counted when determining your grade. You need a 700/1000 to pass the exam. The domains and questions were developed by ISC2 in conjunction with the U.S. National Security Agency (NSA). Because of the NSA’s participation in question development, you may notice a different style and tone between ISSEP and CISSP questions.

[Read more...]

Filed Under: General Information Tagged With: , ,

10 Ways to Get Free CPE’s for Your CISSP

April 23, 2011 By Mitchell Rowton 3 Comments

Free CPEThe CISSP certification is automatically renewed after three years as long as you have stay on top of the minimum Continuing Professional Education (CPE) credits and Annual Maintenance Fee (AMF). CPE’s are divided into two groups. Group A CPE’s cover “Direct Information Systems Security Activities” and align with one of the 10 Common Body of Knowledge (CBK) domains, while group B CPE’s cover “Professional Skills Activities.” ISC2 provides the following ideas for getting CPE’s.

  • Attending educational courses or seminars
  • Attending security conferences
  • Being a member of an association chapter and attending meetings
  • Serving on the board for a professional security organization
  • Volunteering for a government, public sector and other charitable organizations, including (ISC)2 volunteer committees
  • Completing higher academic courses
  • Providing security training
  • Publishing security articles or books
  • Participating in self-study courses, computer-based training or Web casts
  • Reading an information security book or subscribing to an information security magazine

[Read more...]

Filed Under: General Information

10 Things I’ve Learned From Taking 6 ISC2 Exams

April 14, 2011 By Mitchell Rowton 10 Comments

Things I learned taking ISC2 examsI’ve taken ISC2 exams six times. This includes failing the CISSP the first time I took the exam, then passing on the second attempt. I also committed the ultimate dumb ass mistake of letting my CISSP expire because I didn’t get enough CPE credits. This forced me to take the CISSP exam for the third time (and passed). Next I took the CAP exam. After this I took the CISSP-ISSEP concentration. I was told that I failed this so took it again six months later. Failed again. Then, months later I got the “woops, you really passed both times” e-mail from ISC2. I was one of the lucky folks caught up in the ISC2 erroneous grading debacle. So what did I learn after sitting through six ISC2 exams?

1. Bring food and water

The CISSP exam can last 6 hours. Thats an eternity to sit at a desk reading frustrating questions. You don’t want the added aggravation of being hungry or thirsty. Not only is it distracting but can have a negative effect on your comprehension and patience. I know people that suggest gimmicky food or drinks.

[Read more...]

Filed Under: Interviews and Stories

CISSP Salary Survey and a Grain of Salt

April 13, 2011 By Mitchell Rowton 1 Comment

CISSP SalaryI don’t trust salary surveys because they don’t take into account all of the variables that go into a persons salary. These variables include location, experience, education, certifications, and the company. Most salary surveys only take into account one or two variables and completely ignore the others. While these other variables do get included within an “average” this average can be so much different than your salary range that it doesn’t do any good to know it.

Will a CISSP in West Virginia make the same salary as a CISSP that lives in Chicago? Of course not. If you are a new security analyst that just obtained a CISSP, you probably won’t make as much money as a senior CISO that has had the CISSP for years. Likewise, some consulting businesses offer high reward salaries, while also offering high risk (and more travel). Will a high school dropout make as much as a CISSP with a doctorate? You can see how these wildly different scenarios make for a wildly inaccurate salary survey.

[Read more...]

Filed Under: General Information

5 Tips for Passing the CISSP

April 9, 2011 By Mitchell Rowton Leave a Comment

1. Don’t sweat the details

Five tips for passing the CISSPIt’s easy to get caught up on details, especially memorizing facts. While the CISSP does have detailed answers that depend on you knowing facts, it’s much more important to understand concepts. Don’t get me wrong, you have to put in the effort required to memorize terms and concepts, but you can’t rely on this to pass the exam.

We all know that many of the questions are difficult. You will either immediately know the answer or you won’t. When you don’t know the answer you have to count on your understanding of the concept to help you pick the most likely answer based on the intent of the question.

2. Studying for the CISSP is like learning to subnet

Remember when you learned to subnet? At first it seemed like voodoo black magic that inexplicably produced answers that couldn’t be explained. That’s because you need to apply multiple concepts at one time in order to subnet. As you learn to subnet, you first learn one of the concepts. This creates the strange sensation of learning something, yet not getting any closer to understanding it. After you learn all of the basic concepts then you suddenly have an “ah ha” moment and understand the entire process. The CISSP is the same way.

[Read more...]

Filed Under: General Information Tagged With: ,

Open Systems Interconnection (OSI) Layers

April 3, 2011 By Mitchell Rowton 1 Comment

CISSP OSI LayersThe Open Systems Interconnection (OSI) model has seven layers that define network communication. For the CISSP exam, you need to understand the order of the layers, what layer number is assigned to each layer name, and the function of each layer. Each layer performs a defined function for the layer above it and communicates with its peer layer over an interface.

The OSI model is an ISO standard. Contrary to the acronym, ISO stands for International Organization of Standardization, not International Standards Organizations.

[Read more...]

Filed Under: CISSP Study Guides Tagged With: ,

Bell-LaPadula Access Control Model – Not Just a Funny Name

April 2, 2011 By Mitchell Rowton 3 Comments

Bell La-PadulaThe Bell-LaPadula model is used to enforce access control within the government and military. It was developed by David Elliott Bell and Leonard J. LaPadula, hence the funny name. The Bell-LaPadula model focuses on confidentiality. While the formal model may not be applicable for most uses, the terminology and concepts are still important to passing the CISSP exam. As you review the model, think of the military uses of clearance levels, it will make understanding easier.

Unclassified < Confidential < Secret < Top Secret

In a nutshell, the Bell-LaPadula model prevents a user with a Secret clearance from viewing a Top Secret document (no read up). It also prevents a user from putting Top Secret information within a Secret document (no write down). In this model, the entities are divided into subjects and objects. Think of subjects as users and objects as computers or documents. To determine whether access is allowed, the clearance of a subject is compared to the classification of the object and a determination is made as to whether the subject is authorized for the specific access mode.

[Read more...]

Filed Under: CISSP Study Guides Tagged With: ,

The First Thing You Should Do After Deciding to Take the CISSP

March 2, 2011 By Mitchell Rowton 2 Comments

Schedule it. That doesn’t mean to mentally pick a date that you plan on taking it. It means you go to ISC2′s website, pick a date, location, and pay for the exam. When you’re done with that, go tell everyone you know that you scheduled the CISSP.

CISSP ScheduleDoing this creates stress. In the post “How I failed the CISSP“, I talked about how stress is a great motivation. If you don’t have a healthy amount of anxiety then you will be less likely to put in the hard work.

First, if you fail the test you will loose the money you spent on it. ISC2 doesn’t give refunds for failed test. I know this from personal experience. Second, its very embarrassing to admit to your friends and coworkers that you failed the test. Especially if they have already have the CISSP certification. I also know this from personal experience.

[Read more...]

Filed Under: General Information

How I Failed the CISSP

February 27, 2011 By Mitchell Rowton 4 Comments

I took the CISSP in 2004 with two friends from work. I failed and they both passed. Here’s why-

In 2001 I took my first IT certification test- Cisco’s CCNA. I had heard this was a difficult exam but didn’t have an opportunity to actually talk to someone who had taken it. Because it was my first cert, I was very scared and nervous. I had absolutely zero confidence in my ability to pass it. Fortunately, I was also leaving the Marine Corps and was even more scared about being unemployed.

Failed the CISSPI paid a friend cash and he let me use his credit card to order a CCNA book and register or the exam. I studied for about a month, going through what I would describe as an “academic fight or flight” scenario. I was reading the book every chance I got, more than was probably healthy. I could do hexadecimal conversions in my sleep and subnet during breakfast.

When the big day came to take the exam I felt reasonable confident. The exam was schedule to last 90 minutes, I finished in 17. Passed with flying colors. Either the test was much easier than I expected or I simply over studied for it. I assumed the latter and chalked it up as a learning experience.

[Read more...]

Filed Under: Interviews and Stories Tagged With: , , ,

How to Register for the CISSP Exam

January 27, 2011 By Mitchell Rowton Leave a Comment

To register for the CISSP first go to ISC2′s exam search page. This page handles the registration for the testing and training. If you only want to schedule the exam and not training, make sure you set the “type” drop down selector to “examination”. Otherwise you’ll spend 10 minutes trying to find the perfect location and date, only to learn that the exam isn’t open to you.

Register for CISSPUnless you live in a really big city it’s best to only select your Country/State, and then just scroll through the options for city and date. The examination locations are usually either an educational institution or a hotel. I’ve taken test in both and prefer hotels. For me, the examinations are usually a long drive and early in the morning. So I prefer to stay in the hotel, get  a good nights sleep, and wake up to a nice breakfast.

If you’re taking the exam following training then the vendor will set up the exam for you, all you will have to do is fax them paperwork.

[Read more...]

Filed Under: General Information Tagged With: ,
« Older Posts