Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
funkychicken
Contributor I
‎08-06-2024 06:21 AM
‎08-06-2024 06:21 AM

Areas which I needed focus on

Hey there study group. After all the years of working in security and infrastructure there are a few areas which I had dealt with and a few areas which i needed more study on. Here I will list the areas which I needed more help with that aided with the exam.

 

Security Models - knowing the difference between the models and how/where they are used. For example The Bell-La Padula Model vs Biba Model. Not just these but other models too

 

CIA Triad - Knowing that the CIA triad is the core of everything, it is important to remember that this is also the case in the exam. Ensure that you remember this for every question and know the differences.

 

IAM - Know the methods used for IAM, protocols used, what can be used where, what has been superseded (oAuth2) and how they are implemented for example what is the idP and what is the SP.

 

Frameworks - Know what is used for financial frameworks, health frameworks, compliance frameworks know the SOC report types

 

OSI Layer - This is always going to important. You don't just need to know each layer and its number, but you need to know what layer do sessions run on? What layer does SMTP work on? Which layer contains segments and which layer contains frames ? 

 

Ports and IPs - certain IP ranges are reserves for private use. Know /24 vs /25. Completely understand port 1-1024 and what they are used for. Know that anything over 1024 is not a standard port. You will need to know services on non standard ports example SQL on 1433. If you have not working in networks then this is a big learning curve 

 

Perimeter Security - IDS vs IPS vs Firewall vs Proxy vs App Proxy vs Stateful firewall. Know the differences.

 

Risks - the CISSP has a big focus on risks. In fact the whole of IT and technology in general is risk based. Whenever you do anything you need to think what the impact is, who its going to affect, what the rollback plan is. 

 

DR and BC - One of the most least exciting topics but one of the most important topics. From the CEO down to every worker, DR and BC includes everyone. The CEO agrees the policies, the workers implement them. Know your RPO, RTO, your types of recovery, your types of sites (warm, hot etc)

 

Law and Legislation PCI-DSS,  The Canadian cyber security skills framework, GDPR, California law, SOX and others. 

 

Everything else on the exam made sense. I think this was down to me working in the environment on a day to day dealing with incidents, managing change control, working in ITIL and managing organisational risk. A lot of these subjects overlap with the CISSP - especially ITIL frameworks, risk management and incident management. If you have not worked in this type of environment before then I think its going to be difficult to understand some of the elements unless you have actually been a part of them. But it does help to read about them and understand them. 

Reply
0 Kudos
0 Replies