"... I've also been in the infosec field for a good many years, and I've discovered What we do at work, usually isn't the correct answer.. Sounds odd, but it turns out to be true."
The view of the CISSP test is always "top down" not "bottom up". You can have worked in the field and you have processes which work for your organization, but are you fully implementing best practices?
The CBK of the CISSP is framework much like ITIL. Many companies choose what components they can implement due to organizational maturity and business needs.
> j_M007 (Contributor I) posted a new reply in Certifications on 07-25-2018 05:19
> Yep. That's likely why it's better to call them "good practices" instead of > "best practices" for ITIL and all of the other compendia out there, including > our own dear CBK.
When I wrote the dictionary, I defined: best practice (1) the gold standard for security buzzphrases.
gold standard the best practice in describing your standard, if you want people to buy into it
There was an extended discussion on the use of the phrase "best practice" on the CISSPforum in July of 2005.
====================== (quote inserted randomly by Pegasus Mailer) email@example.com firstname.lastname@example.org email@example.com [M]any US tourists were put off visiting Europe on the grounds that they would be targeted by terrorists. Some US tour groups started wearing maple leaf and similar Canadian motifs so as to feel safer from attacks. However, statistics suggest that you are much more likely to suffer personal violence in many US cities than in many perceived European trouble spots. - Angus McIlwraith victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade
............ This message may or may not be governed by the terms of http://www.noticebored.com/html/cisspforumfaq.html#Friday or https://blogs.securiteam.com/index.php/archives/1468