Re: Reporting Errors in the ISC2 Self-Study ISSMP ... - Page 2

Larry_E_Potter

Where can I go to report errors in the ISC2 Self-Study ISSMP Course and Textbook?

Kaity

@dcontesti is correct! As part of ISC2’s accreditation from the ANSI National Accreditation Board (ANAB), we must demonstrate that all processes performed by the certification body (i.e., exam-related activities) are independent of training to ensure that confidentiality, information security and impartiality are not compromised. So yes, the teams work independently from one another.

All exam items are written by members holding the specific certification. We greatly appreciate the dedication our membership has shown to develop and maintain gold standard exams. If you’d like to get involved, you can learn more about opportunities for exam development at https://www.isc2.org/volunteer/volunteer-opportunities/exam-development.

Conversely, if you’re interested in volunteering as an Education Subject Matter Expert (SME) to develop material for our courses, you can find more information at https://www.isc2.org/volunteer/volunteer-opportunities/education-subject-matter-expert.

I’ve shared this thread with the folks in our education team for their attention. As mentioned on another thread, if you find an error in course material, please send it to us for review. You can find the submission form here: https://forms.monday.com/forms/69fb227889bb5158e4b3e43d8fe3f547?r=use1

Thank you everyone!!

riffjim4069

@Larry_E_Potter

I would have gone with "A: Black Box testing" as having the greatest potential...etc. However, I really don't like how the question is structed since it could be interpreted as asking which test method itself varies the most in how it's applied, rather than which test method is best suited to detect or measure operational variation in a system.

I believe the question is asking the exam-taker to demonstrate an understanding of how to best test operational system controls. You can architect, design, build, configure, and white box test them all you wish, but until the system is deployed (at least in a testing/staging area) and black box tested, you really don't know the effectiveness of those systems in an operational environment. It's the security control completeness & effectiveness that you're trying to capture along with its operational variance. Just my two-cents.

By rephrasing to “has the greatest potential for measuring or testing for operational variation”, you shift the focus to the method’s capability to reveal inconsistencies in system behavior across different operational conditions. This aligns better with the intent if the goal is to assess variation rather than the variability of the method itself. I'd re-write this question to:

Which of the following scoped test methods has the has the greatest potential for measuring or testing for operational variation?

A. Black box testing
B. White box testing
C. Gray box testing
D. There is no variance between methods

Finally, I don't have a problem with the eTextbook questions. I believe they're designed to be a repetitive and reenforced learning activity as opposed to an exam cram session. I've done several of these reinforced learning style Q&A decks that I added to Anki - mostly CompTIA, AI, or network related. I didn't like them at first (80, 90%+ correct rate seemed too easy) but much of it was refresher material, and the good Q&A decks would decompose difficult topics (into very basic elements) and link them together using repitition and reenforced learning to ensure mastery. I believe this is the format of the eTextbooks I've seen.

Cheers!

Reporting Errors in the ISC2 Self-Study ISSMP Course and Textbook