CISSP Exam - Understanding Security In A Holistic Manner And Learning Above Technology

For years I have heard people complain about having to learn things for the CISSP exam that are not useful in their life. When I was preparing for the exam a few years ago, I said the same types of things. People also have the belief that they are required to understand security through (ISC)2's view for this exam, which is so detached from reality. The thought on both of these statements is that someone would have to memorize bits and pieces and other trivial facts for the exam that are not helpful in their career – thus a waste of time. Again, I fell into this bucket when I studied and took the exam forever ago. Now I view it in an entirely different angle.

I realized that since I have written books and taught for many years CISSP training classes, I have a greater understanding of the material than I would have if I just studied and took the test and moved on with life.

The things that people complain about having to learn (Bell Lapadula, Biba, Clark-Wilson, etc.) will be of much benefit to a comprehensive understanding of security in a holistic manner instead of just getting a mechanical understanding of what constitutes security. Many technical people seem to think that learning anything above technology is a waste of their time. This is a common thought patterned because they are stuck in a realm that dictates that anyone who does not understand technology like they do are inferior. But companies are not in business to just have software and networks in place. The software, network, and systems are just some of the tools the company utilizes to manage and grow their business. So getting a deeper know-how that are above technology, commonly referred to as soft skills, are actually more critical in the world of business – which is where we all live and work.

Although I am very much frustrated with the way that the questions on the CISSP exam are worded (confusing, vague, subjective), I have a great appreciation for the actual Common Body of Knowledge CBK. I was already a security consultant before I took the exam, and then I wrote books, and taught CISSP – and I am still a security consultant, but my view on security as against my knowledgebase has significantly changed.

I, like most people, concentrated on the security topics relevant to my current job. At the time on-line banking was just coming to the market (yes I am that old) and I worked with programmers, software architects, project managers, analysts, and end customers – all focusing on on-line banking . I sure as hell was not interested in the different types of fire suppression, access control models, trusted computing base or any security topic outside of where I lived, worked and breathed in.

Logical Security CISSP course provides comprehensive training in all 10 domains of the Common Body of Knowledge (CBK). Gain a complete and deeper understanding of CISSP by visiting http://www.logicalsecurity.com/education/education_courses_cissp.html.