The CISSP Study Guide List ver 3.2b

About this list:
================================================================
This list has been used as a study guide by a large number of
people that now hold their CISSP. While this information
cannot be a substitution for real experience in the InfoSec
field, those with the requisite experience will find this
information useful in refreshing and enlightening the broad
range that the BoK covers.

The end of the list contains tips on what to expect for the
exam, and how to be best prepared for taking the exam and
surviving for 6 hours. Many folks who now hold their CISSP
have found this list to be invaluable, and I hope you find it
of value as well.

This list is provided free (with copyright retained) as a
service to the InfoSec community at large.

Kudos to ISSA.

Fair Use: Sorry, just a few minor issues, since this bears my
name & reputation.
================================================================
You may use this list in any way you see fit, with 2 conditions:
1) You must communicate via e-mail with the author, to report:
- any stale/bad links, to continue improving this list.
- any web page dissatisfaction, in case they\'ve
declined in value since publication.
- when you pass your CISSP! :^)
2) You can share this list however you like, provided:
- no charge is ever assessed for access - this list
must remain free!
- the content between the PGP signature lines remains
unchanged.
- any comments in e-mail notes occur ABOVE the PGP
line.
- If posted online, the PGP signature is verified
before posting. PGP key available at pgp.mit.edu.

================================================================
Top 5 CISSP resources:
================================================================
1) The CISSP Open Study Guide: http://www.cccure.org/
(It\'s first on the list for a reason!)

NOTE: <See Hal\'s Presentation, below>

2) Sample Exam:
http://www.infosecuritymag.com/articles/1999/sampleexam.shtml
Sample Exam Answers & Explanations:
http://www.infosecuritymag.com/articles/1999/exam_answers.shtml

This is the only published sample exam blessed & approved by
ISC^2. Use it to gauge your weaknesses, and to understand the
format of the exam. When taking the sample exam, if you don\'t
KNOW the answer and guess correctly, this would be an area of
marginal weakness, and may indicate further study is needed.

{ Sample Exam mirrored here:
{ http://www.detectiondesintrus.com/Documents/infosecmag/
{ CISSPSampleExamOct99InfoSecMag.htm
{ Answers mirrored here:
{ http://www.detectiondesintrus.com/Documents/infosecmag/
{ CISSPSampleExamAnswersOct99InfoSecMag.htm

3) Tipton & KRause 3rd Edition:
http://secinf.net/info/misc/handbook/ewtoc.html

A major source of test questions in the past, still very useful
stuff, and it\'s FREE.

4) HIGHLY Recommended:
Signup for the CISSPStudy_1 list, run by Ginger Doetsch:
http://groups.yahoo.com/group/CISSPStudy_1
Signup for the CISSPStudy e-mail list:
http://infosec.gungadin.com/index2.shtml

5) Robert Ferrell HISM Questions:
http://www.detectiondesintrus.com/Documents/
Sample_Questions/Robert_Ferrell.doc

Thanks to Clement DuPuis for posting these awesome questions.
I used them to study, and found them to be excellent!

================================================================
Additional CISSP resources, loosely grouped:
================================================================

CISSP Prep Course materials: http://www.consec.org
CISSP Practice Exam:
http://www.cissps.com/Cissp_Exam/Practice/practice.html
CISSP Forums:
http://forum.cissps.com/ubbcgi/Ultimate.cgi?action=intro

Hal Tipton\'s Presentation: Excellent
...as in \"editor of HISM, that Hal Tipton\".

Hal provided two CISSP review courses, and then posted the
slides here. Basically, this is the CISSP Exam Prep Seminar
materials from 1999, without the 00 price tag.
http://www.detectiondesintrus.com/Documents/Hal_Tipton/Intro1.pdf
http://www.detectiondesintrus.com/Documents/Hal_Tipton/Intro2.pdf

Here are the answers to Hal Tipton\'s Questions:
http://www.detectiondesintrus.com/Documents/Hal_Tipton/answers.ppt
(Thanks to Clement DuPuis for digging these up!)

The InfoSec Management 2000 Handbook:
http://www.itknowledge.com/reference/standard/0849399742/ewtoc.html
(you only get 1-2 clicks before you have to pay, so choose
your chapter carefully!)

For Crypto Newbies: http://15seconds.com/issue/991216.htm
Crypto Made Easy:
http://www.cissps.com/Cissp_Exam/Practice/crypto.html
Intro to PKI:
http://docs.iplanet.com/docs/manuals/security/pkin/index.htm
Intro to SSL:
http://docs.iplanet.com/docs/manuals/security/sslin/index.htm
RSA Labs Crypto FAQ:
http://www.rsasecurity.com/rsalabs/faq/index.html
Bruce Schneier\'s Crypto Hotlinks:
http://www.counterpane.com/hotlist.html
W3.org\'s Internet Security Resource Page:
http://www.w3.org/Security/
TCSec Coverage WITH TESTS!!:
http://www.radium.ncsc.mil/tpep/library/ramp-modules/
(see especially 5,6,7,8,9,11 which have coverage beyond
just TCSec)

DoD Rainbow Series:
http://www.radium.ncsc.mil/tpep/library/rainbow/
(in theory no longer on the exam, but I\'ve heard rumors in
listservs that TSEC stuff still appears on the test)
Role-Based Access Control:
http://hissa.ncsl.nist.gov/rbac/
RSA\'s Crypto Glossary:
http://www.rsasecurity.com/developers/total-solution/glossary.html
RSA\'s VPN Tutorial:

http://www.rsasecurity.com/products/securid/whitepapers/vpns/index.htm
l
Computer Forensics Overview:
http://www.ddj.com/articles/2000/0009/0009f/0009f.htm
Firewalls Complete, online book:
http://secinf.net/info/fw/complete/
Trust in Cyberspace, online book (Internet Security Overview):
http://www.nap.edu/readingroom/books/trust/
TEMPEST: http://www.eskimo.com/~joelm/tempest.html

Large Archive of Security Articles:
http://www.nwfusion.com/newsletters/sec/
(Mostly Physical Security, Network Security, and Security and
Policy Management )

HUGE compendium of InfoSec sources:
http://www.infosyssec.net/index.html
(note the left-hand side, which are all the topics covered)

Computer Security Institute\'s Archive of InfoSec Articles:
http://www.gocsi.com/excerpt.htm
ACSA InfoSec Bookshelf:
http://www.acsac.org/secshelf/book001/book001.html
Discussion of Optical Lenses:
http://www.photo.net/photo/optics/lensTutorial.html
US Navy Physical Security Manual:
http://neds.nebt.daps.mil/Directives/5530_14c.pdf
Good source of quizzes: http://www.sans.org/infosecFAQ/index.htm
(remember - GIAC and CISSP have a different focus)

Many books/papers about firewalls: http://secinf.net/ifwe.html
GASSP: http://www.all.net/books/GASSP2.html
Big ol\' List o\' Crypto on Bruce Schneier\'s Site:
http://www.counterpane.com/biblio/all-by-author.html
Many miscellaneous papers, some definitely by hackers:
http://www.insecure.org/reading.html
( set grain of salt = on)

Now, once you\'ve read all that, your brain should be tired.

================================================================
CISSP Exam Tips - What to expect, & how to survive
================================================================

Sorry, no tips on questions, I\'m not allowed to share.

However, I can provide some tips that can tell you how to be
most successful at lasting for 6 hours and staying alert during
the CISSP exam:

Preparation
===========

> Make a phone call in advance to the exam host to determine
dress code for the exam. Although dress code is typically casual,
you should check with the exam host organization for their dress
code. On at least one occassion, the test was hosted in an
upscale club, and test takers without jackets were turned away.
No kidding. Kudos to Richard Jankowski & Scott Sanchez.

> Don\'t cram the night before. Get a good night\'s rest.

What to bring
==============

> Don\'t forget your photo ID and the official confirmation
letter!!!

> Bring a couple bottles of juice and water, plus some snacks (
cheese crackers, apple, etc.) in a cloth bag that isn\'t
\'noisy\'. You don\'t want to make a lot of rustling noises
during the exam.

> You might want to bring along 2 doses of Excedrin, Tylenol,
Cold & Sinus non-drowsy, Imodium AD, Rolaids, and any
prescription medicine your are on. Getting a killer
headache or heartburn during the CISSP would be rough. I
got a back-ache from a lousy chair, and took 2 Advil. :^)

> Don\'t take anything else to the exam except your photo ID
(no books, etc.) DO NOT wear a calculator or digital watch.

> In case you ignore the above point, bring along a zippered
backpack to store your phone and Palm Pilot, and stash them
in the back of the room where the proctors can secure it and
know your aren\'t compromising the exam. OOPS - don\'t do
what I did, and forget to turn your Palm Pilot alarms off.
:^)

> Get to the exam 45 minutes before it starts to chat with the
proctors about how they handle the exam, drinks, nature
breaks, etc. Ask about the proper procedures for you to get
up and stretch or use the bathroom.

> Show the proctors your bag of goodies and that it doesn\'t
contain anything except juice, water, snacks, and medicine,
and determine from them how you could have access to your
snacks during the exam.

Taking the Test
================

> Pace yourself through the exam. You should complete 50
questions every 40-50 minutes.

> After 100 questions, get up quietly and go to the back of
the room and stretch, down a juice, eat a snack and refresh
your mind for 5-10 minutes. Focus your eyes on the farthest
point you can see. This is very important to help you get
through the exam and not burn out.

> Time check: after your 1st break, your elapsed time should
be 1:30 - 2:00.

> Repeat the break when hitting the 200 and 250 question level.
This break will do wonders to keep you fresh and alert.

> REMEMBER, 25 of the questions are being asked to test the
validity of the question, so they don\'t count. If you see a
question that really zings you, just think, \"Oh, that must be
a test question, so it doesn\'t count.\" Don\'t let the tough
ones rattle you.

> As you take the exam, if you have a question that you want
to contest or otherwise comment about, you can\'t talk to the
proctor about it. However, bend the corner of the page and
jot the question number on a piece of paper so you remember
the \"questionable\" question. After the test, you are
permitted to comment on questions through a special process
the proctor will explain. Please take 20-30 minutes to do
this at the end of the test to help yourself, and others.
I\'ve heard that graders DO read them. Your well-written
statement might just be the issue that tosses out a question
you got wrong, and be the margin for getting certified. Be
calm, concise, and factual. This is not the place FOR
YELLING!!! or other emphasis. Deep cleansing breath between
each comment.

> After the test, please don\'t drive a long distance before
refreshing yourself, and don\'t plan on doing anything
strenuous... you will be dog tired and your brain will hurt.
I recommend getting a starchy meal or other complex
carbohydrates and taking plenty of electrolytes in a relaxing
setting. For me, that formula was plenty of nachos, crabdip
and a beer by the Bay. There is a point to this - while
you\'re enjoying yourself and resting, a bit more work...

> Though it\'s the last thing you\'ll want to do, within that 1st
hour after the test, take 1-2 pages of notes about all the
concepts that you were weakest on, in case you didn\'t pass.
Store this in a secure location, and pull it out if you need
to study again for the exam. You can\'t share this with
anyone, but you\'ll be glad you made the list of your weak points
if you didn\'t pass.

> But MOST IMPORTANT, don\'t forget your PHOTO ID and the
official confirmation letter!!!

I wish you the best of luck!

- - - ddh

The CISSP Study Guide List ver 3.2b - copyright 2001, 2002 by:
================================================================
Dan Houser, CISSP, SSCP, CCP, GSEC
1cissp@hushmail.com / alternate: Hello_World@bigfoot.com
================================================================
Last update: 1/14/2002

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPEL3BPi5GkWlFlcVEQLP3gCdGTkDD+endL5EcMLbA2msQM/d+o8An2Uf
e0VAYAyJ/ofTgfnDWEqeT9W1
=djQa
-----END PGP SIGNATURE-----