WebApp Sec mailing list archives
RE: Notes from CISSP class with Dr. Eric Cole
From: "Lyal Collins" <lyal.collins () key2it com au>
Date: Mon, 10 Oct 2005 20:36:20 +1000
I disagree regarding CISSP and some other certification processes. The "knowledge measurement" process in this case is based upon knowing certain terminology and the related definition inside and out as used by the individuals in the certifying body. Think of the english language - while the USA, Canada, England and Australia all speak english, we all misunderstand each other at times because some terms are used differently. Lunch and dinner can be the same meal time in some places but separate meals in others. The principle of them being a meal is the same, however. Based on sample CISSP questions I've looked through, such differences affect about 5-10% of the questions in my view. So it seems the safest pass strategy is to buy a set of the study material, answer the questions (from the same vendor as the study material) the way the study material state, then return to real life work and real life security based on the same principles that CISSP tries to verify that one posesses. Regards, Lyal -----Original Message----- From: Harley David [mailto:David.Harley () cfh nhs uk] Sent: Monday, 10 October 2005 6:10 PM To: webappsec () securityfocus com Subject: RE: Notes from CISSP class with Dr. Eric Cole
the CISSP answers are structured around knowing definitions, terminology and concepts particular to CISSP study materials, not those used in real life nor real life complexity in systems and security management.
But that is real life... Exam-based certifications are based on knowledge of a predetermined body of what the certifying organization defines as knowledge, more or less by definition. Problem solving in a real life situation may be based on that Common Body of Knowledge, as ISC2 call it, but exams generally attempt to measure knowledge, rather than skill in -applying- knowledge. -- David Harley This e-mail is confidential and privileged. If you are not the intended recipient please accept our apologies; please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Please inform us that this message has gone astray before deleting it. Thank you for your co-operation.
Current thread:
- Notes from CISSP class with Dr. Eric Cole Saqib Ali (Oct 02)
- Re: Notes from CISSP class with Dr. Eric Cole Garth Somerville (Oct 04)
- Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Oct 05)
- RE: Notes from CISSP class with Dr. Eric Cole Lyal Collins (Oct 05)
- Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Oct 05)
- <Possible follow-ups>
- RE: Notes from CISSP class with Dr. Eric Cole Harley David (Oct 10)
- RE: Notes from CISSP class with Dr. Eric Cole Lyal Collins (Oct 10)
- RE: Notes from CISSP class with Dr. Eric Cole Harley David (Oct 11)
- RE: Notes from CISSP class with Dr. Eric Cole Lyal Collins (Oct 11)
- RE: Notes from CISSP class with Dr. Eric Cole Michael Krzeszkowski (Oct 11)
- RE: Notes from CISSP class with Dr. Eric Cole Lyal Collins (Oct 11)
- Re: Notes from CISSP class with Dr. Eric Cole danew123 (Oct 11)
- Re: Notes from CISSP class with Dr. Eric Cole Eoin Keary (Oct 11)
- Re: Notes from CISSP class with Dr. Eric Cole dreamwvr (Oct 11)
- Re: Re: Notes from CISSP class with Dr. Eric Cole f_kenisky (Oct 11)
- Re: RE: Notes from CISSP class with Dr. Eric Cole f_kenisky (Oct 11)
- RE: RE: Notes from CISSP class with Dr. Eric Cole Craig Wright (Oct 12)
- RE: Notes from CISSP class with Dr. Eric Cole PPowenski (Oct 12)
(Thread continues...)
- Re: Notes from CISSP class with Dr. Eric Cole Garth Somerville (Oct 04)