Recovery Site Strategies

CISSP Practice Questions

After risk assessment, your company assigned you to prepare a disaster recovery plan to handle the identified disasters. A hot site, warm site, and cold site are common alternatives to the primary site. You are considering the backup site alternatives when preparing the disaster recovery plan. Which of the following will be your most concern?
A. Risk Appetite
B. Management Buy-in
C. Maximum Tolerable Downtime
D. Recovery Time Objective

Effective CISSP

Effective CISSP

Effective CISSP

It doesn’t matter how much you have read,
what really matters is how much you have learned.

  1. Understand every single term in the CISSP Exam Outline.
  2. Use the ISC2 official study guide. (comprehension over memorization)
  3. Read NIST and references suggested by ISC2. (a mile wide, an inch deep)
  4. Do at least 2500 practice questions. (quality over quantity)
  5. Follow Wentz’s blog and join his Effective CISSP Facebook group.
  6. Take the exam within 6 months.

Controls, Security Controls and Access Controls?

Controls, Security Controls and Access Controls?

Security Controls are grouped into 18 families according to NIST SP800-53, 14 categories in ISO 27002, and 3 categories (Administrative, Technical, and Physical) by HIPAA.

The official CISSP study guide, Sybex 8th Edition, defines 7 types of what? Types of “controls” or types of “access controls”? “Controls” are different from “Access Controls”. Access Control is just one of the families or categories in terms of NIST or ISO.

Please refer to page 79 and 582 in the Sybex 8th. You will find out the inconsistent materials.

Manage to Succeed in Your CISSP Exam

The CISSP exam is undoubtedly challenging, but you can manage to succeed as I did.
The following are the critical success factors:
  1. Discipline and Commitment
  2. SMART Goals and Study Plan
  3. Effective Study Materials
  4. Effective and Efficient Study Approach

Discipline and Commitment

  • Keep studying every day. It’s more effective to study constantly than intermittently.
  • Reserve enough funds for your CISSP.

SMART Goals and Study Plan

  • Determine your exam date. You don’t have to register and pay for the exam immediately, but I encourage you to do so in the beginning. If you feel that you are not well prepared one week before your exam date, reschedule it.
  • Evaluate how many study hours you will spend preparing for the CISSP exam. In my opinion, 250-hour is a ballpark figure for your reference. Work experience related to general management, project management, ITIL foundation, and network essentials helps.

Effective Study Materials

  • Get one and only one study guide as your primary source; If you are affordable, a second source isn’t a bad idea. I recommend the ISC2 official study guide from Sybex as the primary.
  • Make good use of the practice questions and other resources companioned with the study guide. Typically, you can register the book online to get access to the online practice questions.
  • Get a reliable source of questions for more practice.
  • Before you sit for the CISSP exam, practice at least 2500 questions.

Effective and Efficient Study Approach

  • Keep a constant and stable pace of study.
  • Use the top-down approach. Building the high-level conceptual model of information security (your study blueprint) in the first one or two weeks is crucial. Don’t dive into the details in the beginning.
  • Weigh concepts over the facts. Please do understand how the principles, processes, lifecycles, and frameworks work and how to apply them in practice. Rote learning or memorizing everything doesn’t work.
  • Study information security with a business mindset. Relate what you have learned to your job; that is, study to solve problems and deliver values.


Information Security with Business Mindset

InformationSecurityDefinitionInfoSec with Business Mindset

The PeacockCISSP_Domains

Information Security is a discipline to protect information and information systems from threats through security controls to achieve the objectives of confidentiality, integrity, and availability (Tier 3), or CIA for short, support the organizational mission and processes (Tier 2) and create and deliver values (Tier 1).

Information security shouldn’t be a silo or managed with tunnel vision. Security is pervasive and ubiquitous. It has no border or the border of security should be removed if any.

A CISSP is a certified security professional of “Information Systems”. He or she should protect the underling information systems that support business processes and the organization as the diagram shows.

PS. An information system may support one or more different business processes, but the relationship between them in the diagram is simplified.

Exam Outline Matters

Exam Outline Booklet.png

When preparing for any exams, I always stick to the Exam Outline. I bound all the exam outlines all together into a booklet as the picture shows (CISSP, ISSMP, ISSEP, ISSAP, CCSP, and CSSLP; CISM, CRICS, CISA, and CGEIT). It guides me throughout the preparation process and turns out to be effective.

The following is the download link for the CISSP Exam Outline:…/CISSP-Exam-Outline-121417–Final.ashx

Join CISSP Made Easy!