A Milestone Achieved!

2019/08 – 2020/09 A milestone achieved!

  • My first book is dedicated to my parents and aims to share my perspective on the discipline of Information security.
  • The 2nd book is a conclusion/compilation of Wentz QOTD for the past year.
  • The 3rd, in Chinese, is my contribution to local CISSP communities in Taiwan.

I believe hard working always pays back.

2019/08 – 2020/09 里程碑達成!

  • 我的第一本書是獻給 父母親的, 同時也表達我對資安這門學問的一些看法.
  • 第二本書是過去一年我的每日一題的總結/匯整.
  • 第三本是中文的,是我對台灣本地CISSP社群的回饋.


Test-Driven Study/Learning

Dear all,

If you’ve bought The Effective CISSP: Practice Questions, please do read my justification on my blog and research to learn from the question. This book and Wentz QOTD are a learning tool instead of an evaluation one.

It helps you clarify concepts and learn by topics. If you intend to use it to “evaluate” your performance, please finish the study guide at least once. It’s expected that you will score between 40% to 80%. If you score above 70%, your performance is pretty good. I believe you will feel comfortable with the real exam.

Please don’t feel frustrated, use my book correctly will help you clarify concepts and learn more!

Please don’t hesitate to comment to let me know how my book is helping or discouraging you. Thank you very much for your kind support! I hope you kill the beast as your planned schedule! All the best!!

Best regards,

Data Analysis vs. Data Analytics

Analysis is focused on understanding the past; what happened and why it happened. Analytics focuses on why it happened and what will happen in the future.

Source: Wikipeida

  • Some treat data analysis as a process, part of data analytics, while data analytics as a discipline.
  • Data analysis answers, “What happened?” while data analytics answers, “Why, and What will happen next?
  • Data analysis relies on descriptive statistics, while data analytics relies on inferential statistics.



Attribute-Based Access Control (ABAC)

An access control method where subject requests to perform operations on objects are granted or denied based on:

  1. assigned attributes of the subject,
  2. assigned attributes of the object,
  3. environment conditions, and
  4. a set of policies that are specified in terms of those attributes and conditions.

Source: NIST SP 800-263

Context-Based Access Control (CBAC)

The term CBAC is coined by Cisco, not a typical access control mechanisms you encountered in most of the CISSP study guides or NIST guidelines.

The Context-Based Access Control (CBAC) feature of the Cisco IOS® Firewall Feature Set actively inspects the activity behind a firewall.

Source: Cisco


  • Software-defined networking (SDN) abstracts the control over the flow of data by separating logical control rules from physical data forwarding into the control plane and the data plane. Logical control rules are programmable as software, while sophisticated data-plane functionality is virtualizable through Network function virtualization (NFV).
  • Software-defined security (SDS) is a security model that exploits SDN/NFV to enforce network security by security software on generic servers abstracting security appliances, such as Firewall, IDS, etc.

Three Question Levels

I divide Questions into three levels:

  • Level I: Review questions test how well you have learned from a book.
  • Level II: Integration questions test how well you know about a certain subject matter.
  • Level III: Synthesis questions evaluate if you can apply what you have learned to solve a problem.

The Test-Driven Study emphasizes testing is part of the learning process. You can learn by answering questions and reading books iteratively.

My book, The Effective CISSP: Practice Questions, is a collection of Wentz QOTD that provokes thinking. You can buy it from Amazon. It’s compiled as a tool for learning by testing or test-driven study. Readers need to read the explanation and do research to learn on a certain topic. I hope you enjoy it!