“Simple” is an objective property of things. “Easy” is one’s subjective perception of things. “Straightforward” refers to one can easily complete a simple thing.
Is CISSP simple? Most CISSP or security principles and concepts are simple and easy to be aware of or learn, but some are complicated, and still, some others are complex or even chaotic. The Cynefin framework or Stacey model explains the concept of simple, complicated, complex, and chaotic quite well.
Is CISSP easy? It depends because it’s your subjective perception. I encourage students to treat it as easy preemptively but prepare for it cautiously and diligently.
Is CISSP straightforward? It’s absolutely not. CISSP is not just cramming, studying, and learning; integrity, life-long learning, sharing, practicing, and walking what you’re talking about are indisposable ingredients.
It’s common for people to be confused by data abstraction and encapsulation and treat the concept of abstraction as encapsulation or information hiding. That’s not the case. The following definitions come from ISO/IEC/IEEE 24765:2017 Systems and software engineering — Vocabulary.
process of extracting the essential characteristics of data by defining data types and their associated functional characteristics and disregarding representation details
result of the process in (1)
software development technique that consists of isolating a system function or a set of data and operations on those data within a module and providing precise specifications for the module
concept that access to the names, meanings, and values of the responsibilities of a class is entirely separated from access to their realization [IEEE 1320.2-1998 (R2004) IEEE Standard for Conceptual Modeling Language Syntax and Semantics for IDEF1X97 (IDEFobject), 3.1.54]
the idea that a module has an outside that is distinct from its inside, that it has an external interface and an internal implementation
software development technique in which each module’s interfaces reveal as little as possible about the module’s inner workings and other modules are prevented from using information about the module that is not in the module’s interface specification
containment of a design or implementation decision in a single module so that the decision is hidden from other modules
I build a multi-target .NET project, DomainModel, that supports .NET framework and .NET Core and publish the Windows Form Application as the client using Microsoft ClickOnce requiring the shared DomainModel be strongly-named. However, it doesn’t make sense on a docker node in Azure.
WUSON Practice Field for Wentz Wu (a CISSP test bank) relies on the identity provider, Auth0, for authentication. When a user logs into the system for the first time, the system will create an account on Auth0 automatically. However, a user needs some roles to get access to the test bank.