The new CISSP exam change, effective on June 1, 2022, adds additional 25 unscored questions and one extra hour and becomes a test that has 125-175 questions in four hours.

IMO, this change substantially lowers the threshold, because the average available time to answer a question grows from 72 to 82 seconds. However, it does impose psychological pressure on exam takers with more unscored questions. It may interfere your pace and combat your confidence when answering questions.

The best strategy is to get prepared and trust yourself and answer questions with a stable pace. Don’t spend too much time in any questions. Decisions in real life also have time limits. CISSP is an awesome exam that can adequately reflect real life job practices and challenges.👍

Good luck and enjoy your CISSP journey!

https://www.isc2.org/notice/CISSP-Exam-Length

F5 DevCentral

1. How RSA Works [https://youtu.be/rVQpK6NcYIE]
2. Explaining the Diffie-Hellman Key Exchange [https://youtu.be/pa4osob1XOk]
3. Elliptic Curve Cryptography Overview [https://youtu.be/dCvB-mhkT0w]
4. What’s in a Digital Certificate? [https://youtu.be/XmIlynkR8J8]
5. Perfect Forward Secrecy [https://youtu.be/IkM3R-KDu44]
6. Explaining TLS 1.3 [https://youtu.be/VzWqnT5dErI]
7. Is TLS Fast Enough? [https://youtu.be/V1h-UZo2Bng]
8. Breaking Down the TLS Handshake [https://youtu.be/cuR05y_2Gxc]
9. Whiteboard Wednesday: SSL Ciphers [https://youtu.be/BJowLVthJkc]
10. TLS Server Name Indication [https://youtu.be/vzq2RPYiKL0]
11. Whiteboard Wednesday: SSL Renegotiation [https://youtu.be/H8G2x0d3Bb8]
12. What is Mutual TLS (mTLS)? [https://youtu.be/RZt9xdVh9Qk]
13. Mutual TLS (mTLS) Detailed Handshake [https://youtu.be/JcFjp61Vz40]
14. Crypto Offload Options [https://youtu.be/wErDvSWUbxo]
15. What is HTTP? [https://youtu.be/LZJNj-HHfII]
16. HTTP2 [https://youtu.be/eDyLCQxrbr8]
17. SAML Overview [https://youtu.be/i8wFExDSZv0]
18. DNS Express [https://youtu.be/pDIvYyHumoM]
19. DNSSEC Overview [https://youtu.be/MrtsKTC3KDM]
20. IPS Passthrough [https://youtu.be/ict-At5rEmU]

SSL Everywhere Series

1. SSL Everywhere (part 1 of 8) [https://youtu.be/bWuC9lD00cY]
2. SSL Everywhere (part 2 of 8) [https://youtu.be/rT3uYVDuocM]
3. SSL Everywhere (part 3 of 8) [https://youtu.be/Kb5TlpSJUys]
4. SSL Everywhere (part 4 of 8) [https://youtu.be/UIFoiUVJv-4]
5. SSL Everywhere (part 5 of 8) [https://youtu.be/qgljhYQMs6I]
6. SSL Everywhere (part 6 of 8) [https://youtu.be/2ykG3f4Kg_0]
7. SSL Everywhere (part 7 of 8) [https://youtu.be/YTEZ4ykf–o]
8. SSL Everywhere (part 8 of 8) [https://youtu.be/k6rC1TbL7_4]

Videos from Other Sources

• Elliptic Curve Cryptography Tutorial – Understanding ECC through the Diffie-Hellman Key Exchange [https://youtu.be/gAtBM06xwaw]
• Secret Key Exchange (Diffie-Hellman) [https://youtu.be/NmM9HA2MQGI]
• Diffie Hellman – the Mathematics bit [https://youtu.be/Yjrfm_oRO0w]
• 7 3 Chosen ciphertext attacks 12 min [https://youtu.be/qyS8rIQisJk?list=PLe2uy_oFXJ1cSXd-ru8Q89n5w2Eo0sVMr]

There are 93 distinct controls introduced in ISO/IEC 27002:2022. They are categorized as:
a) people, if they concern individual people;
b) physical, if they concern physical objects;
c) technological, if they concern technology;
d) otherwise they are categorized as organizational.

Control Taxonomy

Each control is associated with five attributes with corresponding attribute values (preceded by “#” to make them searchable), as follows:

• Control type: Preventive, Detective, and Corrective.
• Information security properties: Confidentiality, Integrity and Availability.
• Cybersecurity concepts: Identify, Protect, Detect, Respond and Recover.
• Operational capabilities: as the following list shows.
• Security domains: Governance_and_Ecosystem, Protection, Defence and Resilience

Operational Capabilities

1. Governance
2. Asset_management
3. Information_protection
4. Human_resource_security
5. Physical_security
6. System_and_network_security
7. Application_security
8. Secure_configuration
9. Identity_and_access_management
10. Threat_and_vulnerability_management
11. Continuity
12. Supplier_relationships_security
13. Legal_and_compliance
14. Information_security_event_management
15. Information_security_assurance

Typo Corrected

The typo of #Information_security_assurance mentioned in 5.22 is corrected on March 24, 2022.

References

• ISO/IEC 27002:2022

Cryptology