New CISSP Exam Change

The new CISSP exam change, effective on June 1, 2022, adds additional 25 unscored questions and one extra hour and becomes a test that has 125-175 questions in four hours.

IMO, this change substantially lowers the threshold, because the average available time to answer a question grows from 72 to 82 seconds. However, it does impose psychological pressure on exam takers with more unscored questions. It may interfere your pace and combat your confidence when answering questions.

The best strategy is to get prepared and trust yourself and answer questions with a stable pace. Don’t spend too much time in any questions. Decisions in real life also have time limits. CISSP is an awesome exam that can adequately reflect real life job practices and challenges.👍

Good luck and enjoy your CISSP journey!

https://www.isc2.org/notice/CISSP-Exam-Length

Cryptography Video Collection – F5

F5 DevCentral

  1. How RSA Works [https://youtu.be/rVQpK6NcYIE]
  2. Explaining the Diffie-Hellman Key Exchange [https://youtu.be/pa4osob1XOk]
  3. Elliptic Curve Cryptography Overview [https://youtu.be/dCvB-mhkT0w]
  4. What’s in a Digital Certificate? [https://youtu.be/XmIlynkR8J8]
  5. Perfect Forward Secrecy [https://youtu.be/IkM3R-KDu44]
  6. Explaining TLS 1.3 [https://youtu.be/VzWqnT5dErI]
  7. Is TLS Fast Enough? [https://youtu.be/V1h-UZo2Bng]
  8. Breaking Down the TLS Handshake [https://youtu.be/cuR05y_2Gxc]
  9. Whiteboard Wednesday: SSL Ciphers [https://youtu.be/BJowLVthJkc]
  10. TLS Server Name Indication [https://youtu.be/vzq2RPYiKL0]
  11. Whiteboard Wednesday: SSL Renegotiation [https://youtu.be/H8G2x0d3Bb8]
  12. What is Mutual TLS (mTLS)? [https://youtu.be/RZt9xdVh9Qk]
  13. Mutual TLS (mTLS) Detailed Handshake [https://youtu.be/JcFjp61Vz40]
  14. Crypto Offload Options [https://youtu.be/wErDvSWUbxo]
  15. What is HTTP? [https://youtu.be/LZJNj-HHfII]
  16. HTTP2 [https://youtu.be/eDyLCQxrbr8]
  17. SAML Overview [https://youtu.be/i8wFExDSZv0]
  18. DNS Express [https://youtu.be/pDIvYyHumoM]
  19. DNSSEC Overview [https://youtu.be/MrtsKTC3KDM]
  20. IPS Passthrough [https://youtu.be/ict-At5rEmU]

SSL Everywhere Series

  1. SSL Everywhere (part 1 of 8) [https://youtu.be/bWuC9lD00cY]
  2. SSL Everywhere (part 2 of 8) [https://youtu.be/rT3uYVDuocM]
  3. SSL Everywhere (part 3 of 8) [https://youtu.be/Kb5TlpSJUys]
  4. SSL Everywhere (part 4 of 8) [https://youtu.be/UIFoiUVJv-4]
  5. SSL Everywhere (part 5 of 8) [https://youtu.be/qgljhYQMs6I]
  6. SSL Everywhere (part 6 of 8) [https://youtu.be/2ykG3f4Kg_0]
  7. SSL Everywhere (part 7 of 8) [https://youtu.be/YTEZ4ykf–o]
  8. SSL Everywhere (part 8 of 8) [https://youtu.be/k6rC1TbL7_4]

Videos from Other Sources

  • Elliptic Curve Cryptography Tutorial – Understanding ECC through the Diffie-Hellman Key Exchange [https://youtu.be/gAtBM06xwaw]
  • Secret Key Exchange (Diffie-Hellman) [https://youtu.be/NmM9HA2MQGI]
  • Diffie Hellman – the Mathematics bit [https://youtu.be/Yjrfm_oRO0w]
  • 7 3 Chosen ciphertext attacks 12 min [https://youtu.be/qyS8rIQisJk?list=PLe2uy_oFXJ1cSXd-ru8Q89n5w2Eo0sVMr]

ISO/IEC 27002:2022 Controls

ISO/IEC 27002:2022 Controls by Security Properties and Control Types
ISO/IEC 27002:2022 Controls by Security Properties and Control Types
ISO/IEC 27002:2022 Controls by Cybersecurity Concepts and Security Domains
ISO/IEC 27002:2022 Controls by Cybersecurity Concepts and Security Domains

There are 93 distinct controls introduced in ISO/IEC 27002:2022. They are categorized as:
a) people, if they concern individual people;
b) physical, if they concern physical objects;
c) technological, if they concern technology;
d) otherwise they are categorized as organizational.

Control Taxonomy

Each control is associated with five attributes with corresponding attribute values (preceded by “#” to make them searchable), as follows:

  • Control type: Preventive, Detective, and Corrective.
  • Information security properties: Confidentiality, Integrity and Availability.
  • Cybersecurity concepts: Identify, Protect, Detect, Respond and Recover.
  • Operational capabilities: as the following list shows.
  • Security domains: Governance_and_Ecosystem, Protection, Defence and Resilience

Operational Capabilities

  1. Governance
  2. Asset_management
  3. Information_protection
  4. Human_resource_security
  5. Physical_security
  6. System_and_network_security
  7. Application_security
  8. Secure_configuration
  9. Identity_and_access_management
  10. Threat_and_vulnerability_management
  11. Continuity
  12. Supplier_relationships_security
  13. Legal_and_compliance
  14. Information_security_event_management
  15. Information_security_assurance
#Information_security_assurance as an attribute of operational capabilities
#Information_security_assurance as an attribute of operational capabilities

Typo Corrected

The typo of #Information_security_assurance mentioned in 5.22 is corrected on March 24, 2022.

References