Exam - Learning Above Technology and
Understanding Security in a Holistic Manner"
Contributed By Shon Lee Harris
For years I have heard people complain
about having to learn things for the CISSP exam that they would never
use in their life. When I was studying for this exam several years ago,
I also had the same perspective as others. I also hear people saying
that they are required to understand security through (ISC)2's view for
this exam, which does not match with reality. The contention of these
statements is that someone would have to memorize items for the test
that are not useful in their professional life - thus a waste of time.
Again, I was also in the same boat when I prepared and took the exam
ages ago. Now I see it completely differently.
I realized that since I have authored
books and taught CISSP classes for many years, I understand the material
at a much greater degree than I would have if I just studied and took
the test and moved on with life.
The things that people complain about
having to learn (Bell Lapadula, Biba, Clark-Wilson, etc.) are very
beneficial to their understanding of security in a holistic manner
instead of just focusing on their original thought of what makes up
security. Many technical people seem to think that learning anything
above technology is a waste of their time. This thinking is common to
these people because they think of anyone who does not understand
technology like they do as inferior. But most companies are doing
business not just to have software and networks in place. The software,
network, and systems are just a few of the tools the company uses to
support and further their business. So understanding things that are
above technology, commonly referred to as soft skills, are in reality
more essential in the business world - which is where we all live and
Although I am very much frustrated with
the manner that the questions on the CISSP exam are worded (confusing,
vague, subjective), I have greater appreciation of the actual Common
Body of Knowledge CBK. I was already a security consultant before I took
the exam, and then I wrote books, and taught CISSP - and I am still a
security consultant, but the difference in my knowledgebase and view on
security has drastically changed.
I, like most people, concentrated on the
security topics relevant to my current job. At the time on-line banking
was just coming to the market (yes I am that old) and I worked with
programmers, software architects, project managers, analysts, and end
customers - all doing on-line banking . To be honest at that time I was
the least interested in the different types of fire suppression, access
control models, trusted computing base or anything outside of my domain
of topics that I lived, worked and breathed in.
Don't be left
behind. Get a comprehensive
CISSP training from Logical Security. Visit
Copyright © 2008 Virtual Resource Systems. All Rights Reserved.