Villanova U CISSP Program
#1
10-05-2006, 06:30 PM
Villanova U CISSP Program
Greetings Fellow Computer Geeks/Geekettes 
I'm wondering if anyone here has enrolled/completed the Villanova University Certified Information Systems Security Professional (CISSP) program? I'm scheduled to begin in January and I've been fortunate enough to acquire some helpful CDs and textbooks before I start the class.
I just got Larstan's "The Black Book on Corporate Security" in the mail and was reading a few paragraphs here and there. Anyone? Anyone? Anyway, just trying to see if there's anything else I can lay my hands on to prep for the course. Maybe some of you math geeks took a few classes too? Lemme know.
Also just put in my order for an Alienware Aurora m9700 laptop with all the bells and whistles. Should help with school and probably increase my on-line gaming scoring
I'm wondering if anyone here has enrolled/completed the Villanova University Certified Information Systems Security Professional (CISSP) program? I'm scheduled to begin in January and I've been fortunate enough to acquire some helpful CDs and textbooks before I start the class.
I just got Larstan's "The Black Book on Corporate Security" in the mail and was reading a few paragraphs here and there. Anyone? Anyone? Anyway, just trying to see if there's anything else I can lay my hands on to prep for the course. Maybe some of you math geeks took a few classes too? Lemme know.
Also just put in my order for an Alienware Aurora m9700 laptop with all the bells and whistles. Should help with school and probably increase my on-line gaming scoring
#2
10-05-2006, 08:56 PM
RE: Villanova U CISSP Program
The CISSP is a ball buster of an exam. 250 multiple choice questions, and 6 hours to do it in. That timeframe seems more than enough until you actually read the questions. Many of them were written by people who don't understand English very well, and tend to make up their own words. Other times, the questions are intentionally misleading and cause you to reread every question 6 or 7 times, circling key words, and praying you understood what was being asked. When you read the answers, you really pull your hair out. If the question is straightforward, the answers are not. They like to take industry standard names, and reword them.
To answer your question directly, this program really won't help. Online test are limiting. They help check your knowledge base, but they don't really reflect what the exam questions are like. If you can get ahold of practice tests that use expired questions, you will be much better off.
As for reading material, I'd recommend Shon Harris book (the big one). Mastering the 10 Domains of Computer Security (Wiley) is also good. Finally, I'd round it out with the CISSP official guide by ISC(2).
Make sure you are fully aware of Info Security Mgmt, Access Control, Networking and Telecommunications, Operational Security, and Physical Security. They make up the bulk of the exam. Application and System Dev, Architecture are not covered as much.
I studied for this exam for 2 years. I knew my stuff cold going into the exam. I could describe all the modes of DES (ECB, CFB, CBC, OFB, Counter), AES, Asymetric encryption, poly-alphabetic ciphers, running key ciphers, etc. I've been a network engineer and systems admin for over a decade so I could tear apart TCP/IP, OSI models, firewall design, etc. I can tell you the difference between fault tree, and failure mode risk assesment in my sleep. I even took the CISSP official 7 day review seminal, and I was the only person there who got above 90% (96% actually).
I walked out of that exam, thinking I failed it. I didn't, but I thought I did. It is that hard.
To answer your question directly, this program really won't help. Online test are limiting. They help check your knowledge base, but they don't really reflect what the exam questions are like. If you can get ahold of practice tests that use expired questions, you will be much better off.
As for reading material, I'd recommend Shon Harris book (the big one). Mastering the 10 Domains of Computer Security (Wiley) is also good. Finally, I'd round it out with the CISSP official guide by ISC(2).
Make sure you are fully aware of Info Security Mgmt, Access Control, Networking and Telecommunications, Operational Security, and Physical Security. They make up the bulk of the exam. Application and System Dev, Architecture are not covered as much.
I studied for this exam for 2 years. I knew my stuff cold going into the exam. I could describe all the modes of DES (ECB, CFB, CBC, OFB, Counter), AES, Asymetric encryption, poly-alphabetic ciphers, running key ciphers, etc. I've been a network engineer and systems admin for over a decade so I could tear apart TCP/IP, OSI models, firewall design, etc. I can tell you the difference between fault tree, and failure mode risk assesment in my sleep. I even took the CISSP official 7 day review seminal, and I was the only person there who got above 90% (96% actually).
I walked out of that exam, thinking I failed it. I didn't, but I thought I did. It is that hard.
#3
10-05-2006, 09:16 PM
RE: Villanova U CISSP Program
ORIGINAL: BrianAZ
The CISSP is a ball buster of an exam. 250 multiple choice questions, and 6 hours to do it in. That timeframe seems more than enough until you actually read the questions. Many of them were written by people who don't understand English very well, and tend to make up their own words. Other times, the questions are intentionally misleading and cause you to reread every question 6 or 7 times, circling key words, and praying you understood what was being asked. When you read the answers, you really pull your hair out. If the question is straightforward, the answers are not. They like to take industry standard names, and reword them.
To answer your question directly, this program really won't help. Online test are limiting. They help check your knowledge base, but they don't really reflect what the exam questions are like. If you can get ahold of practice tests that use expired questions, you will be much better off.
As for reading material, I'd recommend Shon Harris book (the big one). Mastering the 10 Domains of Computer Security (Wiley) is also good. Finally, I'd round it out with the CISSP official guide by ISC(2).
Make sure you are fully aware of Info Security Mgmt, Access Control, Networking and Telecommunications, Operational Security, and Physical Security. They make up the bulk of the exam. Application and System Dev, Architecture are not covered as much.
I studied for this exam for 2 years. I knew my stuff cold going into the exam. I could describe all the modes of DES (ECB, CFB, CBC, OFB, Counter), AES, Asymetric encryption, poly-alphabetic ciphers, running key ciphers, etc. I've been a network engineer and systems admin for over a decade so I could tear apart TCP/IP, OSI models, firewall design, etc. I can tell you the difference between fault tree, and failure mode risk assesment in my sleep. I even took the CISSP official 7 day review seminal, and I was the only person there who got above 90% (96% actually).
I walked out of that exam, thinking I failed it. I didn't, but I thought I did. It is that hard.
The CISSP is a ball buster of an exam. 250 multiple choice questions, and 6 hours to do it in. That timeframe seems more than enough until you actually read the questions. Many of them were written by people who don't understand English very well, and tend to make up their own words. Other times, the questions are intentionally misleading and cause you to reread every question 6 or 7 times, circling key words, and praying you understood what was being asked. When you read the answers, you really pull your hair out. If the question is straightforward, the answers are not. They like to take industry standard names, and reword them.
To answer your question directly, this program really won't help. Online test are limiting. They help check your knowledge base, but they don't really reflect what the exam questions are like. If you can get ahold of practice tests that use expired questions, you will be much better off.
As for reading material, I'd recommend Shon Harris book (the big one). Mastering the 10 Domains of Computer Security (Wiley) is also good. Finally, I'd round it out with the CISSP official guide by ISC(2).
Make sure you are fully aware of Info Security Mgmt, Access Control, Networking and Telecommunications, Operational Security, and Physical Security. They make up the bulk of the exam. Application and System Dev, Architecture are not covered as much.
I studied for this exam for 2 years. I knew my stuff cold going into the exam. I could describe all the modes of DES (ECB, CFB, CBC, OFB, Counter), AES, Asymetric encryption, poly-alphabetic ciphers, running key ciphers, etc. I've been a network engineer and systems admin for over a decade so I could tear apart TCP/IP, OSI models, firewall design, etc. I can tell you the difference between fault tree, and failure mode risk assesment in my sleep. I even took the CISSP official 7 day review seminal, and I was the only person there who got above 90% (96% actually).
I walked out of that exam, thinking I failed it. I didn't, but I thought I did. It is that hard.
~Steph
#4
10-05-2006, 09:58 PM
RE: Villanova U CISSP Program
CEH is fun. I really enjoyed it.
One thing to remember about CEH, is that many employers don't like to see that on a resume'. Unless you are doing PEN testing, employers forget about the first two letters and only remember the "hacking" part of the certification. Most employers feel that CEH's in a security role are dangerous. They are most likely to initiate internal attacks.
The most important thing is the knowledge, not the cert. Understanding the material, being able to apply it, and articulate information is worth far more than any piece of paper.
If you want to get into IT security, you may want to consider the Security + exam. It's not as hard as CISSP, or CEH, but it exposes you to the principles you need to know.
BTW, the exam is BIG on software piracy and copyright infringement.
One thing to remember about CEH, is that many employers don't like to see that on a resume'. Unless you are doing PEN testing, employers forget about the first two letters and only remember the "hacking" part of the certification. Most employers feel that CEH's in a security role are dangerous. They are most likely to initiate internal attacks.
The most important thing is the knowledge, not the cert. Understanding the material, being able to apply it, and articulate information is worth far more than any piece of paper.
If you want to get into IT security, you may want to consider the Security + exam. It's not as hard as CISSP, or CEH, but it exposes you to the principles you need to know.
BTW, the exam is BIG on software piracy and copyright infringement.
Thread
Thread Starter
Forum
Replies
Last Post
