Preparing for the CISSP exam, Part 1

The long view of security strategies for your network.

A former student recently wrote to me with a request for suggestions on what to read in preparing for the CISSP exam. I decided to answer him by writing an essay that readers of this column who are thinking about the exam could also use. By the end of the essay, I had so much material I was forced to chop it up into smaller pieces to fit the constraints of this column, so here's part 1 of 4.

* * *

The key to passing the CISSP exam, in my opinion, is daily attention to expanding one's exposure to interesting and thought-provoking information and ideas in the field. As you know from my constant reiteration of the point in our classes at Norwich, I have nothing but contempt for cramming - it is not possible to remember what is learned in a rush for very long. Indeed, I teach all my students to use SQ3R (Survey/Question, Read/Recite, Review) a well-established study method that pays off with long-term integration and retention of knowledge. Readers may want to use my one-page summary, available from my Web site in HTML and in PDF.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

A former student recently wrote to me with a request for suggestions on what to read in preparing for the CISSP exam. I decided to answer him by writing an essay that readers of this column who are thinking about the exam could also use. By the end of the essay, I had so much material I was forced to chop it up into smaller pieces to fit the constraints of this column, so here's part 1 of 4.

* * *

The key to passing the CISSP exam, in my opinion, is daily attention to expanding one's exposure to interesting and thought-provoking information and ideas in the field. As you know from my constant reiteration of the point in our classes at Norwich, I have nothing but contempt for cramming - it is not possible to remember what is learned in a rush for very long. Indeed, I teach all my students to use SQ3R (Survey/Question, Read/Recite, Review) a well-established study method that pays off with long-term integration and retention of knowledge. Readers may want to use my one-page summary, available from my Web site in HTML and in PDF.

Anyone committed to professionalism should read a wide range of reputable publications and participate in serious discussion groups.

Some of my favorite electronic newsletters are the following:

Computerworld Newsletters:

Disaster Recovery
Security
Infrastructure & Control
Security: Issues and Trends
Virus and Vulnerability Roundup

“CRYPTO-GRAM” from Bruce Schneier

“DHS Daily Open Source Infrastructure Report” from the U.S. Department of Homeland Security

“EFFector” from the Electronic Frontier Foundation

“EPIC Alert” from the Electronic Privacy Information Center

Network World Newsletters:

Identity Management
Network Access Control

“ITL Computer Security Bulletins” from the National Institute of Standards and Technology Information Technology Laboratory Computer Security Division’s Computer Security Resource Center

“RISKS Digest” from the Association for Computing Machinery Committee on Computers and Public Policy

SANS Newsletters:

@ RISK: The Consensus Security Vulnerability Alert
NewsBites

ZDNet U.K. newsletters

IT Whitepapers
Security

More resources in my next newsletter.

Read more about security in Network World's Security section.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.