CISSP第一次考試結果

Thank you for sitting for the Certified Information Systems Security Professional (CISSP)® examination on 10/26/2008. We recognize and commend the significant personal commitment you made with regard to the testing experience, as well as the time and effort spent preparing for the exam. We are sorry, however, to inform you that you did not achieve a passing score. Your scaled score on the examination was 634. A scaled score of 700 or higher is required to achieve a PASS status on the examination.

To help you understand how you performed on the examination, the content areas that are tested in the exam are listed below. Next to each domain is a ranking number that indicates your relative performance in answering the questions for that domain. For instance, the numeral 1 indicates your highest scoring domain, and the number 10 indicates your lowest scoring domain

ACCESS CONTROL (6)
TELECOMMUNICATIONS & NETWORK SECURITY (4)
INFORMATION SECURITY & RISK MANAGEMENT (9)
APPLICATION SECURITY (8)
CRYPTOGRAPHY (3)
SECURITY ARCHITECTURE & DESIGN (7)
OPERATIONS SECURITY (2)
BUSINESS CONTINUITY & DISASTER RECOVERY PLANNING (5)
LEGAL, REGULATIONS, COMPLIANCE & INVESTIGATIONS (1)
PHYSICAL (ENVIRONMENTAL) SECURITY (10)

We hope you will reapply to take the exam again. The above performance information should guide you in your preparation efforts. If you haven't previously acquired a copy of the Study Guide or Candidate Information Bulletin (https://www.isc2.org/cgi-bin/request_studyguide.cgi?displaycategory=694), it is highly recommended that you do so. In addition,CBK® Review Seminars are also available through (ISC)² and could be effectively utilized by focusing on the course modules corresponding to those domains requiring the most improvement.

For examination retakes, you must complete and submit the examination application again. The application provides (ISC)² with contact information and requires that you demonstrate the mandatory experience. Through the application, you will also execute the Candidate Agreement, select your test site and date, and submit the appropriate fee. Visit www.isc2.org for registration information.

Thank you for your participation, and we wish you the best of luck in your future endeavors.


(ISC)² Services

[CISSP]TelecommunicationAndNetworkSecurity

nmap
ARP spoofing(ARP cache poisoning)
MAC flooding
spoofed_vpn_server


PPTP相關文章
is still vulnerable to offline password-guessing attacks from hacker tools such as L0phtcrack. At this point we still do not recommend Microsoft PPTP for applications where security is a factor.
PPTP
PPTP
PPTP
L2TP
CHAP

EAP
EAP
EAP
RADIUS

802.1x可以被session hijacking破解

ATM,Frame Relay,PSTN
IPSec-1
IPSec-2

kerberos
network attack
S-HTTP

email spoofing

DDOS攻擊類型
Tribal Flood Net
Stacheldraht
Trinoo

[CISSP]道德規範

https://www.isc2.org/cgi-bin/content.cgi?category=12
四大點的每一個小點，都必須看
會考20題左右

CISSP上課記錄-1

老師說只要讀上課的官方教材或是再買一本第三方的書籍(如ALL IN ONE)，補齊教材看不懂的
基本上就夠了，也可以去ISC網站，買Guide to the CISSP CBK，內容比上課教材更齊全，考古題只建議去這裡做http://www.cccure.org/，不過考試題目都是199幾年就有了未見更新，考試費用，分16天前報名499美金和599美金，今年4月底前報名才有499美金，之後就變為549美金，考上後，每年需繳85美金，每年需上40學分的研討會或是課程，只要有關資安，都可以自己上網填寫，官方組織並不會要求證明，換言之有交85美金，基本上就可以維持證照的有效性，3年會換一次證照，只要一年沒交85塊，3年到，證照就會失效

這張證照是以資訊主管角度來討論資訊安全，強調資安的廣度，而不是技術深度，台灣目前大約250人拿到此證照

課程內容以降低資安風險為主要考量

Availability:可用性
Confidentiality:機密性
Integrity:完整性
此三點在十大領域，每個領域都要考量到這三點

CISSP重點放在內部資安(70%)，外部資安(30%)
資安政策需要企業高層支持，資安主要用來支持業務賺錢，如果導入資安造成業務不能推動，當然要以業務為優先
導入資安，要做成本效益分析，投資80萬防止30萬損失，則不需要做，此為風險接受，會有計算題，意思就是錢要花在刀口上

風險只能降低，不可能變為0，