Scribd
Upload
147 views

CISSP CASE Concept

This document discusses a case study activity to help students practice analysis skills for the CISSP exam. It provides context for how cases simulate real-world security problems and require analyzing situations from the perspective of a CISSP. The document instructs students on different levels of case activities from entry to advanced. It also provides an example exam question and discusses how to identify the key decision makers and business risks involved in a case, rather than focusing only on technical solutions. The overall goal is for students to strengthen their analytic thinking and problem-solving abilities for security management situations.

Uploaded by

babu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
147 views

CISSP CASE Concept

This document discusses a case study activity to help students practice analysis skills for the CISSP exam. It provides context for how cases simulate real-world security problems and require analyzing situations from the perspective of a CISSP. The document instructs students on different levels of case activities from entry to advanced. It also provides an example exam question and discusses how to identify the key decision makers and business risks involved in a case, rather than focusing only on technical solutions. The overall goal is for students to strengthen their analytic thinking and problem-solving abilities for security management situations.

Uploaded by

babu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

2021 CASE

CISSP-Case FAST
FAST VERSION

Dean Bushmiller CISSP+32

Dean.Bushmiller@ExpandingSecurity.com
Case Progression

CISSP-Case FAST
Students read short case
Students propose business problem
Dean picks best 2 problems
Students solve problem in CISSP way
2
Dean defines best solutions & critiques

Dean.Bushmiller@ExpandingSecurity.com
WHY CASES?

CISSP-Case FAST
Exam requires 40-50% Analysis
This activity is how you build analysis skill
Analysis is your job as a CISSP
No one is good at analysis without practice
3

Dean.Bushmiller@ExpandingSecurity.com
EXAM QUESTION - WHY YOU LEARN WITH CASES

CISSP-Case FAST
The Company is reviewing its virtual private network (VPN) strategy. Its current vendor has a proprietary
encryption protocol in place based on the Data Encryption Standard (DES). The one main office has a
1.5Mb connection to the Internet. It has 200 remote users on a variety of operating systems platforms. The
primary uses for the remote users are order entry, timesheet reporting, and online meetings. The company
has 1,000 clients that connect to the intranet for a custom order entry solution. Clients use the HTTPS
protocol and a fixed password per account. They are willing to replace the current solution if a cost-effective
alternative is available. The Company priorities’ are security of remote connections and client connectivity.
4
Which of the following is best for high-speed remote access that uses VPNs?

A. TLSv1.3 with ISDN


B. Cable modems with DSL
C. Modem pools with DSL
D. IPSec with ISDN

Dean.Bushmiller@ExpandingSecurity.com
CASES IN CONTEXT = EXAM QUESTION

CISSP-Case FAST
Who are you representing?
Organization / Mission
NOT individual
What is your role?
Chief Information Security Officer
5
NOT technician
What are your limits?
BIGGEST WIDEST ANSWER for all
NOT technical solution
This activity works well for 40% of exam questions
10-20% Scenario questions
Dean.Bushmiller@ExpandingSecurity.com
CASE PRACTICE

CISSP-Case FAST
Get a feel & ask questions

For skill building we will stay in ONE domain


When learning
6
you cannot do all at once
You will be tempted to go with what you know

Dean.Bushmiller@ExpandingSecurity.com
DIFFERENT LEVELS / TRY ALL BUT KNOW YOU ARE STRETCHING

CISSP-Case FAST
Entry:
DO NOT JUMP AHEAD TO SOLUTION
Intermediate:
All done by you in BLUE FORM
Advanced:
1. E - Read
2. E - Set Domain & Terms
3. E - List the core principle that is violated 7

4. E - Identify decision makers (more next)


5. I - Define business problems
6. I - List value at risk
7. I - Propose solution as sentence
8. A - Question can you ask for engagement

Dean.Bushmiller@ExpandingSecurity.com
WHICH OF THESE IS A CISSP DECISION MAKER? (Q&A W/#)

CISSP-Case FAST
1. User 8. Board of directors
2. Help Desk 9. C-level
3. Incident response 10. CISO
4. Business partner 11. Human resources
5. Vendor 12. Legal 8

6. Customer 13. Regulators


7. Auditor

Dean.Bushmiller@ExpandingSecurity.com
BIGGEST MISTAKE “LACK OF X” IS NOT A PROBLEM

CISSP-Case FAST
“The problem is a lack of security/ firewall/ policy”
That is the solution.
That make this YOUR problem to solve.
By stating the problem without the solution
9
You analysis skill is much stronger
You technical stuff looks like a small part of problem
BEST way define
RISK to business with impact on whole business
We are here to analyze Management of Security

Dean.Bushmiller@ExpandingSecurity.com

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy