Busting Through the Myths About the CISSP exam
Certification: CISSP - Certified Information Systems Security Professional
There are several myths that circulate about the CISSP exam. However, once you sit for the exam, you realize that all the things said about the exam are far from the truth. Why do people come up these myths? People come up these myths to scare the exam candidates and influence them into buying a particular product.
1. The exam is completely new
The people who made up the myth sought to make the candidates buy the exam from only one outlet. However, although the exam does change, it changes gradually over the years. It takes a reasonable time to incorporate the experimental questions into the exam. For this reason, the exam done in the previous year is not completely different from the one that students sit for in the current year. In addition, the exam composers retain a question that seems to be effective for a long time. What normally happens is that exam composers introduce new questions and gradually remove old questions. Therefore, the changes in the exam do not occur abruptly. The exam changes to the extent of 5-10 percent every year.
2. Evaluators use a curve in grading the exam
Evaluators never grade the exam on a curve. The exam consists of 250 questions; 225 are experimental, and 225 are graded questions. All the exam versions must have a 70 percent passing. The questions have different weighting, and it is difficult to tell which one of two different questions carries more marks. What the exam composers do is try to make all the versions of the exam at least 99 percent similar to each other. Thus, when two students sit for different versions of the exam, the difference between the two exams is less than 1 percent. In other words, two versions of the exam are slightly different but not completely different. In the event that one form of exam is harder than the other forms, the score for the entire exam drops by a very small percentage. For this reason, it is common to find an odd score such as 593.
3. You must attain a score of 70 percent in every domain
It is not true. According to psychometrics, the exam measures the whole of the candidate. Initially, the candidate had to pass in every domain. However, in the recent past and recently, if you fail in one domain, it does not mean that you fail the exam. Failing in one domain will only affect your chances of achieving a high score.
4. Official courses or ISC books give you some leakage
The assumption is not true. There are two independent bodies; one is prepares the training material while the other prepares the exam. According to the ISO 17024 standards, two bodies should not work together.
5. Cramming Technical Knowledge gives you an advantage
The myth is misleading because the CISPP is a management exam. Knowledge in technology and security enables a candidate to single out the wrong answers. However, sometimes your expertise in decision-making may help you choose the correct answer.
Unfortunately, the myth has rubbed off to the instructors who instead of teaching candidates to understand, they teach them to pass the exam. It is also unfortunate that some instructors do not shy off from telling students that some questions will not appear on the exam when students seem to concentrate much on such questions. You will be shocked to realize that the instructors encourage candidates to memorize areas that the exam covers.
6. The exam tests things that candidates will never apply in real-life
Some people claim that they had to learn things that the CISPP exam tested yet these things were not applicable in their lives. Thus, they claim that the exam makes people learn things that are irrelevant in their career and is, therefore, a waste of time.
When a candidate is about to sit for the exam, this is what they would think. However, the topics that people complain about such as Clark-Wilson, Biba and Bell Lapadula are important to their understanding of security as an umbrella topic rather than focusing on the components of security only. Most people are of the opinion that learning what is above technology is a waste of time. Technical people are only interested in understanding technologies within their profession but make the mistake of forgetting that security comprises of many factors other than technologies.
7. The exam makes candidates learn security through the eyes of the (ISC) 2.
Some people who have sat for the CISSP exam claim that the (ISC) 2 imposes their perception about security on them. They claim so because of the exam's setting. What they forget is that, the material that you study in order to sit for the exam is not a product of the (ISC) 2. In contrast, the material is in fact part of the National Institutes of Standards and Technology (NIST) documents and other top-notch resources in the information security industry. The reason people make the assumption that the (ISC) 2 imposes their view of security on the CISSP candidates is that they are shallow readers; they are yet to read comprehensive material that deals with security in a correct and structured way. Professionals only think of security in the realm of their profession and fail to understand security as a wide topic.
People also think that the (ISC) 2 imposes their view on security because of the many years that they spend learning about security in a different view. After many years of believing that their view is the correct one, it is difficult to convince them otherwise. However, it turns out that the view that they have upheld for so long is very shallow, and the view by (ISC) 2 is deeper and more comprehensive.
Related IT Guides
- 10 Domains that the CISSP covers
- Become (and stay) a CISSP on a Budget
- CASP Vs CISSP Security Certifications: Choose the Best
- Earning CISSP CPE Credit with blog posts
- How the 2012 CISSP CBK was built up?
- How to develop applications by being a CISSP
- Topics that you need to study most for becoming a CISSP