반응형

웹 검색을 하다가 CISSP 참고 싸이트를 알려 주는 것을 발견 했습니다..혹시  CISSP 자격증 공부 하시는 분들은 참고 해 보시면 좋겠습니다...


You may use this list in any way you see fit, with 2 conditions:
1)
 
You must communicate via e-mail with the author, to report:
       
- any stale/bad links, to continue improving this list.
       
- any web page dissatisfaction, in case they've
         
declined in value since publication.
        - when you pass your CISSP! 
:^)
2)
 
You can share this list however you like, provided:
        - 
no charge is ever assessed for access - this list
           
must remain free!
        - 
the content between the PGP signature lines remains unchanged.
        - 
any comments in e-mail notes occur ABOVE the PGP line.
        - 
If posted online, the PGP signature is verified
            before posting. 
PGP key available at pgp.mit.edu.

================================================================
Top 5 CISSP resources:
================================================================
1)
  The CISSP Open Study Guide:  http://www.cccure.org/ 

       
(It's first on the list for a reason!)
NOTE:
  See the left side, "Hal Tipton, Intro I" and 
"Hal Tipton Intro 2" - as
in "editor of HISM, that Hal Tipton".
He provided two CISSP review courses, and then posted the slides here.
 
Same
stuff you'd pay for in a CISSP Review class, but for free.

2)
  Sample Exam: 

  http://www.infosecuritymag.com/oct99/sampleexam.htm 

This is only published sample exam blessed & approved by ISC^2 Use it to gauge
your weaknesses, and to understand the format of the exam.
 
When taking the
sample exam, if you don't KNOW the answer and guess correctly, this would be an
area of marginal weakness, and may indicate further study is needed.

3)
 
Tipton & KRause 3rd Edition:
 
http://secinf.net/info/misc/handbook/ewtoc.html
A major source of test questions in the past, still very useful stuff, and it's
FREE.

4)
  HIGHLY Recommended:
Signup for the CISSPStudy_1 list, run by Ginger Doetsch:
 
http://groups.yahoo.com/group/CISSPStudy_1
Signup for the CISSPStudy e-mail list:
 
 
http://infosec.gungadin.com/index2.shtml

5)
  Why be a CISSP? :
 
http://www.infosecuritymag.com/oct99/profcert.htm

================================================================
Additional CISSP resources, loosely grouped:
================================================================

CISSP Prep Course materials:
  http://www.consec.org
CISSP Practice Exam:
  http://www.cissps.com/Cissp_Exam/Practice/practice.html
CISSP Forums:
 
 
http://forum.cissps.com/ubbcgi/Ultimate.cgi?action=intro

The InfoSec Management 2000 Handbook:
 
http://www.itknowledge.com/reference/standard/0849399742/ewtoc.html
 (you only get 1-2 clicks before you have to pay, so choose your chapter
carefully!)

For Crypto Newbies:
 
http://15seconds.com/issue/991216.htm
Crypto Made Easy:
 
 
http://www.cissps.com/Cissp_Exam/Practice/crypto.html
Intro to PKI:
  http://docs.iplanet.com/docs/manuals/security/pkin/index.htm
Intro to SSL:
  http://docs.iplanet.com/docs/manuals/security/sslin/index.htm
RSA Labs Crypto FAQ:
 
 
http://www.rsasecurity.com/rsalabs/faq/index.html
Bruce Schneier's Crypto Hotlinks:
  http://www.counterpane.com/hotlist.html
W3.org's Internet Security Resource Page:
  http://www.w3.org/Security/
TCSec Coverage WITH TESTS!!:
http://www.radium.ncsc.mil/tpep/library/ramp-modules/
  (see especially 5,6,7,8,9,11 which have coverage beyond just TCSec)
 

DoD Rainbow Series:
 
http://www.radium.ncsc.mil/tpep/library/rainbow/
(in theory no longer on the exam, but I've heard rumors in listservs
that TSEC stuff still appears on the test)
Role-Based Access Control:
 
 
http://hissa.ncsl.nist.gov/rbac/
RSA's Crypto Glossary:
  http://www.rsasecurity.com/developers/total-solution/glossary.html
RSA's VPN Tutorial:
 
 
http://www.rsasecurity.com/products/securid/whitepapers/vpns/index.html
Computer Forensics Overview:
  http://www.ddj.com/articles/2000/0009/0009f/0009f.htm
Firewalls Complete, online book:
  http://secinf.net/info/fw/complete/
Trust in Cyberspace, online book (Internet Security Overview):
 
 
http://www.nap.edu/readingroom/books/trust/
TEMPEST: http://www.eskimo.com/~joelm/tempest.html

Large Archive of Security Articles:
 
 
http://www.nwfusion.com/newsletters/sec/
  (Mostly Physical Security, Network Security, and Security and Policy
Management
 
)

HUGE compendium of InfoSec sources:
 
http://www.infosyssec.net/index.html
  (note the left-hand side, which are all the topics covered)

Computer Security Institute's Archive of InfoSec Articles:
 
http://www.gocsi.com/excerpt.htm
ACSA InfoSec Bookshelf:
 
 
http://www.acsac.org/secshelf/book001/book001.html
Discussion of Optical Lenses:
 
 
http://www.photo.net/photo/optics/lensTutorial.html
US Navy Physical Security Manual:
 
 
http://neds.nebt.daps.mil/Directives/5530_14c.pdf
Good source of quizzes:
http://www.sans.org/infosecFAQ/index.htm
(remember - GIAC and CISSP have a different focus)

Many books/papers about firewalls:
http://secinf.net/ifwe.html
GASSP:
  http://www.all.net/books/GASSP2.html
Big ol' List o' Crypto on Bruce Schneier's Site:
  http://www.counterpane.com/biblio/all-by-author.html
Many miscellaneous papers, some definitely by hackers:
  http://www.insecure.org/reading.html
( set grain of salt = on)

Now, once you've read all that, your brain should be tired.

,