ISACA — TechExams Community https://community.infosecinstitute.com/ Wed, 16 Jan 2019 19:03:11 +0000 en ISACA — TechExams Community Cyber security audit cert https://community.infosecinstitute.com/discussion/134568/cyber-security-audit-cert Fri, 04 Jan 2019 21:16:39 +0000 ISACA scasc 134568@/discussions
thanks in advance ]]>
My ISACA CSX-P Journey https://community.infosecinstitute.com/discussion/134538/my-isaca-csx-p-journey Wed, 02 Jan 2019 06:03:27 +0000 ISACA Penguineer 134538@/discussions
I decided to go through ISACA's CSX-P course while I wait for eLearnSecurity's IHRP course to be completed. I've searched around for reviews on this course/certification and there are less than a dozen out there. I will be documenting my progress through this course/certification so that it will (hopefully) help someone decide if it's the right choice for them. 

Why did I choose this course?
1. I was looking for a hands-on blue team certification from a well-known organization 
2. I was looking for a course that aligned with common cybersecurity frameworks, explained the frameworks, and showed how to implement them
3. I am currently between jobs and have some free time/money set aside for training
4. I am waiting for IHRP to be completed.  :|

Outline of the course
The course is separated into 5 modules structured around the NIST cybersecurity framework (Identify, Protect, Detect, Respond, Recover). Each module has a few Lessons that teach you about the associated NIST cybersecurity framework domain. There are 17 lessons in total. There are also multiple labs interspersed between the lessons. At the end of each module, there is a challenge lab that tests your understanding of that module.

More information about the course outline can be found on ISACA's site (can't post the link right now)

Initial Impression of the Course

The good. The content of each Lesson. 
I am absolutely satisfied with the content of each lesson. Each lesson begins with a slide that shows how the lesson maps to the NIST framework and other frameworks such as COBIT, CSC, 800-53, etc. One of the main reasons why I took this course was to learn more about these frameworks and I think that this course definitely checks that box. However, I haven't seen any tool demonstrations in any of the slides. It has mostly been tool overviews/introductions.

The middle? The Labs associated with each Lesson. 
The labs are good in that they show you the tools/tasks that are needed to implement the associated part of the framework, but sometimes they don't align with the slides. For example, a slide will mention tools x, y, and z, but the labs will only have x and leave out y and z. Another thing that I dislike about the labs is that it sometimes tells you to run a command without telling you why. Other times it will tell you to refer to the man pages associated with a command. I wish that they would put a video before each lab that covers each tool used in the lab in more depth.

Another thing that I dislike is how unforgiving the grading software can be. If you don't close all windows before submitting you will lose points. On the plus side, some of the labs include a walkthrough video that demonstrates each step and is useful if you are stuck or fail a task.

The bad. The lessons use a weird slide/audio player.
Each lesson usually consists of 14 or more slides that are accompanied with audio. You are first presented with a slide and the audio plays when you press the play button. There are three problems I have with this slide/audio player: 1) The audio and slides are sometimes not in sync. There is usually about 5 - 10 seconds of dead air between each slide. 2) You have the option to play the audio at 2x speed but that functionality isn't working at the moment. 3) There is no auto-play? I have to click next after each slide to move on to the next slide and start the next slide's audio. A little nit picky? Sure. 

I purchased the course on December 29, 2017 and I have already finished 7/17 of the lessons. However, I read a review that said this cert is similar to the OSCP in that I would have to do additional research/labbing outside the course to pass. I plan on completing all lessons by Jan 7 and I will do additional labs/research until I take the test. I want to take the test before March 1st so that I can switch over to the IHRP. I'm not in a rush to get this cert because the whole reason for buying the course was to learn more about the frameworks.
]]>
Planning For CRISC https://community.infosecinstitute.com/discussion/134549/planning-for-crisc Thu, 03 Jan 2019 11:15:04 +0000 ISACA The_AM 134549@/discussions
Though there are already plenty of similar topics, however, I am still daring to create a new one, I would really appreciate if members provide their feedback on following.

I have extensive software application development background and for last 4 years or so I am working as an IT Auditor, I am CISA certified and now looking to gear up for CRISC, I am focusing more on ISACA's provided CRISC QA&E bank  than the official review manual (75% QA&E:30% Review Manual) as I noted during my CISA attempt that QA&E provides more insight.

I would like to hear from fellow aspirants/professionals about their view on this approach.

Regards,
Ahsan

]]>
CRISC Study Plan https://community.infosecinstitute.com/discussion/134509/crisc-study-plan Thu, 27 Dec 2018 15:22:36 +0000 ISACA ecuison 134509@/discussions
Read through the CRISC review manual at least 2x - https://www.amazon.com/CRISC-Review-Manual-6th-Isaca/dp/1604203714/ref=sr_1_1?ie=UTF8&qid=1545922093&sr=8-1&keywords=CRISC

Work through all the questions and do tests in the QAE Database

Anything else worth adding to my resources?  I am not planning on taking any formal training....

Also is it worth becoming a member to get the discount on the QAE database?  I am not sure I will be taking any other ISACA exams for 2019 for a while after this one unless I end up at a new job which if any other ISACA certs are required, will have that organization pay for all my material/training.

TIA!]]>
CISM or CRISC? https://community.infosecinstitute.com/discussion/134468/cism-or-crisc Thu, 20 Dec 2018 04:05:06 +0000 ISACA ecuison 134468@/discussions Just passed my CRISC https://community.infosecinstitute.com/discussion/134452/just-passed-my-crisc Mon, 17 Dec 2018 19:53:33 +0000 ISACA soooowutnow 134452@/discussions Passed CRISC Today https://community.infosecinstitute.com/discussion/134359/passed-crisc-today Fri, 07 Dec 2018 10:43:46 +0000 ISACA cjthedj45 134359@/discussions Hi All,

Passed CRISC yesterday!!

Study Resources:

1. 20% Kelly Handerhan CRISC videos - I thought the content was slightly off here from Kelly normally she is very good

2. 80% ISACA Q&A Database - This was the best resource for me. I did all of the questions which was about 30 hours worth. I read all of the answers even the incorrect. Concepts that I needed extra revision with I copied into a word document and read them a few times.

I did not need the review manual, but I do have a fair amount of experience and Im also CISSP and recently CISM certified which helped.

Tips: Know the difference between risk types (Inherent, Control, Relevance, Residual, Acceptance, Avoidance, Transfer, Mitigation) Know what a risk profile is and how its developed, know the difference between data owners and custodians,)

Hope that helps

]]>
CRISC - Last Minute Resources https://community.infosecinstitute.com/discussion/134340/crisc-last-minute-resources Wed, 05 Dec 2018 14:53:11 +0000 ISACA cjthedj45 134340@/discussions
​Hi All,

Are you aware of any last minute resources to cram for CRISC exam tomorrow? Any crib sheets highlighting the key concepts, or short videos? I have not found much at all?

Thanks
]]>