CISSP Study Tips – Movies with CISSP Exam Concepts

Studying for and passing the CISSP exam is not an easy task.  It requires a combination of CISSP training, reviewing, studying, and practice tests.  Many test candidates invest in a good study guide such as the CISSP Exam Cram by Michael Gregg.

CISSP Exam Tips

The CISSP exam is not easy; most individuals have stated that it requires a significant amount of work and understanding of the CISSP mindset. If you’ve been busy studying, you know that it’s good to have an occasional break. Recently, someone suggested to me that a good way to take a break might be to watch a few CISSP approved movies.  While there’s not an official CISSP approved movie list, there are some movies that have concepts that can be applied to the CISSP certification exam.   Some movies can even provide some tips as to good and bad security practices. Each domain of the 10 CISSP exam domains has been included:

1. Domain I: Operations security

  • Crimson Tide: Dual Control
  • Wargames: Wardialing

2. Domain II: Access control

  • Sneakers: Authentication, “my voice is my password”
  • Enemy of the State: Tempest, “all the walls are lined with copper”
  • Firewall: Bypassing/hacking access control

3. Domain III: Cryptography

  • Beautiful Minds: Frequency Analysis
  • National Treasure: Polyalphabetic cipher
  • The Falcon and the Snowman: Cryptographic attacks and the One Time Pad
  • From Russia with Love: Side Channel Attacks

4. Domain IV: Security architecture and design

  • Matrix: Assemble Code and buffer overflows
  • Goodfellas: Entering the club through the kitchen door. Poor authentication, (reference monitor)
  • Men in Black: Biba model – National Enquirer reference
  • Trading Places: Brewer Nash Model

5. Domain V: Telecommunications and network security

  • Pet Detective: The opening of the movie where Jim kicks the box. IP is like postal delivery no guarantee of service
  • Die Hard with a Vengeance: SCADA Hacking

6. Domain VI: Business continuity and disaster recovery

  • Apollo 13: Emergency Response
  • Poseidon: Disaster Recovery
  • Titanic: Shows the importance of BC/DR testing

7. Domain VII: Legal, regulations, compliance, and investigations

  • Cheech and Chong: The courts don’t return contraband
  • Enron Smartest Men in the Room: Ethics
  • Dirty Harry: Do you feel lucky, warrant, and seizure

8. Domain VIII: Application security

  • Office Space: Separation of Duties, least privilege, salami attack
  • Superman: Salami Attack
  • The Net: Backdoor program and hacking

9. Domain IX: Information security and risk management

  • 21: Risk Management
  • Breach: Insider risk

10. Domain X: Physical (environmental) security

  • Independence Day: Halon discharged to contain fire in lab
  • The Italian Job: Locks and lock picking
  • Sherlock Holmes: Physical Entry and bypassing physical controls
  • Hackers: Dumpster Diving, reference to the Orange Book (TCSEC)

I know there has to be more movie references that have study tips I have probably missed.  If you have one you would like me to add to the list and feel it applies to a specific concept needed for certification, let me know and I’ll be glad to add it.  Finally, I hope you enjoy the break.  Just don’t make it too long!

This entry was posted in IT and Computer Security, Security Certification, Training and Education and tagged , , , . Bookmark the permalink.

Comments are closed.