I knew if I wanted to pass the CISSP the first time, I’d need to eat, sleep, dream, breathe the CISSP.
Studying for the CISSP became a strong part of my everyday thinking. I’d wake up thinking about DRP/BCP, and I’d go to sleep thinking about Mandatory Access Control.
When spending some quality time with my wife watching movies, I’d start to notice helpful CISSP concepts in some movies.
“Hey, I’m studying that for the CISSP!” I’d say.
Here’s a list of movies (and some TV shows) that incorporate aspects of the CISSP, and helps you relate to some practical use of concepts.
If you have any suggestion, let me know and I’ll update the list!
Security and Risk Management
Breach – Robert Hanssen worked for the FBI and was a double agent for Soviet and Russian Intelligence. Hanssen had a high security clearance, and had need-to-know access to a treasure of highly classified files. At one point, he was put in charge of the very team that was supposed to track down the agency’s mole (which was him all along). He was the ultimate insider threat.
Apollo 13 – DRP/BCP procedures when facing malfunctions aboard a space shuttle.
Interstellar – The importance of not just DRP (resolving the immediate disaster), but also insuring and practing BCP (the long-term approach of keeping the business alive, or in the case of the movie, the human race)
The People v. O. J. Simpson: American Crime Story (TV Show) – The importance of proper chain of custody
The Sopranos (TV Show) – A mafia crime family exemplifies the importance of proper security governance, insider threats, and malicious threats to the organization.
Hackers – Great film that incorporates aspects of social engineering, shoulder surfing, dumpster diving, phone tapping….and hacking.
WarGames – A great movie that uses the wardialing process to find vulnerable modems
The Imitation Game – A great movie centered around the art of decrypting the German Enigma machine. It also talks about the father of modern computing Alan Turing, as well as the cryptography concepts of known-plaintext attack.
A Beautiful Mind – Another movie with elements of cryptography, namely frequency analysis
The Numbers Station – A remote code station in England uses One-Time Pads in order to relay messages between spies and headquarters.
U-571 – The story of American sailors who board a German U-Boat in order steal an Enigma cipher machine.
Communication and Network Security
White House Down – Hacker helps terrorists take over the White House and nuclear missiles
Mr. Robot (TV Show) – Probably one of the most accurate representations of network security in the real world as translated to media. It also deals with social engineering and physical security.
Silicon Valley (TV Show) - A dissimilar group of tech friends create a compression algorithm that propels to startup fame. Along the way they touch upon network security, database management, proper and improper coding life cycles, physical security, and BCP/DRP measures. The show also provides a satirical, yet accurate, picture of the tech startup environment.
I.T. – An obsessed IT worker stalks his boss and takes over the devices in his house, deals with IoT.
Firewall – Use of firewall access lists and bypassing data center security (but not really).
The Net - Has social engineering and some good 80s computer hacking scenes. Probably about 40% based in reality.
Sneakers - Encryption. General hacking. Social engineering. And Robert Redford demonstrates an easy way to defeat an electronic keypad.
Snowden - Encryption. IPSec VPNs. Information security espionage.
Swordfish - A former black hat hacker is blackmailed into creating a worm in order to compromise a bank's security.
Identity and Access Management
GoldenEye (or any James Bond movie) – Deals a lot with biometric authentication or voice authentication
Mission Impossible 3 (or any Mission Impossible movie) – Deals with palm, facial, retina, masquerading, DNA authentication and identity confirmation.
Who Am I - A German techno-thriller about a small hacker group who becomes popular after compromising the files of a federal intelligence agency. Great movie to understand social engineering and some elements of pen testing.
Security Assessment and Testing
The Matrix Reloaded – The Architect’s explanation of an anomaly in the Matrix programming which created Neo. The Matrix code wasn’t tested thoroughly, hence the creation of multiple Neos.
Crimson Tide – Shows the use of dual-control
The Sum of All Fears – Shows the use of dual-control
Software Development Security
Superman 3 – Richard Pryor embezzles money from his company by performing a salami attack
Office Space – Also deals with a salami attack
The Matrix – A great movie to relate to the software development security domain as it deals with coding, worms, viruses, buffer overflow, artificial intelligence and software bugs.
The Pursuit of Happiness - Stay Motivated! I’m sure some of you will agree with me that the ending of this Movie “The Pursuit of Happiness” is simular to the emotional feeling you get when you get the “Congratulations” when they hand your your results of your CISSP exam! You cannot describe that feeling only experience it ! Keep going ! stay focused !! never give up !! fight and against all obstacles ! (Contributed by Kevin White)
If you see a movie that could be added to this list, let me know!