Customer Reviews

CISSP All-in-One Exam Guide, Third Edition (All-In-One Certification)

5 star:		(87)
4 star:		(32)
3 star:		(17)
2 star:		(9)
1 star:		(10)

 

 

I've read some reviews and they are very controversial, so if you feel you're getting confused read this.

I've just got a confirmation that I passed the test, and I used only this book for studying. So that books is definitly not a joke and can get you through.

Why the reviews are so different?

First, the author's style. It's more like recorded lectures then a reference. The author included some jokes and funny examples. They are perfectly correct, not abusive, they add some spice to a highly proffesional text and I personally love them because they make reading that huge book not so boring, but looks like the fact the style is different drives some people mad.

Second, the nature of the exam. The covered area is very wide and includes more topic then most people normally know and use. So many readers think the topics they know the best could be written better. The problem is because of so wide coverage you can not go deeper then a certain level. The book is almost 1000 pages long and I personally think it's well balanced and provides adequate knowledge for the test. Yes, some chapters could be extended but then you'd be overwhelmed by the volume and I doubt it would improve your passing score significantly.

Some people complained about mistakes. Well, it's true, there are some. But, it's the same idea here. They are not crucial and don't really affect your score much.

It's like if you need to get to the airport and you friend offers help you don't really care what car he has. But if you go to dealership to buy a car every minor option gets so important. Same idea here. If your goal is to pass the test, the book can be used as the only training material and provides adequate up-to-date information in a resonable volume for a pretty cheap price. The book does it's job and does it well. It also has some personality so you may love or hate it, but it's just your emotional perception. The knowledge is there.

I enjoy reading this book very much. I believe that this book is the best so far in the market for CISSP and as an introduction and survey to provide a solid framework for the field, and especially for those to prepare CISSP. It is very well written as a summary (better and comprehensive than "The CISSP Prep Guide" by Krutz, et al) with the orignial and critical sources. My delight and best part of this book: for each topic the author kindly provides the web sites (for further study and reading).

CISSP test is very general (generic, and not for a specific product or service) and thus a frustration. But that is what CISSP is about. For professional and marketable working knowledge, use this book as a framework, along with many other good books such as (1) Incident Response (by Mandia & Prosise) and (2) Hacking Exposed (2nd ed, by Scambray, McClure, Kurtz) or (3) Maximum Security (3rd ed, Anonymous), or (4) Counter Hack by Stoudis, to supplement the reading and case study.

Three weeks after I took the CISSP exam, I received an email telling me I had passed. I came out of the exam fairly confident I'd pass but one can never be too sure with the CISSP - the questions are quite ambiguous and quite often you are making an educated guess in picking out what you think is the best among the 2 choices you have narrowed down to. It has often been said that the CISSP is an exam that is an inch deep and a mile wide. You'd be lucky if you use more than half of what you studied for this exam. I am a software engineer and I know I will never have to choose which fire extinguisher to use for which kind of fire, unless I am actually struck in one!

Now here are a few tips about how to study and pass this exam effectively. Good and bad things have been said about Shon Harris's book. Most of the time people are happy with the fact that this book is a one stop shop and covers the entire curriculum quite comprehensively. Likewise, most of the time, people are frustrated by the bad jokes and the poor editing. Both charges are true. This was pretty much the only book I used to study and though I did peek into Ronald Krutz from time to time, I found that Krutz is not only a drier textbook but also that it covers a lot of detail that goes beyond the scope of the exam. For instance in the cryptography chapter, Krutz goes into the details of the algorithms in some depth that this not required for the exam. So, after all it is true that Harris's book is "All-in-One" as it claims to be. It is however entirely true that the editing is shoddy. Other people have said in their reviews that Shon Harris's lighthearted writing style makes the CISSP preparation a lot more bearable. While its okay to be light hearted and humorous, it is quite frustrating to sit down at home after a day's work at the office and have to wade through half a dozen pages before she gets to the meat of the matter. With some intelligent editing, the number of pages in this book can really be cut down by at least a third. Because of this rambling style of writing, so much of the truly useful information has been relegated to the appendices in this book. So after all this bashing, should I buy this book or not, you ask? Yes, you should buy it. Not because it is flawless but because the other books are a little more flawed than this one!

So what do you do about the long winded writing? Take notes. That way you dont have to wade through it again when you are looking for some particular piece of information the day before the exam. I took about 200 pages of notes as I read this book. The summary at the end of each chapter is very succinct, so between the summaries and the notes, I was able to revise the whole book in a couple of days just before the exam. This was truly helpful. This is probably just my style but taking notes also drove the concepts down deeper into my memory.

While it may be possible to pass this exam with just this book, you'd be well advised to try a few practice tests. I got Boson's six tests but used only three. I have complaints about the quality of the Boson tests. Several of the questions were very badly framed, some of them were out of the exam's scope and many explanations were unconvincing. Some of the URL links in the explanation were broken. There is a feedback menu item on the Boson test that I used extensively to tell them they need to improve but I know other people have done that and it is not clear Boson actually takes this feedback seriously. Despite all these complaints, I think the tests helped. Boson allows you to take the tests in chunks of sixty questions each and that helps because you don't have to set apart 6 hours at once to take the entire exam. It also helps that Boson splits your score by domain and shows you clearly where you need to improve. So despite all the deficiencies, try Boson. I have also heard from other CISSPs that PrepLogic has a good set of questions that mirror the real exam quite closely and you may want to try that out too.

The other study tool I used was Shon Harris's 3-DVD collection and this in my opinion is a total waste. You cannot use it as a standalone resource to pass the exam though it is mostly a summary of the concepts covered in the textbook. There is an occasional video that helps you understand concepts better but for the most part, you just have Harris's talking head and deadpan voice. This may have been useful if it had been an audio CD instead, at a fraction of the price.

A lot of people also have good things to say about www.cccure.org which has a CISSP discussion forum, free reading material and free practice tests. I didn't use it at all and was still able to pass but it'd be a good idea to check it out.

Good luck with your CISSP.

Dear All, I recently completed my CISSP review studies, passed the exam, and completed the CISSP endorsement process. This is a very worth while endeavor and, as someone with many years of Internet security and risk management experience, I highly recommend the CISSP certification process for everyone. Reviewing the 10 common bodies of knowledge (CBK) has value for everyone in the IT business and I am very pleased to have taken the time to review the material and complete the exam. For my self-study review, I purchased four books via Amazon: (1) The CISSP Pre Guide - Gold Edition by Ronald L. Krutz and Russell Dean Vines, (2) All-In-One CISSP Exam Guide, Third Edition by Shon Harris, (3) Official (ISC)2 Guide to the CISSP Exam by Susan Hansche, John Berti and Chris Hare, and (4) CISSP Certified Information Security Professional Training Guide by Roberta Bragg. Each of these texts came with a CDROM for practicing test questions on a Windows PC and covered the 10 CISSP CBKs. I found the first three CISSP books in my list to be helpful. Of those three, the most helpful was The CISSP Prep Guide - Gold Edition by Krutz and Vines. This book is concise, well written, and easy to read. The CDROM is excellent and nearly error free. The text is well thought out and informative. I also recommend Shon Harris' book, with reservation. I found it hard to get to the required CISSP information, at times, due to the attempts at humor in the book. The CDROM of sample test questions were also very good, albeit not as rich in features as the book by Krutz and Vines. The Official (ISC)2 Guide to the CISSP Exam by Susan Hansche, John Berti and Chris Hare was a disappointment. This book read just like a cut-and-paste from the Internet and other documents; and the companion CDROM was full of errors and omissions. After a while I stopped using this text book and focused on the first two. I am sorry to say that CISSP Certified Information Security Professional Training Guide by Roberta Bragg was a complete disappointment from every perspective. The CDROM example tests were riddled with errors and omissions. For those interested in my self-study technique, I took each book and studied one (sometimes two) of each of the CBK chapters each day. Then, I repeated the same process for each of the other books, except for the book by Bragg, which was dropped for reasons mentioned. I took all the sample tests repeatedly, before and after and then again. I must have practiced between 4000-5000 sample questions. It was challenging and enjoyable. In summary, I highly recommend Krutz and Vines and also recommend, with reservation, the book by Shon Harris. No single book can cover the entire CBK of the CISSP. The more you study, the better. Best of luck on your CISSP studies. The CISSP is certainly an experience that will improve your knowledge of the field of IT security and benefit the profession at-large.

I have been studying for the CISSP exam for several months and bought one other study guide (the Prep Guide). Studying the stack of books ISC2 indicates seemed to only confuse me and overwhelm me with what exactly was the information I needed to know for the exam and the Prep Guide flew through concepts I thought were actually very important.

The All-In-One guide seems to have an amazing amount of coverage over the concepts ISC2 indicates in their outline of topics that is on the exam. It seems like 10-12 books have been combined into one, which makes it a lot easier to understand and digest.

I am very appreciative that this book is available for me.

First some basics before I get down to the things that really tick me off.

1. Check the ISC2 blueprint for the exam, and then check the contents or index pages of this book. You will see that there are a LOT of things which this book does not cover. It is certainly not an "all in one" study guide.

2. The pages are padded out with large text and absolutely pathetic clip art. If you think you are getting 800 or so pages of good reference material, think again.

3. The author is obviously not well versed in some of the domains she covers, it seems as though she has just paraphrased a lot of material from other sources. Many sections contain technical errors, or demonstrate small points which show that she didn't know the subject she was writing about as well as she should have.

But what really bugged me the most was the absolutely poor quality control which permitted this book to be published with so many (110+) errors! I complained to the publisher who said that they had contracted out the proof reading (presumably to the local zoo).

What amazes me even more is the number of reviews here that praise the book for being well written! My advice is as follows:

If your reading experience is limited to the sport pages of your local tabloid paper, buy this book, it is perfect for you.

Or, if you prefer to read the more serious parts of a broadsheet paper, don't buy this book, it will irritate you. Buy Krutz's book instead. It also doesn't cover everything you need, but at least you won't feel the need to correct it as one might when reading a school child's essay.

In conclusion: This book isn't cheap, I think that if someone pays top dollar for a technical book they should expect that the author knows the difference between terms such as "regimen" and "regime", or that NAT doesn't run at layer 7, or that ARP is not a layer 1 protocol (just check the diagram on page 48 for an example). To summarise in one word: shameful.

The CISSP All-in-One Exam Guide was the best of the half-dozen sources that I used. I'd rate it a must-have if you want to take the exam. I also used the The CISSP Prep Guide but switched to Shon's book halfway through.

The CISSP exam is immature; that is, many of the questions appear convoluted for the sake of being obtuse. I doubt seriously if your score on this exam corralates to your true ability. That said, it is a necessary benchmark of a very broad subject. And having talked to people taking the test for second time, I'm told the test is improving. That's about all I can say about the test; you have to sign in blood not to discuss it once you take it. Most people walk out having no idea if they did well; my peers were no exception.

I took the course that Shon teaches at the Intense School (see cccure.org for a link and useful study materials). It is a great course and a terrific value. Everything is taken care of in the course cost (hotel, food, snacks - and they don't skimp). Shon is an excellent and patient instructor with an in-depth understanding. Her pointers on the test were worth about 15 extra questions right; possibily the difference between passing and not for many of us. But the course is not for the meek. It is 8:30 to 6:30 for 6 days, followed by the exam. By the 3rd day most of us (including kids 15 years younger than me) were feeling beat -- only 500 pages and halfway thru the course material. But everyone I talked with though that it was well worth it.

The only critism of Shon's book is that her sample test questions were far easier than the actual test. She admits it; her questions are to help you know if you understand the material. If her questions were like the test, everyone would think she couldn't write a decent test question (and they would be right!). But her material is dead-on.

I should have studied operational security more than I did. There was far less on cyptography - the hardest subject - than I expected. With over 20 year experience in 9 of of the 10 domains, the exam wasn't a cakewalk. But Shon's CISSP All-in-One Exam Guide did make me much more confident about passing the exam.

I have no financial or other interest in the Intense School or Shon's book. I'm just a very satisfied customer (and hopefully a CISSP now!).

Update: Got my CISSP and so did everyone is my 4 person study clique - including one person who was sure that she wouldn't pass becuase she didn't have a strong security background. So the Intense School course was a big gain for her.

The CISSP All-in-One Exam Guide is a very good jumping off point for your quest to achieve the CISSP certification. Having looked closely at both it and the CISSP Prep Guide prior to purchasing one several months ago, I found both to be solid foundations for learning but quickly came to the opinion that the Shon Harris book is far better written. Her relaxed, conversational writing style makes this a better choice for learning the basic material.

The book is not perfect, however. The index is fairly good, but not entirely thorough. The glossary is just plain lousy, but this is a fairly common complaint for technical textbooks in my experience. A glossary should contain every definable term used in a book. This one doesn't even come close. The book also implies that the bulleted summaries at the end of each chapter contain the crucial information the reader needs to know from each domain covered. This is not true at all. In reality, you will need to know everything in each chapter and quite a bit more if you want to be completely prepared for the exam. No book contains all the testable material for the exam, including this one.

Start with this book, get the basics, visit the URLs that Shon includes at the end of each section. Take notes. From there, take as many practice tests as you can get your hands on, starting with the ones on the CD included with this book. The more practice tests the better. They will not only get you used to the style of questions on the exam (this is *not* a simple fill-in-the-blank exam), but they will also quickly highlight areas of knowledge deficiency. The Boson exams are very good, as is the SRV CISSP practice book.

***Please note this review is for the 3rd Edition of this book.***

I sat for and passed the CISSP test in January 2006. I used the following resources to help in passing the CISSP:

Shon Harris - All-in-One - 3rd Edition - 30%
Official ISC Guide to the CISSP Exam - 15%
Kurtz - CISSP Prep Guide - Gold Edition - 10%
CISSP for Dummies - 5%
Cccure.org - 25%
Other resources - 15%

"All-In-One CISSP Exam Guide - 3rd Edition" by Shon Harris is a great resource to prepare for the CISSP. I read the entire book through, once, and regularly referenced it. The book can be `balmy', with a lot of fluff, but I believe it covers the 10 CBKs the most thoroughly. I found the book covered 90% of what is required for the CISSP. In particular, I did need to supplant my studies for better understanding of Disaster Recovery Planning. If you are at the later stages of preparing for the exam, the book may not be necessary. I did not beleive the questions presented any value (certainly not as much as cccure.org)

I did not find many typos/editorial mistakes in the third edition but one of interest:
-Page 924, 2nd paragraph - in relation to TCP and UDP port numbers - "The first 1024 [ports] are said to be well-known ports." Correct. The book then states "This means that a specific port number under 1025 is usually mapped to a well-known and use port." Incorrect, port numbering starts at port 0, and thus ports 0-1023 are well-known. Port 1024 is not a well-known port. Reference page 434 for clarification.

If preparing for the CISSP, I feel you cannot go wrong by studying "All-In-One CISSP Exam Guide - 3rd Edition". Prepare to chew up a few hours to get through the book, but I believe the time invested will be worth it.

I give this book 5 pings out of 5:
!!!!!

Whereas the book has a lot of good information and is easy to read, it is plagued with a lot of technical errors. These errors so detract from the rest of the book that I find the book 'dangerous' if it is to be really used for CISSP Prep. Why? Because you may be learning incorrect information.

Most of the problems are more annoying technical mis-statements than errors of critical importance. For example, Access Control: The standard definition of 'identification' is 'who you claim to be' and 'authentication' is 'proof of identity.' The book badly blurs the distinction, especially when it tries to combine identification and authentication.

Also very annoying is the fact the book does not even call the ten domains by the same names used by (ISC)2.

Some of the more picky errors include such things as calling 'NFS' an 'OSI Session Layer' protocol. NFS is built upon RPC. RPC is a session layer protocol. Yes, NFS does a few very high level sessions things, but it is dominately a presentation layer protocol. Sun, the originators of NFS, even calls it a presentation layer protocol.

In my opinion, if you are expecting a book to prep you for an exam, you should expect it to be free of technical errors. Ask yourself, "Do I want to learn the wrong information?" Hopefully, most people preparing for the CISSP exam will have enough background in each domain to recognize these missteps.

Overall, if I hadn't marked up the book, I would be asking for my money back. Recommendation: Forget this book. Instead, get the 'Official (ISC)2 Guide to the CISSP Exam.' Its not perfect, but it is a couple of orders of magnititude better.