CISSP All-in-One Exam Guide [Hardcover]

Shon Harris (Author)

Book Description

ISBN-10: 0072193530 | ISBN-13: 978-0072193534 | Publication Date: December 26, 2001 | Edition: Bk&CD-Rom

This guide provides detailed coverage of all 10 subject areas tested for the ISC2 exam. There is full CISSP-based coverage of all major security considerations, including public-key infrastructures (PKI), telecommunications security, disaster recovery and physical security. Techn ical discussion sidebars offer depth of understanding not found in other certification books, and practice questions at the end of each chapter help test for comprehension and prepare readers for each subject area of the exam. Easy-to-use map of exam objectives facilitates quick access for exam review, and the book utilizes many drawing and pictures to enhance learning. The accompanying CD features commercial-grade software testing simulations.

Editorial Reviews

From the Back Cover

Prepare to pass the CISSP certification exam

Now you can prepare for the Certified Information Systems Security Professional (CISSP) exam with help from this in-depth reference. This comprehensive resource fully covers all exam objectives--as developed by the International Information Systems Security Certification Consortium --and offers essential information on IT security. Each chapter contains practice questions, sidebars with technical discussions, real-world examples, and test-taking tips, making this book a premier study tool. You'll also get valuable information on current trends in security, disaster recovery, and the benefits of obtaining this highly-coveted and advanced security certification.

Get complete details on all ten subject areas covered on the exam:

• Access control systems and methodology
• Applications and systems development
• Business continuity and disaster recovery planning
• Cryptography
• Law, investigation, and ethics
• Operations security
• Physical security
• Security architecture and models
• Security management practices
• Telecommunications and network security

About the Author

Shon Harris (Spokane, WA), CISSP, MCSE, CCNA, is a Security Solutions Architect for Getronics. Shon works in the Security Consulting Group and provides security assessment, analysis, testing, and solutions for customers. He regularly performs tasks ranging from ethically exploiting and hacking companies' Web sites, internal LAN vulnerability assessment, perimeter network vulnerability assessment, security architecture development, and policy and procedure consulting. (Ethical hacking is a service that is requested by companies to find the degree of vulnerability and exposure they have to security threats within their firewalls and Web sites.)

Product Details

• Hardcover: 977 pages
• Publisher: Osborne/McGraw-Hill; Bk&CD-Rom edition (December 26, 2001)
• Language: English
• ISBN-10: 0072193530
• ISBN-13: 978-0072193534
• Product Dimensions: 9.3 x 7.5 x 2.5 inches
• Shipping Weight: 4 pounds
• Average Customer Review: 4.1 out of 5 stars  See all reviews (155 customer reviews)
• Amazon Best Sellers Rank: #1,477,207 in Books (See Top 100 in Books)

More About the Author

Shon Harris, CISSP is the founder and CEO of Logical Security, a computer security consultant, a former engineer in the Air Force's Information Warfare unit, an instructor and an author. She has authored three best selling CISSP books, was a contributing author to the book Hacker's Challenge, a contributing author to the book Gray Hat Hacking, a contributing author to the Security Information and Event Management (SIEM) Implementation book and a technical editor for Information Security Magazine. Ms. Harris has developed a full digital information security product series for Pearson publishing.

Ms. Harris has consulted for several Fortune 500 companies in the U.S., including American Express, Warner Brothers, Bridgestone\Firestone, CitiBank, CitiFinancial, AOL, Cisco and many more. Her competencies range from setting up risk management programs and developing enterprise network security architectures to constructing enterprise-wide security programs that connects computer security and business needs in a synergistic manner.

Ms. Harris has extensive knowledge and practical experience pertaining to legal and regulatory compliance. She has worked with the largest corporations within the U.S. to become compliant with OCC, SOX, GLBA, HIPAA, PCI and SAS70. Ms. Harris specializes in risk management, governance and the development of and implementation of security metrics.

Ms. Harris has taught information security to a wide range of clients, some of which have included Microsoft, Department of Defense, Department of Energy, National Security Agency, Bank of America, Defense Information Systems Agency, RSA, U.S. Military Academy at West Point, and many financial institutions.

Ms. Harris was recognized as one of the top 25 women in the Information Security field by Information Security Magazine.

Customer Reviews

Most Helpful Customer Reviews

134 of 139 people found the following review helpful:

5.0 out of 5 stars I'll try to be serious, December 22, 2003

By 

Ruslan Moskalenko "Ruslan Moskalenko" (Pleasanton, CA United States) - See all my reviews
(REAL NAME)   

This review is from: CISSP All-in-One Exam Guide, Second Edition (All-in-One) (Hardcover)

I've read some reviews and they are very controversial, so if you feel you're getting confused read this.

I've just got a confirmation that I passed the test, and I used only this book for studying. So that books is definitly not a joke and can get you through.

Why the reviews are so different?

First, the author's style. It's more like recorded lectures then a reference. The author included some jokes and funny examples. They are perfectly correct, not abusive, they add some spice to a highly proffesional text and I personally love them because they make reading that huge book not so boring, but looks like the fact the style is different drives some people mad.

Second, the nature of the exam. The covered area is very wide and includes more topic then most people normally know and use. So many readers think the topics they know the best could be written better. The problem is because of so wide coverage you can not go deeper then a certain level. The book is almost 1000 pages long and I personally think it's well balanced and provides adequate knowledge for the test. Yes, some chapters could be extended but then you'd be overwhelmed by the volume and I doubt it would improve your passing score significantly.

Some people complained about mistakes. Well, it's true, there are some. But, it's the same idea here. They are not crucial and don't really affect your score much.

It's like if you need to get to the airport and you friend offers help you don't really care what car he has. But if you go to dealership to buy a car every minor option gets so important. Same idea here. If your goal is to pass the test, the book can be used as the only training material and provides adequate up-to-date information in a resonable volume for a pretty cheap price. The book does it's job and does it well. It also has some personality so you may love or hate it, but it's just your emotional perception. The knowledge is there.

78 of 86 people found the following review helpful:

5.0 out of 5 stars The Best Available in Market, January 29, 2002

By 

Richard K. Min (Dallas, Texas, USA) - See all my reviews
(REAL NAME)   

This review is from: CISSP All-in-One Exam Guide (Hardcover)

I enjoy reading this book very much. I believe that this book is the best so far in the market for CISSP and as an introduction and survey to provide a solid framework for the field, and especially for those to prepare CISSP. It is very well written as a summary (better and comprehensive than "The CISSP Prep Guide" by Krutz, et al) with the orignial and critical sources. My delight and best part of this book: for each topic the author kindly provides the web sites (for further study and reading).

CISSP test is very general (generic, and not for a specific product or service) and thus a frustration. But that is what CISSP is about. For professional and marketable working knowledge, use this book as a framework, along with many other good books such as (1) Incident Response (by Mandia & Prosise) and (2) Hacking Exposed (2nd ed, by Scambray, McClure, Kurtz) or (3) Maximum Security (3rd ed, Anonymous), or (4) Counter Hack by Stoudis, to supplement the reading and case study.

26 of 26 people found the following review helpful:

4.0 out of 5 stars How to study and pass the CISSP., July 13, 2006

By 

Venkat Raghavan Rangamani (Boxborough, MA United States) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: CISSP All-in-One Exam Guide, Third Edition (All-In-One Certification) (Hardcover)

Three weeks after I took the CISSP exam, I received an email telling me I had passed. I came out of the exam fairly confident I'd pass but one can never be too sure with the CISSP - the questions are quite ambiguous and quite often you are making an educated guess in picking out what you think is the best among the 2 choices you have narrowed down to. It has often been said that the CISSP is an exam that is an inch deep and a mile wide. You'd be lucky if you use more than half of what you studied for this exam. I am a software engineer and I know I will never have to choose which fire extinguisher to use for which kind of fire, unless I am actually struck in one!

Now here are a few tips about how to study and pass this exam effectively. Good and bad things have been said about Shon Harris's book. Most of the time people are happy with the fact that this book is a one stop shop and covers the entire curriculum quite comprehensively. Likewise, most of the time, people are frustrated by the bad jokes and the poor editing. Both charges are true. This was pretty much the only book I used to study and though I did peek into Ronald Krutz from time to time, I found that Krutz is not only a drier textbook but also that it covers a lot of detail that goes beyond the scope of the exam. For instance in the cryptography chapter, Krutz goes into the details of the algorithms in some depth that this not required for the exam. So, after all it is true that Harris's book is "All-in-One" as it claims to be. It is however entirely true that the editing is shoddy. Other people have said in their reviews that Shon Harris's lighthearted writing style makes the CISSP preparation a lot more bearable. While its okay to be light hearted and humorous, it is quite frustrating to sit down at home after a day's work at the office and have to wade through half a dozen pages before she gets to the meat of the matter. With some intelligent editing, the number of pages in this book can really be cut down by at least a third. Because of this rambling style of writing, so much of the truly useful information has been relegated to the appendices in this book. So after all this bashing, should I buy this book or not, you ask? Yes, you should buy it. Not because it is flawless but because the other books are a little more flawed than this one!

So what do you do about the long winded writing? Take notes. That way you dont have to wade through it again when you are looking for some particular piece of information the day before the exam. I took about 200 pages of notes as I read this book. The summary at the end of each chapter is very succinct, so between the summaries and the notes, I was able to revise the whole book in a couple of days just before the exam. This was truly helpful. This is probably just my style but taking notes also drove the concepts down deeper into my memory.

While it may be possible to pass this exam with just this book, you'd be well advised to try a few practice tests. I got Boson's six tests but used only three. I have complaints about the quality of the Boson tests. Several of the questions were very badly framed, some of them were out of the exam's scope and many explanations were unconvincing. Some of the URL links in the explanation were broken. There is a feedback menu item on the Boson test that I used extensively to tell them they need to improve but I know other people have done that and it is not clear Boson actually takes this feedback seriously. Despite all these complaints, I think the tests helped. Boson allows you to take the tests in chunks of sixty questions each and that helps because you don't have to set apart 6 hours at once to take the entire exam. It also helps that Boson splits your score by domain and shows you clearly where you need to improve. So despite all the deficiencies, try Boson. I have also heard from other CISSPs that PrepLogic has a good set of questions that mirror the real exam quite closely and you may want to try that out too.

The other study tool I used was Shon Harris's 3-DVD collection and this in my opinion is a total waste. You cannot use it as a standalone resource to pass the exam though it is mostly a summary of the concepts covered in the textbook. There is an occasional video that helps you understand concepts better but for the most part, you just have Harris's talking head and deadpan voice. This may have been useful if it had been an audio CD instead, at a fraction of the price.

A lot of people also have good things to say about www.cccure.org which has a CISSP discussion forum, free reading material and free practice tests. I didn't use it at all and was still able to pass but it'd be a good idea to check it out.

Good luck with your CISSP.