CISSP Certification All-in-One Exam Guide, Fourth Edition (Hardcover)

by Shon Harris (Author)
Key Phrases: data security standard, star property rule, dedicated security mode, All-in-One Exam Guide, Application Security, Operations Security (more...)

Editorial Reviews

Product Description

All-in-One is All You Need

Fully revised for the latest exam release, this authoritative volume offers thorough coverage of all the material on the Certified Information Systems Security Professional (CISSP) exam. Written by a renowned security expert and CISSP, this guide features complete details on all 10 exam domains developed by the International Information Systems Security Certification Consortium (ISC²). Inside, you'll find learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations. CISSP All-in-One Exam Guide, Fourth Edition will not only help you pass the test, but also be your essential on-the-job reference.

Covers all 10 subject areas on the exam:

• Access control
• Application security
• Business continuity and disaster recovery planning
• Cryptography
• Information security and risk management
• Legal, regulations, compliance, and investigations
• Operations security
• Physical (environmental) security
• Security architecture and design
• Telecommunications and network security

The CD-ROM features:

• Simulated exam with practice questions and answers
• Video training from the author
• Complete electronic book

About the Author

Shon Harris, CISSP, MCSE, is the president of Logical Security, an IT security consulting and training company. She is a former engineer in the Air Force's Information Warfare unit, an instructor, and the bestselling author of the previous three editions of this book. Shon has taught computer and information security to a wide range of clients, including RSA, the Department of Defense, the Department of Energy, the National Security Agency (NSA), and many more.

Product Details

• Hardcover: 1145 pages
• Publisher: McGraw-Hill Osborne Media; 4 edition (November 9, 2007)
• Language: English
• ISBN-10: 0071497870
• ISBN-13: 978-0071497879
• Product Dimensions: 9.4 x 7.3 x 2.3 inches
• Shipping Weight: 4.6 pounds (View shipping rates and policies)
• Average Customer Review: 4.1 out of 5 stars See all reviews (29 customer reviews)
• Amazon.com Sales Rank: #1,975 in Books (See Bestsellers in Books)

  Popular in these categories: (What's this?)

  #1 in	Books > Computers & Internet > Programming > Algorithms > Cryptography
  #1 in	Books > Computers & Internet > Certification Central > Publisher > Osborne-McGraw-Hill
  #2 in	Books > Computers & Internet > Networking > Network Security

Customer Reviews

Most Helpful Customer Reviews

31 of 32 people found the following review helpful:

5.0 out of 5 stars King of the hill for Security Tome, December 24, 2007

By	Stephen Northcutt (Kauai, HI USA) - See all my reviews (REAL NAME)

I have exchanged email with the author and we have had a few phone calls, but I cannot say that I know Shon Harris well. However, after reading the 4th edition of her very successful book, I feel I know her better. I love the humor in the italics at the beginning of sections and - warning - sometimes in line with the technical material. I appreciate the plain, clear, as simple as possible, way the information is presented. It would be easy to make these concepts sound hard, Shon does not do that, not ever; thank you! The charts and graphics on the main do a fantastic job of making the information clear. She does an extraordinary job of moving between well written prose and bullet points in a style reminiscent of Dorothy Denning. At three inches thick and running over 1100 pages, one certainly cannot fault her for leaving critical information out. This is on par with the Matt Bishop book of being the Information Security Tome. I can't say that I learned that much reading the book since I do security all day, every day and have done so for years, but I never got bored and I went cover to cover ( not counting the detailed index in the back and the "so you want to be a CISSP in the front) and I was astounded by the author's craft, she tells the story of security as well as anyone ever has.

You do not need me to vouchsafe the value of this book ( and the CD) to prepare for the CISSP exam. If Shon is not the best known author, she is certainly in the top two or three in this category. But, I believe this book has another equally important role. It is perfect for the CxO that wants to understand what security is, what they need to know about it. I understand the knee jerk response to that is, "you cannot ask a CEO to read 1100 pages". Actually, the successful senior executives in the world are generally quite good at reading a LOT of information in a SHORT period of time. Shon is accurate, the writing is excellent, the diagrams help with "knowledge compression", a CFO interested in security can zip through this like a zero turn mower on a two acre MacMansion.

Nitpicks, sigh, I wish ISC2 had settled on the standard approach to incident handling instead of creating their own broken one. The Quantum Cryptography section is actually Quantum Key Exchange, but hey! That is a nitpick, no reader of this book actually needs to know the difference. And critics will be overjoyed because Shon seems to have threat, risk, and vulnerability in the right pidgeon holes. The most serious flaw in the book is in chapter 12, Hack and Attack Methods, some of that stuff I know cold and I got a bit confused reading that section, but it is the end of the book and my guess is that folks were getting tired. A few network traces would go a long way towards bringing that section to life. And you know what? The book remains 5 stars. Even if that section was spot on, even if the thirty weak pages out of the 1070 strong pages were perfect, the book is not designed to prepare the reader to be an IPS analyst. The overall message is clear and compelling, the bad guys do evil things with packets; I get the message so will the reader, let's move on.

The bottom line, if you think you know security and want to test your knowledge, buy the book, fire up the CD, install the test software and give yourself a run. Shon is a great author, but she has also compiled an awesome set of questions. Yes, they will prepare you for the CISSP exam, but they will also help you test your knowledge of security and your ability to think critically. If you have further questions about the book, or you disagree with my review, drop me a line and let's talk about it, stephen@sans.edu.

32 of 35 people found the following review helpful:

2.0 out of 5 stars Bigger books, less knowledge, July 19, 2008

By	vaaesthete (Virginia USA) - See all my reviews

Not sure why this book is so highly rated. Having taken (and passed) the CISSP several years ago, I need to retake this exam and bought three books for review and study purposes. I have a previous version of the Harris book and it is ~900 pages. This new version is 1100+ pages, but seems to be filled more with fluff and some of the actually useful knowledge has been removed! One example which stands out is the removal of the effectiveness and acceptance charts for biometrics methods. This is an important concept and it is entirely ignored in this version. Other things have been changed to no real benefit. The CIA triad (as is the de-facto acronym, even in her previous book) has been renamed to the ICA triad. There is no reason for this.
Finally, the entire book is written in a dumbed-down, cutesy fashion in an attempt (I believe) to make the book more approachable. All it has done, IMO, has increased the number of pages, possibly forcing out relevant materials.
I will pass this test, but it won't be because of this book. Buy the ISC book and the Krutz book (and/or a previous version of the Harris book) - you will not be disappointed.

UPDATE: ok, took the test in Sept and passed. I won't turn this into a test review as this is about the book, but when you buy a certification book, your primary requirement is that the book will be timely and relevant to the test material. The 4th Edition Harris book does just that. ISC has made significant changes to both the content and nature of the test (in large part to keep its test current on security trends and to satisfy a larger target audience) and Shon has captured those changes very well. So, having said all that, it is my revised opinion that this book is more than adequate for passing the test (although it is still filled with fluff.) If I could change the review, I would probably give it 4 stars at this point. The ISC book and the Krutz book are both excellent references to actually apply the knowledge in a meaningful way, however if you just want to pass the test, the Harris book will serve you well.

7 of 7 people found the following review helpful:

5.0 out of 5 stars Highly recommended, June 9, 2008

By	V. Jin "Y. Jin" (Orange County, CA USA) - See all my reviews (REAL NAME)

I passed the test using this book. I did not use any other methods for the preparation. This book explains all of the aspect of the CISSP exam in detail explanations. It took me about 2 months to finish the whole contents. This is the only easy to understand IT book I've ever used.