Customer Reviews

CISSP: Certified Information Systems Security Professional Study Guide

5 star:		(10)
4 star:		(6)
3 star:		(1)
2 star:		(5)
1 star:		(2)

 

 

I must admit a soft spot for Sybex (and Ed Tittel) study guides, having used them extensively for Microsoft exams. This book follows in that tradition, providing a good balance between detailed explanation and comprehensive coverage of the exam topics.

The bundled CD is useful. I raced through the 250 flash cards in an hour, which is good for jogging the memory. The four bonus exams, of 75 questions each, are good, but are not as difficult as the real thing. These exams provide grades broken down by each CISSP exam domain, which is excellent for identifying topics for revision.

One book can not guarantee coverage of all CISSP exam topics, particularly given the long list of references on the CISSP suggested reading list. I also skimmed through a friend's copy of Shon Harris's "All-in-One" exam guide. I would still rate this book higher, but Harris's book covers some topics in more detail then the Sybex book. The "All-in-One" practice exams are more difficult, though some of the questions are not clearly worded.

The biggest disappoint I have with the exam preparation experience is with the CISSP's ten domains. The examination questions are based on 'good exam fodder' from topics in the ten domains. The topics lean towards an academic approach to security, rather then knowledge needed by a working security professional.

The other references I would strongly suggest to help to gain a security brain, as well as a high exam score include: Stephen Northcutt's `Inside Network Perimeter Security', Ross Anderson's `Security Engineering', and Syngress's `Special Ops'. Maybe I should take one of the SANS security exams, which are much more practical in nature.

And best of luck with the exam!

As I took the CISSP exam, I kept thinking, "he really knew what he was talking about." If you were to know this book backwards and forwards, you would do well on the CISSP exam. However, this text suffers from a problem common among learning manuals -- if you didn't get a good sleep the night before you will be nodding off after only a few pages. It reads like a dictionary. Also, the summaries and tables were lacking in both quality and quantity.

After having said that, I have to admit that this book probably helped me the most out of the four I used to prepare for the exam. While Shon Harris' second edition of the All-In-One guide was much more readable and memorable, the content probably wasn't quite as good. Therefore, these two books probably tied as the ones on the top of my list were I to go through this process again.

I purchased and used both this text and the Shon Harris book. The text here is dry reading but very informative. As I got closer to taking the exam, I used it primarily for the practice exams and then used those to identify my weak areas. The practice exams give a very good breakdown by domain area of your strengths and weaknesses. I agree with another reviewer that the Shon Harris book is easier reading. If you are relatively new to the material and teaching yourself, you may want to go with that book as your primary text. However, if you are already pretty familiar with the material and knowledgeable about the technical aspect of networking, then this book would probably provide you more useful material. Both are outstanding texts but one is more useful than the other based upon where you are starting from.

Ignore "Dogger" review. The text of his review for this book is almost identical to his review of another book for CISSP - CISSP Certification All-In-One Exam Guide, 3rd Edition by McGraw Hill. Sour grapes, possibly? I am about 50% through this text, and find it to be very easy to read. I will update this review after sitting the examination.

In response to M. from NY - "Sloppy work" posted July 10, 2006:

I am the primary author on this book.

M. from NY - I appreciate your comments. I appologize for any errors or typos that appear in the text. However, several of the items you mentioned as problems are not so. Yes, there are typos, but you won't find a single book in print that does not have typos. Authors and editors try to eliminate these, but they continue to crop up due to the number of people who handle manuscripts and tools used to get materials into print. Yes, even in multiple editions, old errors can be retained and new errors introduced.

P 54 - yes, ICMP is mis-spelled as IMCP. That is a typo.

P 254 - an relational database does define one to one relationships, such as one item in a column to one item in a row. An RDBMS does not limit the number of rows or columns that can exist in the database. You completely misunderstood the concept. You are confusing the concept that each row can have entries in mulitple columns, and that mulitple rows can exist with values in each column.

P 251, Q 10 - nonvolatile should be volatile, that is a typo. However, RAM is not a sequential access technology, it is dynamic or random access. In fact, that is exactly what the acronym stands for "Random Access Memory". Yes, you can force a computer to access RAM sequentially, but you'll be doing so by creating software code to perform that action, RAM will still be random access no matter what. Tape devices are sequential access. Once again, you are not seeing the concepts clearly.

P277 - yes, CGI is not a language, it is a concept / technique of allowing client input to be received and processed on the Web server by a server-side script or application. This is an error introduced by the editor. CGI scripts or applications can be written in many languages.

P371 - that is a mistake, it should read "...into simple machine lanaguage instructions..."

You have only mentioned 6 issues, two which are your misunderstanding, one which is a simple typo, and three which you are correct they are errors. Your scathing poor review of our work is not justified by the evidence you have presented. I challenge you to find any other CISSP book that is as current and exhaustive as ours which does not have errors. You will not find one.

I will be adding these items to the errata to help ensure these errors are corrected in the next edition. I appreciate your input, you are entitled to your opinion, but I urge you to be realistic and sensible in your critique.

I'll be happy to address anyone's concerns or issues with this book.

We, the authors, editors, and publishers of this book, have worked hard to update and improve the contents of this work in the production of each edition. The CISSP Study Guide 3rd Edition is to date the most current, complete, and exhaustive book for preparing for the CISSP exam.




Posted May 4, 2006:
I must take offense with "Doggers"' review as his statements about my book are false. This book is fully current on all topics and issues on the exam. The exam prep questions are similar to those on the exam. However, there are a few new question types that ISC2 has released onto the exam since the third edition revision of this book was produced. No study guide promises to get you to pass any exam. Failing to understand the topics and to perform sufficient study is not the fault of the authors. If my writing style is not palatable, that is fine, but deriding my work is non-professional. I would be happy to discuss this further if you will contact me. Please consider revising your review to a more appropriate stance.

This resource alone will not deliver someone, especially one without rich networking experience, into a mastery of CISSP knowledge. However, it, in conjunction with the experience required to sit for the exam in the first place, should suffice to pass. (It did for me, a 4-year.) It is crisp, sets the right tone for the actual exam, and does not lie. You do not waste time with unnecessary verbiage--I appreciated this.

The exam engine questions are very good, though before I sat for the exam I was annoyed at some ambiguity, and verbal "gaminess" (e.g., "Select the most false answer to the following non-question: what is not a secure protocol meant to possibly secure..."--you get the idea. One wonders whether they are being tested on how well they find their way through a maze of multiple negatives.). This apparent fault was redeemed by the much larger degree of ambiguity and gaminess found in the actual CISSP exam questions; so these practice exams turned out to be nice prep for that very reason.

I have read through the Shon Harris book (4th ed), the Official book, and this Sybex book (4th ed.). This book is definitely the best of the three. The AIO book gets too cute, too verbose, and too irrelevant in some parts. Shon Harris likes to expound upon subjects that have no relevance to the exam. A CISSP book should focus on what matters to pass the exam and that's it. More in depth information should be gleamed from other places. Extraneous information only serves to obfuscate the information that really matters. Then there is the official CBK book from ISC2. That book should be promptly burned in a bonfire. It's too difficult and dry to read to be of any use.

The writers of this book seem to be very knowledgeable of the information at hand. They are able to elaborate and connect the concepts together. For example, Shon Harris throws multiple definitions out there without explaining the relations among them. Some times it felt more like a definition book than anything. Compare the cryptography chapters between the AIO and this book. Harris' book is by far the more in depth with definitions after definitions thrown in there. However, this book's chapter actually helps in the understanding of the concept, building on the knowledge. More words doesn't necessarily convey more information. This book also comes with flash cards and two 250 question practice exams. I recommend reading both the AIO book and this one. But if you have to pick just one, I recommend this one over the AIO.

My Background:
I have been working as a systems auditor for the past 3 years

I just want to say that I passed the exam at my first try and I used the following books

CISSP: Certified Information Systems Security Professional Study Guide - James M. Stewart, et al
CISSP Study Guide - Eric Conrad, et al

This book is full of contents and is written in a way that you can read it and not get bored or feel overwhelmed by the amount of information, it covers all aspects of the exam but is not divided in ten chapters (one per domain) as most CISSP preparation books, instead, is divided by topics that can cover more than one domain at the same time and in this way you can grab more concepts and correlate them in a different manner.

The book also comes with a CD that has the pdf version of the book for those that like me prefer to read on a laptop/tablet/kindle instead of carrying a 900+ monster, two mock exams (not quite close to the real thing) and some flashcards to help you review the basic concepts of every chapter

I purchased both this text and the Shon Harris text to prepare for the CISSP. If choosing between the two, I would recommend Shon Harris. Her book is longer and often wordier, but her examples are better, the topics are organized by domain, and there are few errors.

First the Pros:
1. The material is solid and mostly accurate (one of the other reviews pointed out some glaring errors)
2. This text includes some material not in Shon Harris (Son Harris includes material not in this text as well)
3. Provides a different perspective to the CISSP exam material

Now the cons:
1. My biggest complaint was that the chapters are not organized by domain. I found this to be very annoying, especially when trying to focus on domains I am weak in.
2. The fifth edition's index often does not match the actual location of topics within the text. I suspect the page numbers were not all updated with the new edition. This makes it difficult to look up specific items in the text. The index is also not very comprehensive. Some topics in the book are not listed in the index.

The book has very obvious errors. For example, AES/Rijndael uses 10, 12, 14 rounds for en/decryption, and not 9, 11, 13 as the authors claim on page 395.

RC2, RC4, RC5 are not based on RSA, as the authors claim on page 396. It does not even make sense for a block cipher to be derived from a public-key cryptosystem such as RSA. RC5 admits a key size of 0 to 2040 (255*8) bits, not 0 to 2048 bits.

There are so many more error that the readers should not take the technical accuracy of this book for granted.