Customer Reviews

CISSP ® : Certified Information Systems Security Professional Study Guide, Third Edition

5 star:		(10)
4 star:		(6)
3 star:		(1)
2 star:		(5)
1 star:		(2)

 

 

I must admit a soft spot for Sybex (and Ed Tittel) study guides, having used them extensively for Microsoft exams. This book follows in that tradition, providing a good balance between detailed explanation and comprehensive coverage of the exam topics.

The bundled CD is useful. I raced through the 250 flash cards in an hour, which is good for jogging the memory. The four bonus exams, of 75 questions each, are good, but are not as difficult as the real thing. These exams provide grades broken down by each CISSP exam domain, which is excellent for identifying topics for revision.

One book can not guarantee coverage of all CISSP exam topics, particularly given the long list of references on the CISSP suggested reading list. I also skimmed through a friend's copy of Shon Harris's "All-in-One" exam guide. I would still rate this book higher, but Harris's book covers some topics in more detail then the Sybex book. The "All-in-One" practice exams are more difficult, though some of the questions are not clearly worded.

The biggest disappoint I have with the exam preparation experience is with the CISSP's ten domains. The examination questions are based on 'good exam fodder' from topics in the ten domains. The topics lean towards an academic approach to security, rather then knowledge needed by a working security professional.

The other references I would strongly suggest to help to gain a security brain, as well as a high exam score include: Stephen Northcutt's `Inside Network Perimeter Security', Ross Anderson's `Security Engineering', and Syngress's `Special Ops'. Maybe I should take one of the SANS security exams, which are much more practical in nature.

And best of luck with the exam!

As I took the CISSP exam, I kept thinking, "he really knew what he was talking about." If you were to know this book backwards and forwards, you would do well on the CISSP exam. However, this text suffers from a problem common among learning manuals -- if you didn't get a good sleep the night before you will be nodding off after only a few pages. It reads like a dictionary. Also, the summaries and tables were lacking in both quality and quantity.

After having said that, I have to admit that this book probably helped me the most out of the four I used to prepare for the exam. While Shon Harris' second edition of the All-In-One guide was much more readable and memorable, the content probably wasn't quite as good. Therefore, these two books probably tied as the ones on the top of my list were I to go through this process again.

I purchased and used both this text and the Shon Harris book. The text here is dry reading but very informative. As I got closer to taking the exam, I used it primarily for the practice exams and then used those to identify my weak areas. The practice exams give a very good breakdown by domain area of your strengths and weaknesses. I agree with another reviewer that the Shon Harris book is easier reading. If you are relatively new to the material and teaching yourself, you may want to go with that book as your primary text. However, if you are already pretty familiar with the material and knowledgeable about the technical aspect of networking, then this book would probably provide you more useful material. Both are outstanding texts but one is more useful than the other based upon where you are starting from.

Ignore "Dogger" review. The text of his review for this book is almost identical to his review of another book for CISSP - CISSP Certification All-In-One Exam Guide, 3rd Edition by McGraw Hill. Sour grapes, possibly? I am about 50% through this text, and find it to be very easy to read. I will update this review after sitting the examination.

In response to M. from NY - "Sloppy work" posted July 10, 2006:

I am the primary author on this book.

M. from NY - I appreciate your comments. I appologize for any errors or typos that appear in the text. However, several of the items you mentioned as problems are not so. Yes, there are typos, but you won't find a single book in print that does not have typos. Authors and editors try to eliminate these, but they continue to crop up due to the number of people who handle manuscripts and tools used to get materials into print. Yes, even in multiple editions, old errors can be retained and new errors introduced.

P 54 - yes, ICMP is mis-spelled as IMCP. That is a typo.

P 254 - an relational database does define one to one relationships, such as one item in a column to one item in a row. An RDBMS does not limit the number of rows or columns that can exist in the database. You completely misunderstood the concept. You are confusing the concept that each row can have entries in mulitple columns, and that mulitple rows can exist with values in each column.

P 251, Q 10 - nonvolatile should be volatile, that is a typo. However, RAM is not a sequential access technology, it is dynamic or random access. In fact, that is exactly what the acronym stands for "Random Access Memory". Yes, you can force a computer to access RAM sequentially, but you'll be doing so by creating software code to perform that action, RAM will still be random access no matter what. Tape devices are sequential access. Once again, you are not seeing the concepts clearly.

P277 - yes, CGI is not a language, it is a concept / technique of allowing client input to be received and processed on the Web server by a server-side script or application. This is an error introduced by the editor. CGI scripts or applications can be written in many languages.

P371 - that is a mistake, it should read "...into simple machine lanaguage instructions..."

You have only mentioned 6 issues, two which are your misunderstanding, one which is a simple typo, and three which you are correct they are errors. Your scathing poor review of our work is not justified by the evidence you have presented. I challenge you to find any other CISSP book that is as current and exhaustive as ours which does not have errors. You will not find one.

I will be adding these items to the errata to help ensure these errors are corrected in the next edition. I appreciate your input, you are entitled to your opinion, but I urge you to be realistic and sensible in your critique.

I'll be happy to address anyone's concerns or issues with this book.

We, the authors, editors, and publishers of this book, have worked hard to update and improve the contents of this work in the production of each edition. The CISSP Study Guide 3rd Edition is to date the most current, complete, and exhaustive book for preparing for the CISSP exam.




Posted May 4, 2006:
I must take offense with "Doggers"' review as his statements about my book are false. This book is fully current on all topics and issues on the exam. The exam prep questions are similar to those on the exam. However, there are a few new question types that ISC2 has released onto the exam since the third edition revision of this book was produced. No study guide promises to get you to pass any exam. Failing to understand the topics and to perform sufficient study is not the fault of the authors. If my writing style is not palatable, that is fine, but deriding my work is non-professional. I would be happy to discuss this further if you will contact me. Please consider revising your review to a more appropriate stance.

This resource alone will not deliver someone, especially one without rich networking experience, into a mastery of CISSP knowledge. However, it, in conjunction with the experience required to sit for the exam in the first place, should suffice to pass. (It did for me, a 4-year.) It is crisp, sets the right tone for the actual exam, and does not lie. You do not waste time with unnecessary verbiage--I appreciated this.

The exam engine questions are very good, though before I sat for the exam I was annoyed at some ambiguity, and verbal "gaminess" (e.g., "Select the most false answer to the following non-question: what is not a secure protocol meant to possibly secure..."--you get the idea. One wonders whether they are being tested on how well they find their way through a maze of multiple negatives.). This apparent fault was redeemed by the much larger degree of ambiguity and gaminess found in the actual CISSP exam questions; so these practice exams turned out to be nice prep for that very reason.

I have read through the Shon Harris book (4th ed), the Official book, and this Sybex book (4th ed.). This book is definitely the best of the three. The AIO book gets too cute, too verbose, and too irrelevant in some parts. Shon Harris likes to expound upon subjects that have no relevance to the exam. A CISSP book should focus on what matters to pass the exam and that's it. More in depth information should be gleamed from other places. Extraneous information only serves to obfuscate the information that really matters. Then there is the official CBK book from ISC2. That book should be promptly burned in a bonfire. It's too difficult and dry to read to be of any use.

The writers of this book seem to be very knowledgeable of the information at hand. They are able to elaborate and connect the concepts together. For example, Shon Harris throws multiple definitions out there without explaining the relations among them. Some times it felt more like a definition book than anything. Compare the cryptography chapters between the AIO and this book. Harris' book is by far the more in depth with definitions after definitions thrown in there. However, this book's chapter actually helps in the understanding of the concept, building on the knowledge. More words doesn't necessarily convey more information. This book also comes with flash cards and two 250 question practice exams. I recommend reading both the AIO book and this one. But if you have to pick just one, I recommend this one over the AIO.

I picked up this book and the Shon Harris book as primary study resources for the CISSP exam. I thought this book was far superior to the Harris book for a number of reasons including readability and usefulness of the subject matter coverage beyond the exam. The Harris book had all of these little 'cute' italicized sayings when introducing many topics and they were either confusing, not cute or distracting. Example - "Trust and Assurance: I trust that you will act properly, thus I have a high level of assurance in you. Response: You are such a fool." What the heck? As I read each book my initial take was that the authors for this book were more experienced than the Harris book, and I quickly put the Harris book down. I do a lot of consulting and I thought this book had some chapters that would be good reference for higher level managers that aren't strong technically. Bottom line - I passed.

I took this book out from the Air Force Technical Library and found it to be extremely well-written, concise, and an excellent introduction to the field of computer security. When reading this book I felt that the author had an excellent understanding of the material presented and focused on the most important aspects of the subject matter. I have not taken the CISSP yet so I can not comment on how relevant the material is to the exam (as most people know the CISSP is mostly about work experience anyways - not something you learn from a book).

After reading this book I then read the Shon Harris CISSP book I can tell firsthand that this book (Stewart's) is of much better quality. The Shon Harris book shocked me at its lack of structure (many topics are covered multiple times and simple security/network fundamentals are repeated so much that I wanted to scream - literally), extremely simplistic and foolish examples, and very poor quality of writing. After reading both books I have much respect (professionally) for Stewart and very little for Harris.

As for the comments about typos - I did not notice any major typo in the book that took away from the presentation of the material. (So ICMP was misspelled once - who cares?) Overall I thought the quality was much better than the Harris CISSP book (which, itself, has loads of typos and incorrect quiz questions - don't get me started). Overall I would highly recommend this book to others looking to gain a firm understanding and grasp of computer security while preparing for the CISSP exam.

I think "Dogger is very unfair on his review". To me I am preparing for the exam due to take this month end and have most of those books, but yet I find this book quite easy to read, has got lots of info which is quite well represented and goes straight into the head. I personnaly feel this book is equally good. I will provide more comments once I take this exam.