Customer Reviews

The CISSP Prep Guide: Mastering the Ten Domains of Computer Security

5 star:		(25)
4 star:		(24)
3 star:		(8)
2 star:		(5)
1 star:		(5)

 

 

It's been said many times that the vast ocean of the CISSP Common Body of Knowledge (CBK) is fifty miles wide and two miles deep and preparing for it can be quite an overwhelming endeavor. Various on-line study groups and web sites have numerous suggestions and links where freely available materials and helpful hints may be found. Individuals share there study guides and suggest the best books to procure for the study quest. I myself have participated and contributed in these vibrant forums. It's been said many times over that NO one book can effectively cover the CBK and to prepare the CISSP candidate for the exam. I too have amassed a large collection of the most suggested tomes. Well The CISSP Prep Guide almost negates this statement. The CISSP Prep Guide is now the FIRST place to start! I wish it had been in print a year ago when I began my quest for the CISSP. It is a complete and affordable textbook covering the MEAT of the CBK. This book completely defines and explains the major points of the CBK. It is an extremely readable and understandable text. If you can't afford attending the ISC2 CISSP Seminar either because of cost or time away from work this book is for you. If you have already attended the CISSP Seminar this book is for you. I was blessed by having the opportunity in attending the CISSP Seminar yet I am still finding that The CISSP Prep Guide is building upon the materials presented in the seminar. I can see where my copy of The CISSP Prep Guide will quickly become a dog-eared reference text that I use to refer to while carrying out my duties as an Information Systems Security Officer with the U.S. Government.

This book is exactly what CISSP candidates need to prepare for the exam. The authors make sure to cover the CISSP Common Body of Knowledge in enough detail, give pointers along the way, and include sample questions to practice for the exam.

Since this is a study guide, the emphasis is on breadth, not depth of coverage, and that's the way it should be.

Several inaccuracies and typos should be corrected in the second edition (e.g. the description of lattice-based control on p. 34, or sample question 9 in Chapter 10 and its answer).

So is this now my favorite survey of computer and information security? Not quite. I still prefer "Secure Computing" by Rita C. Summers, even though it is already 4 years old. Unfortunately it is out of print, and it is a mystery why McGraw Hill wouldn't print a few thousand copies to satisfy the demand.

Another CISSP prep book is coming soon (Mandy Andress, "CISSP Exam Cram"). Let's hope it will be as good as the Prep Guide.

I studied this work 30-days before taking the CISSP November 2001 examination. You don't pass the CISSP exam from just reading; broad experience is mandatory. The 'Prep Guide' helped me pull my experience into focus for the exam; the book does not give you the answers on the test, it helps you understand the concepts, thus, it helps the reader understand the exam questions which in turn allows the exam taker to go quickly into deep memory and find the answer that most resembles those on the exam. Of all the thousands of dollars of "security" books that I have purchased, read, and studied, the 'Prep Guide' is the only one that extensively covers the broad spectrum of topics emphasized in the exam.

Main plusses of the book:
(1)It keeps you focused in your study,
(2) The scholarly writing is a good preparation for the way the examination questions are stated,
(3) It will continue to be a solid reference book in my security practioners library (the added HIPAA information may have been filler but I find it useful in the profession if not for the exam), and
(4) Best price of any prepration security book for the focused information that it provides.

Oh, yes, and it helped me receive my CISSP certification in November. Buy the book and study the book, you will not go wrong.

I enjoy reading this book very much. I have adopted this as one of the textbooks for my undergraduate Computer Security course. I think this is one of the best introduction and survey to provide a solid framework for the field, and for those to prepare CISSP. It is very well written as a summary, with excellent references for the original and critical sources. I see some of the frustration by other reviewer (for example, on Chapter 3) but I think that the authors have done a superb work. The problem or frustration is, I think, due to the vast amount, depth and bredth of each field to be summerized (which can easily be expanded into several books). I use this book as a framework, along with (1) Incident Response (by Mandia & Prosise) and (2.1) Hacking Exposed (2nd ed, by Scambray, McClure, Kurtz) or (2.2) Maximum Security (3rd ed, Anonymous) to supplement the reading and case study.

I have had the CISSP certification squarely on my radar for about a year now, but the sheer amount of information to compile and read and remember is simply too much. This is because the compiled readings are mainly at best, guesswork. What's more, the weightages of the Ten Domains of Computer Security can be markedly different, and no one can really be sure of the importance of certain sections as compared to others. For example, both authors who are themselves CISSP certified, place Telecommunications and Network Security as more heavily covered in the exam than say, Security Management Practices, clearly a time saver for those who like me, am also pursuing the BS7799 Auditor certification.

Within each chapter, the authors also clearly prioritize the topics. In the Chapter entitled Access Systems, the topic Decntralized/Distributed Access Control takes up half of the chapter, again, demonstrating that more attention has to be paid by the reader.

Though the information to cover is vast, I never felt that I needed a map to navigate the contents. Each chapter's objectives are clearly stated, and the section lucidly explained. Best of all, the visual and textual aspects are just right for the eye. Of course, for a exam that covers 10 domains, the number of acronyms faced is numerous, but the nifty Glossary takes care of any confusion that may arise. Besides the coverage of the ten domains in 10 chapters, the Appendices are extremely helpful. Topics such as HIPAA Compliance through HIPAA-CMM are covered, so is the British Standard 7799.

If you feel that coverage is not deep enough (which is not really a factor in the exam), the authors provide useful References for Further Study, also found as Appendix H.

In summation, the book is extremely well organized, and the additional information provided in each Appendix make this not only a required study tool, but also a "must have" reference.

This is a strong review guide that correlates perhaps 90% with the contents of the comprehensive CISSP exam. As a hands-on professional with decades' worth of security experience and in-the-trenches development of secure OS, comm protocols, and RDBMS, I was frustrated at the manner in which the book glossed over some material and, indeed, made frank errors here and there. (This is why I withheld the fifth star from my rating.) However, considering its purpose--which is to provide balanced coverage of the numerous exam areas--it does a very good job. Of course, the book isn't all you need, and I disagree for two reasons with the assertion in the book's preface that a professional with three years' experience could pass the CISSP exam. First, the material is far too broad. Second, the exam demands that the candidate have a strong handle on the business motivations behind various security-related policies, practices, and methodologies that you just can't glean in only a few years of professional practice.

If you are considering purchasing this book, then likely you work in the information security industry and have been holding your breath for a "real" CISSP study manual. Well, breathe again friend because this book by Kurtz and Vines is what you have been waiting for! No more half-written study guides and poorly constructed "textbooks" (you know what I refer to there), this book will break it down for you and give you information on all you need to know. Don't waste time elsewhere, start here and review other materials if needed. Three cheers!

I used this book as my primary study source for the CISSP exam, it helped me pass (first time). The coverage of the ten domains is strong and and provides an excellent basis for preparing. The CISSP domain I found hardest to study for was Cryptography - this book provides great 'plain English' coverage of this topic. My only caution would be, that to maximize the chances of passing, it is better to use more than one text / source. Also, like all exams, sufficient practice makes the exam easier.

I am a senior engineer for network security operations. I read "The CISSP Prep Guide" (TCPG) as a study aid for the CISSP exam, which I completed yesterday. CISSP candidates are not allowed to discuss the contents of the test, but I can comment on the quality of TCPG's text. If you tear out chapter 3 (Telecommunications and Network Security), the remaining content is informative and applicable. If you rely on chapter 3 to learn about network security, you'll be sorely disappointed.

By performing network security monitoring, I am intimately familiar with defensive tools and tactics, and adequately informed of offensive operations. I observe network defense and offense on a daily basis. Unfortunately, chapter 3 of TCPG demonstrates almost no understanding of these important concepts. The authors do not correctly explain network attacks. ("Ping of death" is the most common buffer overflow?) Their firewall deployment strategies are wrong, and their examples of "protocols" at each OSI layer are false. (Since when is SQL a session layer protocol?) The authors should have consulted someone with real knowledge of network security before publishing this poor material.

Thankfully, beyond chapter 3, the majority of the book is helpful and reliable. The authors cover each domain of the Common Body of Knowledge, and present information in a humorless but well-organized manner. TCPG introduced me to management concepts I hadn't formally studied elsewhere, such as risk management, risk assessment, business continuity planning, and disaster recovery planning. TCPG also offered helpful quizzes at the end of each chapter. The appendices, covering the RAINBOW series, HIPPA, NSA assessments, and the Common Criteria, were also enlightening.

Reading TCPG is not sufficient preparation for the CISSP exam. I also read Coriolis' "CISSP Exam Cram," and reviewed a CBK outline on the Internet. Still, my experience in the field proved better preparation than these references. Use books like TCPG to fill the gaps in your experience (probably security management), and be sure to discount material you know is incorrect.

(Disclaimer: I received a free review copy from the publisher.)

It's been said many times that the vast ocean of the CISSP Common Body of
Knowledge (CBK) is fifty miles wide and two miles deep and preparing for it
can be quite an overwhelming endeavor. Various on-line study groups and web
sites have numerous suggestions and links where freely available materials
and helpful hints may be found. It's been said many
times over that NO one book can effectively cover the CBK and to prepare the
CISSP candidate for the exam. I too have amassed a large collection of the
most suggested tombs. Well The CISSP Prep Guide almost negates this
statement. The CISSP Prep Guide is now the FIRST place to start! I wish it
had been in print a year ago when I began my quest for the CISSP. It is a
complete and affordable textbook covering the MEAT of the CBK. This book
completely defines and explains the major points of the CBK. It is an
extremely readable and understandable text. If you can't afford attending
the ISC2 CISSP Seminar either because of cost or time away from work this
book is for you. If you have already attended the CISSP Seminar this book
is for you. I was blessed by having the opportunity in attending the CISSP
Seminar yet I am still finding that The CISSP Prep Guide is building upon
the materials presented in the seminar. I can see where my copy of The
CISSP Prep Guide will quickly become a dog-eared reference text that I use
to refer to while carrying out my duties as an Information Systems Security
Officer .