Customer Reviews

CISSP Study Guide

5 star:		(30)
4 star:		(17)
3 star:		(4)
2 star:		(2)
1 star:		(3)

 

 

Obviously I am biased since I am a fellow SANS instructor, but will try to support my thoughts with data. I agree with another poster that the one star ratings are unfair, especially the guy that had not read the book; too funny. Well I have read the book, cover to cover on airplanes and some sections I have read twice. Why four stars? I am concerned that if this is the only CISSP prep you have, you will not be fully prepared for the exam. On the other hand, if you have taken a CISSP review course or read another book, this will be a great supplemental tool. I am a big fan of the Shawn Harris CISSP prep book as well, but you really can't take that monster with you on a trip, this book fit right in my carry on outside pocket.

OK, let's drill down into the book:
Ch 1: How to pass the exam, 5*s, clear and practical
Ch 2: Information Security Governance, 5*s, complete, concise, nothing missing that I can see
Ch 3: Access Control: 4*s, this chapter gets a bit muddy, the authors chose to cover some of the data flow access models in Ch 6 which is fine. First half of the chapter is true to the spirit of the book, the types of attackers section seems to be a touch superficial, thought the Metasploit "Point, click and root" was a chuckle.
Ch 4:Cryptography, 5*s, in my view this is the strongest chapter in the book, clearest explanations I have ever seen with one exception, in 2nd edition I would rework the Vienere Cipher section.
Ch 5: Physical Security, 5*s, complete, concise, let's you review the material in the shortest amount of time
Ch 6:Security Architecture, 4*s, I think there is a risk that the exam could cover more virtualization than the book prepares the candidate for. Not that I have knowledge of what is on the exam, but it is one of the most important topics in security right now and it only gets three paragraphs. I would also rework polyinstantiation, most of the sections are crystal clear, but this is a bit muddy.
Ch 7: Business Continuity, 4*s, I think this chapter could have been a touch shorter to be true to the spirit and approach of the book, all the information is there, but I had to force myself to read it, in second edition, suggest a do over.
Ch 8: Telecommunications, 5*s, authors are true domain experts, so they are able to concisely explain the material
Ch 9: Application Development Security, 5*s, same comment as above, since the authors know this stuff cold, they can make it very clear
Ch 10: Operations Security, 5*s, I do wish ISC2 would get on board with the better incident response model, but that is not the author's fault, this chapter is also true to the spirit of the book.
Ch 11: Legal regulations, 5*s, authors did a better job overall than I do with my course ( I will start the rewrite this week). I would suggest adding the concept of attestation to Chain of Custody.
The remainder of the book is a self test and the authors have additional practice testing on their web site. The Glossary is complete and also concise.

First things first. The two, 1-star reviews posted here are completely unfair. The first, gives the book 1-star just because he couldn't access the online content (which has been rectified). One star certainly for a book that failed to help him pass - but because he couldn't access an URL? Geez. And this guy wants to be a CISSP!!

The second review? - well, i don't even know what this guy is banging on about. Odd. Seems like no-one has actually read the book.

Anyway - on to the book itself.

If people really think they need a 200 pound monster-book, full of fluff and nonsense (though granted with good technical content)to pass the CISSP, they are wrong. Sure, if they need a reference post-certification, then by all means, get the 'other' book. However, if you want something practical, concise and most importantly, to the point, then this book is the way to go. I am not saying you only need one book, but this book could easily be your main book, which you would then supplement.

Don't listen to these two 1-star reviews. They totally miss the mark of being a fair and objective appraisal of this work.

The goal of every certification preparation book is to help the reader pass the exam, which is a noble goal. Evaluating the actually efficacy of a specific certification book is a challenge, if not an impossibility.

As to the CISSP exam; a statistical approach would be to take two sample groups using two different CISSP prep guides, using the same study methods, and then judge the outcome. The group with the higher pass rate could in part be attributed to the better study guide. Practically, such an approach is unachievable given the myriad difference in people, their study habits, and many other factors.

The best article about the exam is Andy Briney's Certifiable - A newly minted CISSP gives you the inside scoop on infosecurity's most coveted--and controversial--certification. Briney sums it up best when he notes that "the exam is best characterized as an inch deep and a mile wide. Whether this makes it easy or difficult is a matter of perspective". Part of the challenge that Briney (who passed the exam) and every other CISSP candidate have is the anxiety over just how much material to study.

With that, the CISSP Study Guide does a good job of helping the reader prepare for the CISSP exam. The authors write in the introduction that they wanted to find a happy medium between mega-CISSP prep guides at over 1,000 pages; with endless minutiae, and those that are far too concise and don't provide enough background. At 440 pages, the book does achieve the goal of depth of subject, without killing too many trees. The authors attempt to include content that is only relevant to passing the CISSP exam, and don't want to write an infosec encyclopedia.

One of the challenges any CISSP has in writing an exam prep guide is that they are bound by a non-disclosure agreement with ISC2. Prior to starting the CISSP exam, all candidates are presented with a non-disclosure agreement and are required to accept the agreement or they can't take the exam. Any CISSP author must straddle a fine line in ensuring they don't break the NDA.

The book does a good job of providing the reader with a thorough overview of the many elements of the Common Body of Knowledge (CBK). The book, like every CISSP prep guide is written around the CBK. Each chapter of the book has the same style, where it opens with the unique terms and definitions of each CBK module, and then goes into the various component parts. Each chapter closes with a 15 question self-test.

For most people, the most challenging CBK domain is that of cryptography. At 37 pages, chapter 4 on cryptography provides the reader with enough details to alleviate their fears of concepts such as symmetric encryption, cryptographic algorithms, and much more.

The appendix contains the same self-tests of each CBK domain, with the addition of an explanation of why each answer was correct, and the other answers incorrect.

The book also provides access to a web-site with two practice exams that one can take online. It is debatable whether such tests are of value, given the creators often lack the skill required to create effective tests. Most of these tests are created by those without any experience in psychometrics, while most of the exams themselves have been thoroughly vetted by psychometricians.

Also included on the web site is ten podcasts (one for each domain) to aid the reader in studying for the CISSP exam.

In conclusion, for those who have a decent background in information security, and don't need a five-pound tome to lug around, the CISSP Study Guide is a quality reference guide that can assist them in studying for the exam.

The common wisdom is to choose two study guides when preparing for the CISSP exam. For those that are serious about passing, the CISSP Study Guide should be one of them.

I received a copy of this book last week and found it to be a practical and extremely well-written study guide for the CISSP.(thus far.) I sadly suspect that anyone rating this guide a 1-star review has some sort of ulterior motive (or product.) These anonymous bashers clearly forgot about the (ISC)² Code Of Ethics. Shameful.

I would not consider this a complete study guide for CISSP. This can be treated somewhere between a Study and a Review guide. I'd probably consider using this book as my secondary resource rather than my primary study material. To put it in short this book lacks details. I'm not sure I can agree with the publisher's comment on the book that states "Pass the exam the first time" with just this book in hand. At the same time I must agree that the authors have a unique talent to explain complex subjects in simple terms that usually takes several pages in other books. Having said that I'd have given a 5star review for this book if the authors had included atleast a 100 more pages with more details on some of the topics. I understand the author's intention to keep this book as small as possible but that doesn't help much for CISSP. They just seem to skim through a lot of materials and have provided URL's for gathering more information. For eg. when discussing the different TCSEC classes they have just provided one line description of each of those classes. I wish they spared atleast a few more lines to describe each of those classes in some detail, which could have helped a lot. The same applies to TCB also. I don't seem to find any description of TCB anywhere in the book except for one line on page 165. When some books talk at length about TCB, I would expect atleast a small paragraph of description on this one. There a several shortcomings like this on this book.

It's always nice to have quizzes especially for CISSP. The issue with the quizzes on this book is that the two quizzes are way too easy and doesn't even come close to what you'll see on the actual exam. In my opinion if the quizzes are too easy it will make the candidate over confident about his preparedness for the exam. I wish they had spent more time in making the quizzes more challenging which is exactly what a test taker really needs, since that's the level of the real exam.

I went for the one book method of taking the CISSP exam because I'm really busy these days and doing multiple books to take this test didn't fit my style. I figured, if I didn't pass, I'd read another one and then retake the test.

My plan was simple: Read the Conrad book, take the test.

Having passed the exam I feel like this book really prepared me well. The question at the end of the chapters judged my progress well and helped me identify chapters I needed to re-read.

The book prepared me well, gave me great targeted information relevant to the test, and it did not overwhelm me with detail that I've been told has happened to others who have used longer books. I highly recommend this book to anyone planning on taking this exam.

--andy

When preparing for the daunting CISSP exam, too much information can actually be a hindrance. I found the All-In-One book (affectionately known as AIO) huge, unwieldy and a glut of unfocused information. The CISSP Study Guide doesn't attempt to provide all possible information for the exam. Instead, it tightly focuses on the concepts and provides references to further study resources to be explored. This approached really works. I passed the CISSP on the first try with just this book, some RFC's, NIST guidelines (especially 800-34), Wikipedia and my years of experience. Good luck to all you future CISSPs!

I took an online CISSP class over the summer and picked up several books to help my studies. Aside from this book, I picked up a brief 'cram' style book and also one of those huge thousand page CISSP study books. As I was studying and reviewing for the test, I found that more and more, I kept going back to this book for the authoritative, clear answer. Popular wisdom when studying for the CISSP is that over the last 6 weeks or so, you spend more time using 'quizzers' or test simulations to really get the concepts down. I used the online questions from this book almost exclusively. I passed the CISSP test in late November after about 2 months of serious study. If I were to do it again, I'd skip the other 2 books (I barely read them) and use this CISSP Study Guide after taking my class. Between the concise writing, clear and expert exam tips, and the online and book quizzes, I felt this book was a big help to me passing the test. Highly recommended.

Given all the information gathering and research I have done for the CISSP, I'd say this book deserves high praise and recommendation. This is the most concise and easy to follow guide for obtaining a CISSP that I have seen; the verbosity is of other books is proven unnecessary. However, something makes me a bit leery when the size of the other guides is universally larger than this guide. The content is broken down into the

CHAPTER SPECIFICS
Ch 1 - Introduction - A great start. What to expect, how to pass. Simple as that.
Ch 2 - Info Security & Risk Management - Think of this chapter as the security basics from Net+, Sec+, and a college finance class all rolled into one. Very straightforward and easy to understand.
Ch 3 - Access Control - A very good breakdown (over 50 pages) of the Access Control concepts, once again similar to Net+ and Sec+. The "types of attackers" section is informative and engaging, with the introduction of a favorite term: hacktivist (I also think spear phisher is humorous).
Ch 4 - Cryptography - The best chapter of the book, hands down. Egyptian Hieroglyphics to ciphers, 3DES to Blowfish, symmetric and assymmetric, and various types of attacks...all there.
Ch 5 - Physical Security - Common sense stuff. Good but boring information. Ad nauseum for anyone in the industry. Lock your doors, hide your kids, hide your wife, and hide your husband too...
Ch 6 - Security Architecture - This chapter gives a computing basics course, giving logical, hardware, and software requirements for security, and goes into the insidious malware that we hear so much about: viruses, trojans, rootkits, etc. There is a thorough explanation of the various security model approaches as well.
Ch 7 - Business Continuity and Disaster Recovery Planning - Common sense examples and suggestions for continuing on with business and protecting the company's data when "something" happens (e.g. hackers, pandemics, terrorism, etc.)
Ch 8 - Telecommunications and Network Security - Put simply, this chapter alone could probably help most get a Net+ certification. Wonderful presentation of network and network security concepts. A chart of the various port assignments - applicable to the test - would have helped this chapter tremendously, however.
Ch 9 - Application Development Security - Complex and esoteric. I know it sounds odd in a book that is foreign to 99% of the population, but unless you lay out your weekend plans with Object Oriented CASE statements, then this will be the hardest chapter. I have a programming background and there were a few new* concepts for me. (*new - never seen before or forgotten since seeing previously)
Ch 10 - Legal - if (You=Understand) { cout << "Easy stuff." << endl; } else { cout << "Put down this book." << endl; }

Self Test - I would venture to guess that the self test in this book is a tad easy. I haven't taken the CISSP yet, but I suspect that my results will not be as good when I take the real thing.

Glossary - The best "chapter" in the book. This is a highly useful resource for return visits. It's a replacement for the time-consuming memorization drills required of the umpteen acronyms in this field and for this test. Awesome.

Overall, I'd say this book is great. Highly informative without forcing any major muscle movements (whether physical from carrying the other guides or mental through lack of explanation), this CISSP Study Guide could not only be used as a foundation for CISSP certification, but I dare say that someone with experience/knowledge could use it as a Net+ or Sec+ guide as well. Very useful book overall, highly recommended. The missing star is due to the fact that, considering the size of other guides, I'm hesitant to believe that "everything" necessary is covered in this guide.

Jason Elin

One reviewer gave a thorough examination of the book so no need to rehash that info. This book is a very good start for studying for the exam. When I received it, I immediately went to the self test at the end of the first chapter to see what I already knew. However, it is not enough to know the answers. The trickier questions require that I understand why something is what it is. I like the concise nature of the material, and the soft paper cover makes for a lighter weight so it is easier to carry with me for study. There are drawings and photos but not as many as I would expect for this kind of study reference guide. Recommended as a supplement to other study and test materials. It doesn't hurt to have all the help you can get before taking the exam.