Customer Reviews

Information Security Management Handbook, Fourth Edition, Volume I

5 star:		(1)
4 star:		(6)
3 star:		(3)
2 star:		(0)
1 star:		(5)

 

 

This book is a collection of papers that covers the ten domains of the Common Body of Knowledge (CBK) Generally Accepted Systems Security Principles (GASSP). As a compendium of knowledge from acknowledged experts this book represents an exceptionally valuable tool for security practitioners, and because the papers are grouped by CBK domain, it is also a useful study aid for anyone who is pursuing CISSP certification.

The papers, individually and collectively, contain a wealth of information. However, anyone who wants to use this book as a resource for preparing for the CISSP exam should know that this book is Volume 1 of a three volume set. Moreover, this is not a book that was written as a study guide as much as a professional reference, and it isn't the only book a CISSP candidate should read.

For the practitioner this book is an excellent investment because it does cover all ten CBK domains in great detail. However, I recommend investing in the CD ROM version of this book (Information Security Management Handbook on CD-ROM, ISBN 0849312345), which contains this book and Volumes 2 and 3. The CD ROM is more up-to-date and is more convenient then three books that combined contain nearly 2000 pages.

Regardless of whether you opt for this book or the CD ROM, you'll gain a wealth of knowledge from this book and if used in conjunction with other sources of information you will be well prepared to pass the CISSP exam.

Overall the book provides an excellent overview of the information security arena. The length of the text is 728 pages, which is not light reading, but it is still in line within other books in the same category. The book is a compilation of several white papers on important topics relevent to information security. I used the handbook as a reference when studying for the Certified Information Systems Security Professional (CISSP) exam. I would recommended reading it, especially if you have limited knowledge in some of the exam's core areas.

I'm currently using it to study for the CISSP examination, so I read it cover to cover (Which was not an easy thing to do). The authors use quite a bit of jargon and get very cerebral at times, so have some sort of IT or network security background before digging in. Although I didn't agree with everything the authors sugested, most of their procesess were right on target. I use the book extensively as a reference in my position as both an investigator and a Security Analyst. It will give the IT professional an appreciative look at security, computer crimes, and legal aspects of performing technical investigative duties. I highly recommend the book, but be wary, it can be difficult to follow at times if your reading straight through. Again, it's a great reference.

After reading the reviews previously posted I was convinced this would be a good purchase. Never have I been so misled. This book is extremely poorly organized and provides very basic introductions to the topics discussed. It's not a book I would suggest to a new information security professional or to someone with several years of security work. The beginner is introduced to only TWO basic concepts in the entire "Access Control Systems and Methodology" CISSP domain while the advanced reader is fed a history of biometrics!! This is the tone throughout the book. Not enough organized coverage of basic tenets and a lot of "...and I care, why?" theoretical and useless ramblings.

Yuck.

If you are studying for the CISSP or the new SSCP test, a good foundation on which to build is the Information Security Management Handbook. [Full Disclosure: I wrote one of the articles in the book].

The benefit of the book is that it is very broad in scope. Readers will be able to get a handle on the CBK (Common Body of Knowledge), on which the CISSP exam is based. Nonetheless, the breadth of the CBK means that the Handbook can't be simply read over a long weekend. It takes a lot of time to assimilate the myriad information.

Given that there is no comprehensive study guide for the exam, anyone planning on sitting for the CISSP exam will find himself or herself referring to the Handbook fairly often.

The only downside to the book is that since there are so many authors involved with the content of the book, there is a lack of consistent verbiage in it.

But even for those that don't plan on sitting for the CISSP exam, they will find that the Handbook is a great security reference.

I recently took and passed the CISSP exam. I used this book along with the CISSP Prep Guide as my main references. I also used CISSP Exam Cram. The opinions expressed below are not a guide to what's on the exam - just general opinions about what I liked and disliked about the book. I enjoyed a number of sections in this book particularly the ones on Biometrics (ch 1), computer crime law (ch 30) and the principles of cryptography (ch 20). My favorite section was the one on forensics (ch 28) and I would really like to see a book from Mr Welch on this subject. The section on Kerberos (ch 21) was very detailed but also very dry and boring. It needs some more editing. The chapters on Single Sign-On (ch 2) and PKI (ch 22) were not very worthwhile. The section on risk management was much more informative than a similar section in the CISSP Prep Guide - but I think I would need a lot more training to be of any use in performing quantitative risk analysis. The index was sadly lacking and a glossary definately would have been nice. All in all this was a very worthwhile book and I would recommend it - particularly if you are preparing for the CISSP.

This book is a compilation of several documents by various authors, and tends to be dry. I read (tried to at least) this book and also did the practice software ... and passed. The book prvoided some good fundamentals, and the software really prepared me....

Over the years, the publishers have managed to position the ISM Handbook as THE book to be used in preparing for the CISSP exam, and it's been selling well. When you actually buy the books (now two volumes, soon to be three) for this purpose, you will be disappointed.

Normally you would prepare for the CISSP exam by doing your own research guided by the CISSP Study Guide and searching the internet for sources that cover the designated areas. That means you would have to read through and discard many badly written documents of questionable value. It would be really nice to have an organized set of sources covering the 10 CISSP domains, so that one could skip the research and concentrate on the study!

Although the ISM Handbook is arranged along the ten domains, it is far from being an organized set of sources. As you go through it, you still have to read through and discard many badly written chapters of questionable value---something that would normally be done by the editors, but not in this case. In between the fillers you will discover some really good material, but the ratio useful/useless is probably not any higher than in many online sources, such as the SANS Institute and NIST.

I felt the need to respond to the negative reviews of this book. The ISMH is designed to give the reader an introduction to specific basic material in a domain format under the CISSP program. It was never designed to be a brain-dump or all inclusive study guide to pass the exam. Subsequent volumes of this series either updates or introduces other topics in each domain.

If you are looking for an all inclusive study-guide for the CISSP cert then this book is not for you. However, it is easily arguable that no book can be an all inclusive tome of the expansive subject matter the certification covers. I highly recommend the recommended reading list on the ISC2 web site.

I bought the book because I was told it was THE CISSP study guide. So far I have read thru chapter 8 and feel really sorry for anyone relying on this for accurate information. The chapter on extranets was complete rubbish, the chapter on SSO went on about specific vendor solutions and seemed out of place, the whole thing is disorganized and inconsistent, and I have since ordered the CISSP Prep Guide instead. I will finish skimming and reading some of what appear to be the better chapters on crypto and legal considerations until the other book gets here, after which I guess I will try to sell this thing! I give this book two thumbs down.