Customer Reviews

Official (ISC)2 Guide to the CISSP Exam ((ISC)2 Press)

5 star:		(21)
4 star:		(18)
3 star:		(7)
2 star:		(6)
1 star:		(4)

 

 

Guys,

I finally took the CISSP exam, and passed *not* using this book alone. I ordered this book 1 month before taking the CISSP exam, since someone recommended me to buy it, saying that it's an advantage to go through the material in the book prior to the real exam. While that is generally true, some of the sad facts are not :).

The book was written by 3 authors, and reviewed by Hal Tipton (a very well respected and knowledgeable security professional); therefore, the content in the book is superior. And since it was written by 3 authors, it also means you will experience 3 different writing styles throughout the whole book. The format of the book is consistent, but tough luck, the writing style is so inconsistent--making it very unpleasant to digest the presented material.

I found some chapters are easy to digest with, and some are not (because of the 3 different writing styles from 3 authors). The book doesn't present the CBK material in a good way for you to memorize, it acts more like a reference book. I have read All-in-One and Prep Guide Gold Edition, and those 2 books are GREAT to start with. I do like the Official (ISC)2 Guide because it covers material that the other books DON'T. Especially the Physcial Security and Operations Security domain. After reading the Physical Security domain I had a feeling like "Great, I know how to pick a lock now ;)". This book also tells you what you need for the CISSP exam and what you don't, which is a really good thing. It clearly states that "this information is not needed for the CISSP exam... it's being included here for your reference" and I find that's very helpful, saving me from memorizing superfluous information.

The Physcial Security domain also covers the CCTV camera, very nice material indeed. You should expect to see some CCTV questions on the exam. If you don't really want to buy the book, you can easily search for the material on the net. But yeah the included material is worth it folks.

The book also comes with a CD that includes 204 CISSP sample questions, but beware, those questions ain't something that you might be able to see on the exam. I haven't found any practice tests useful, if at all (not even cccure.org). Don't buy practice tests, just concentrate on the CBK and you'll be fine. Don't expect similar or "exact" questions or anything like that popping up in the real CISSP exam. That just won't happen and CISSP practice tests are only of little use.

All in all, the material in the book is great for reference but not for memorizing. If you really want something to start with, please start with All-in-one, I wouldn't go for Krutz book as he has included tons of SUPERFLUOUS information (you do Krutz) in his book. So, before, the CISSP's choice was All-in-One + Prep Guide, but now it should be All-in-One + Official (ISC)2 Guide. You guys should never start preparing for the CISSP exam without All-in-One, the CBK material is presented to you in a very CONCISE and UNDERSTANDABLE manner. Although Shon Harris does love chatting, but I believe it's the only enjoyable way there is to learn and tackle the CISSP exam. Keep in mind this bottom line, All-in-one is a great book to start with and Official (ISC)2 Guide is a great "reference" book to keep.

Sorry, I'm too tired to go back and review what I have typed earlier so I end here ;). I don't give this book 5 stars because of the inconsistency in writing; otherwise, this book is great. You guys should buy it.

Honestly folks, the exam is designed for somebody with 3 - 5 years of experience in security. All of the low reviews apply to the ability of this book to serve as a training guide for security - a task for which it is not designed. The book did an excellent job of isolating how the test would ask questions and how ISC2 expects a CISSP candidate to understand and answer questions about security as a security professional. Highly recommended for both a study review and a professional reference.

{For the curious, yes, I passed the test with the assistance of this book.}

I've been using this book for over three months now in preparing for my own CISSP exam. Being the official guide, this book is always your best source for determining the "correct" answer on a topic. Different study materials will not always agree on some material, but you can trust that what's in the official guide reflects what you will be tested on.

The book itself is easy to read, clearly delineating chapters and sections, and has very few typos or other printing errors. There's some doublespeak thanks to authors not being able to articulate things simply (i.e. "Host awareness seminars and consider having an awareness day with seminars on the appropriate topics"), but the material is presents in a pretty direct fashion.

Some people will undoubtedly find the book unclear or difficult to follow. This is, IMO, often going to be because some of the material presented is by nature quite abstract. Business Continuity Planning and Security Architecture Models are not easy to follow for those who are used to thinking in hard technical terms.

The biggest flaw with this book is the practice test software included on CD. While it takes over 300 megs to install the full software to your PC, it only provides a few hundred questions. I'm at a loss to understand why 250 questions requires 300 MEGABYTES of storage, especially since there is no sound, animation or image involved.
Much worse, however, are the multiple questions that the software incorrectly grades. I've found no less than SEVEN questions that the program will claim you answered incorrectly, when in fact it explicitly states the correct answer is what you chose. But the grader component will highlight a different, obviously bogus answer as incorrect.

Because of this, the reliability of the practice test software as an assessment of your progress is compromised. However, most of the self-test questions are also in the book and those appear to have the correct answers listed.

I sat for and passed the CISSP test in January 2006. I used the following resources to help in passing the CISSP:

Shon Harris - All-in-One - 3rd Edition - 30%
Official ISC Guide to the CISSP Exam - 15%
Kurtz - CISSP Prep Guide - Gold Edition - 10%
CISSP for Dummies - 5%
Cccure.org - 25%
Other resources - 15%

"Official (ISC)2 Guide to the CISSP Exam" by Hansche, Berti and Hare is an excellent resource to help prepare for the CISSP. The presentation of each CBK is fairly balanced. Please note, this book should not be used as an introduction to the topics covered on the CISSP, but rather used at the later stages of preparing for the exam. I also do not believe this book should be read cover-to-cover, rather referenced to help understand individual topics.

The book has it's benefits and it's pitfalls. In particular, the book does present some material that I simply could not verify in other books. For example, on page 107, when discussing the Biba Security Model, exhibit 7 was great at easily demonstrating the lattice of integrity levels. On the other hand, the book also had poor formatting, and different material may just be clumped together. For example, on page 129, when discussing the Orange Book's four evaluation classes, unlike other material, this book does a poor job at showing the importance and differences of operational vs lifecycle assurance.

I do not believe I would have passed the CISSP without the aid of the "Official (ISC)2 Guide to the CISSP Exam". It's not an easy read, but a great resource.

I give this book 4 pings out of 5:
!!!.!

Dear All, I recently completed my CISSP review studies, passed the exam, and completed the CISSP endorsement process. This is a very worth while endeavor and, as someone with many years of Internet security and risk management experience, I highly recommend the CISSP certification process for everyone. Reviewing the 10 common bodies of knowledge (CBK) has value for everyone in the IT business and I am very pleased to have taken the time to review the material and complete the exam. For my self-study review, I purchased four books via Amazon: (1) The CISSP Pre Guide - Gold Edition by Ronald L. Krutz and Russell Dean Vines, (2) All-In-One CISSP Exam Guide, Third Edition by Shon Harris, (3) Official (ISC)2 Guide to the CISSP Exam by Susan Hansche, John Berti and Chris Hare, and (4) CISSP Certified Information Security Professional Training Guide by Roberta Bragg. Each of these texts came with a CDROM for practicing test questions on a Windows PC and covered the 10 CISSP CBKs. I found the first three CISSP books in my list to be helpful. Of those three, the most helpful was The CISSP Prep Guide - Gold Edition by Krutz and Vines. This book is concise, well written, and easy to read. The CDROM is excellent and nearly error free. The text is well thought out and informative. I also recommend Shon Harris' book, with reservation. I found it hard to get to the required CISSP information, at times, due to the attempts at humor in the book. The CDROM of sample test questions were also very good, albeit not as rich in features as the book by Krutz and Vines. The Official (ISC)2 Guide to the CISSP Exam by Susan Hansche, John Berti and Chris Hare was a disappointment. This book read just like a cut-and-paste from the Internet and other documents; and the companion CDROM was full of errors and omissions. After a while I stopped using this text book and focused on the first two. I am sorry to say that CISSP Certified Information Security Professional Training Guide by Roberta Bragg was a complete disappointment from every perspective. The CDROM example tests were riddled with errors and omissions. For those interested in my self-study technique, I took each book and studied one (sometimes two) of each of the CBK chapters each day. Then, I repeated the same process for each of the other books, except for the book by Bragg, which was dropped for reasons mentioned. I took all the sample tests repeatedly, before and after and then again. I must have practiced between 4000-5000 sample questions. It was challenging and enjoyable. In summary, I highly recommend Krutz and Vines and also recommend, with reservation, the book by Shon Harris. No single book can cover the entire CBK of the CISSP. The more you study, the better. Best of luck on your CISSP studies. The CISSP is certainly an experience that will improve your knowledge of the field of IT security and benefit the profession at-large.

This book, and Shon Harris 3rd Edition (I also read Krutz) are must-have resources for CISSP exam preparation. If you can digest the whole thing, they may be the only books you need, though real life experience is a prerequisite as well. This ISC2 "Official Guide is pretty dry, I'm not going to lie, but it's critical that you work your way through it if you want that coveted "Congratulations" e-Mail from ISC2. I recently climbed the mountain successfully (first try even!) and this book was a key in my success. Spend the money, bite the bullet and dive in. Good luck!

I recently passed the exam, and can honestly say that it is essential to have this book, if only as a reference. The main reason is that the Terminology and Definitions used in this book are "Official" meaning you can expect to see them used in the exam (although not always in industry.) I found that the various books differ slightly, and although this may sound insignificant, it can lead to incorrect answers. Remember that the exam is about providing the "best answer" so if one book uses the term "Separation of Duties" and another uses "Segregation of Duties" which is the better term to remember?
Another point is that very few people are experts in all 10 domains, and certainly no author I have read so far. This book was written by several people, who are experts in different domains, which makes the content a bit more acceptable.
Admittedly, the book is not that exciting to read, but it contains all the necessary ingredients to pass the exam. Some "easier reading" books explain concepts a bit better, but have a surprising number of factual errors mostly because the author is not fluent in the specific domain. Also the balance tends to be a problem, where authors focus too much on their favourite domain and focus less on other domains. This can lead to a misconception about the balance and difficulty of questions in the exam. A good idea might be to read several books on the subject, but keep referring back to this one to make sure you are still on track.

I highly recommend this book when preparing for the CISSP exam. It is a wealth of information and well laid out. I did not have problems with the different authors writing styles. The book is broken into the 10 Domains and is designed to be a reference for you as you prepare for the exam, AND as a reference in the Information Security Field.

This book was my primary study resource when preparing for the exam. After studying the official guide for a few weeks, I was fully confident that I would pass and I had no problems on test day.

This book is well worth the price.

This is by far the worst book I ever wasted my money on! I bought this book thinking that the "official" in the title meant all the facts are there and is readable. Well, all the facts are there but it certainly is not readable! Even for a technically capable person like me (BS & MS EE, PHD candidate at a top engineering school) my brain would wonder and spin each time I attempted to read this book. It is so full of repetitive jargons and very "extended" sentences that make you lose track of the information the author is try to convey. It appears most of the sentences were paraphrased from multiple sources and hence there is no coherence between the paragraphs. It is incredibly bad. If you don't trust me, buy it. Any other book is better! I had to buy another book.

This is the only (ISC)2 blessed book regarding CISSP exam preparation. I have also bought the other two popular books on this topic (CISSP All-in-one Exam Guide by Shon Harris, and The CISSP Prep Guide Gold Edition by Ronald L. Krutz and Russell Dean Vines). I used the Official Guide as my, you know, officical guide whenever I had doubt about a specific topic while reading the other two books. I used the other two books as my main study books, and this one as the reference. I found that the Official Guide gives the most comprehensive explanations and in depth discussions on many topics of the ten domains. But it is not for a bewbie to read, this book is also written very dry, some mis-print/spellings are kind of annoying too. The review questions are very helfull in helping the exam preparation. This is definitely a book worth having. However, in my opinion, none of the books alone is enough to pass the CISSP exam, the success has to be the combination of at least all three books, consulting many other online documentations (among them cccure.org's sample tests are very good), and direct working experience.