Customer Reviews

Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press)

5 star:		(9)
4 star:		(7)
3 star:		(5)
2 star:		(2)
1 star:		(3)

 

 

Many people have commented that the Second Edition of the Official (ISC)2 Guide to the CISSP CBK was a big improvement over the first edition. I have to wonder how bad the first edition must have been?

Before getting into the details of my concerns, let's look at the layout of this hardbound, 968 page "brick".

The book is organized in a 1:1 correspondence with the 10 Domains of the CISSP CBK (i.e. one chapter per domain). This organization is nice as compared with the All-In-One CISSP 4th Edition, which has something like 12 chapters to cover the 10 domains (which can make it hard to cross reference concepts).

Each domain is written by a different author (or authors) who are CISSP's and experts in the field covered by the domain. In concept this is a good idea, and in a few places it was clear that the authors tried to impart some real-world knowledge and experience (such as the BCP/DRP chapter). However, it also leads to contrasting writing styles and some issues with "continuity".

As one might expect, many domains have concepts that overlap. On occasion, the text of the book will call attention to areas that relate or overlap with other domains, but this is inconsistent and sometimes results in the reader having some questions in their mind about the 'big picture' of the concepts. Given the CISSP is primarily a managerial level certification, understanding the big picture is critically important.

In general, the content seemed relevant, though the organization left something to be desired (more on that later). However, I was a bit surprised to see quite a bit of disparate information in this book when compared with the official (ISC)2 Review Seminar course material. There were at least a few topics covered in one, but not the other. I would have expected there to be better alignment between two current and "official" (ISC)2 sources, and it left me somewhat questioning which resource to focus on.

Speaking of the content, as compared to the All-In-One CISSP (Shon Harris) book mentioned above, this book is more of a traditional technical guide. Shon Harris' books occasionally interject opinion that borders on 'soapbox' material. And I find her "jokes" to generally not be funny, and often distracting. Some might consider the Official (ISC)2 Guide to be dry in comparison, but in technical reference books I prefer clear and succinct writing.

As mentioned, the layout of the individual chapters could be improved. The book does follow a typical hierarchy for introducing concepts (i.e. the main topic introduced with large, bold font, sub-topics using smaller fonts, italics, etc). However, in many cases the context of the material was not introduced well at the start, leading the reader to question whether a "sub-heading" represents a new topic, or a topic relating to the previous topic. In many cases the material gets nested 5 or 6 layers deep, making it hard to differentiate whether a new section is a sub-topic or a new upper level topic. This is a bit hard to explain so I hope that is clear. Again, this certification is not about memorization, but rather concepts and how they interrelate, so the book's organization is important.

Another area that was lacking was the use of tables, figures, and diagrams. There are some tables, etc, but there really should have been a few more. This could have really helped in providing additional context for some of the topics (see previous paragraph). This is an area where the Shon Harris All-In-One CISSP is better.

I also wish the editor/publisher would have taken a bit more time to improve the index. How can key elements such as "Software Development Lifecycle" and "Common Criteria" not even have index entries? My recommendation is when reading this book and taking notes, be sure to notate page numbers in your own notes for future reference.

There were also the usual amount of typo's and a few technical errors. The quantity of errors in tech books seems to be on a slow, steady rise, so I'd consider this book to be typical or maybe only slightly worse than typical.

Ultimately, for those studying for the CISSP I would recommend this book simply because no single book covers the entire CISSP scope. Couple this book with either the CISSP All-in-One Exam Guide, Fifth Edition, or perhaps the CISSP For Dummies 3rd Edition if you are looking for a cheaper option that might serve an an easier introduction to the material.

UPDATE: I forgot to add that I did pass the CISSP using primarily this book, coupled with the Review Seminar mentioned above. Took the test August 8 of 2010, received notification that I passed in September, and received my certificate in October.

My approach was as follows:

I started studying for the exam in late May, targeting a test date of August 8 (note the date on my review was August 7). I basically counted the number of days I had to prepare, subtracted 1 week for review time and about 7 "off" days to allow for days off or catch up. I also subtracted one week for the review seminar course that I took the week prior to the exam. I then took the number of remaining days an divided the number of pages in the book by that to set a pages per day goal. I think the result was something like 18 or 19 pages per day.

That was my goal - read 19 pages per day and take notes as I read. The next day I'd review the previous day's notes, and read another 19 pages and take notes. I used the Shon Harris book as a supplement to fill in gaps that I felt were unclear.

As opposed to the rather popular Shon Harris title, the 'AIO CISSP Study Guide', this title provides a more serious and professional presentation of the requisite exam material. It can be heavy going at times, and may require the occasional re-read to ensure that information is sinking in, but then again the subject matter is heavy, and is not to be taken lightly. Not only will this text provide you all you need to know to pass the examination, it will remain as a vital ongoing reference for those professionals who are at the front lines of the Information Security profession.

Let me say that I bought the Shon Harris AIO book and could not get through it - too many stories and jokes that I found distracting. In a nutshell the AIO guide is too wordy and bored me highly (although when she gets to the CISSP material it is good as she knows her stuff). With that said I bought this book and boy was I glad I did! Finished the book a week before the exam and spent the last week taking the practice exam included (about 1 hour a day). I really enjoyed the book as it is written by several professionals that specialize in a domain (this changes the pace and ensures you learn from specialists vs a jack of all trades). Now I have taken certification exams before and have found the official books are the best ones to use (this one did not disappoint). Now on to the exam. The exam was the most difficult exam I have ever taken - really the CISSP is no joke. I felt the book (only study material I used) got me assimilated to terminology and theory and my experience made the difference in the exam for me. Since you are supposed to have 5 years experience in the field to take this exam anyways, this book should get you through the theory and your experience should get you through the rest of the test. I think ISC2 has done a wonderful job with this book and its questions (exam like but I did not find any on the actual exam) so that you may see where you stand. I am proof that you can pass with just this book and don't need to waste time with multiple sources of material if you have h security experience required to take the exam. For those without experience, I suggest the SSCP ISC2 credential instead - the CISSP requires an endorsement of your experience anyways (and potential audit) so it may be a waste of your time and money if you don't have the required experience. For those that do, rest assured you can pass with just this book (I did), buy the book with confidence and thank me later.

After being in computer science and information technology for years, rarely do I come across a book so noteworthy of being organized, easy to read and while maintaining its potency through efficient delivery. If you are studying for the exam this is the book to have (of course re-reads are necessary), if not I still recommend to anyone(CIO, CFO, CEO, Manager, etc) responsible for, concerned with, or reliant on information and the technology that supports it

Hello,

I recently sat the exam and passed after reviewing both the Shon Harris AIO and the Offical ISC2 Guide to the CISSP CBK v2. Either book is a great purchase, and I'm still using the books after passing the exam as a reference. This book to me is a lot better written then the previous versions.

Brian Anderson
CISSP, MCITP
[...].

The CD will not laod or do anything at all... and after contacting the publisher and everyone else I could think of... still no response from anyone... it's a dud
No reply from "Customer Service" ... nothing from (ISC)2 .... CRC - zippo, Auerbach - nada, Transcender - deafening silence. For me, this was a totally wasted purchase. The Shon Harris book and CD "work" ... seem a little bit childish in the presentation and information... but the best source of CCISP study by far is the CCCURE site.

Like many others, I read the very popular Shon Harris All-in-one exam preparation first and switched to the Official Guide to the CISSP late in the game. I wish I had picked-up this book first because it presented the material in a very direct and logical manner. The highlights and example questions were similar to those offered on the exam, which was very helpful when preparing for the actual test. The 10 chapter format made it very easy to cross-reference material and navigate through the 10 domains. The book did not waste a lot of time with commentary and unrelated stories that added little to the subject, and I appreciate that as I only had a limited amount of time to study. I spent approximately 5 - 8 hours on each chapter, and supplemented the content in this book with the video mentor, this was especially helpful for encryption and Law, Investigation, and Ethics. The book is an easy read if you have sufficient background knowledge in Information Security and at least a few of the 10 domains.

I used this book as my primary resource in preparing for the CISSP exam (I passed).
The book is a compilation of reviews of knowledge domains by a collection of authors with widely varying styles.
The variations in depth of coverage across domains is breathtaking. In some domains the coverage is superficial (but adequate); in other domains the authors seem determined to intimidate, rather than inform, the reader.
The primary culprit in this regard is the author of the cryptography domain. I was very impressed by the author's grasp of the material. I have no doubt but that many of his friends consider him to be a very clever fellow; but he seems to have totally lost sight of who would be reading his chapter--and why. Everyone would have been better served if the editor had gently reminded the author that the material was supposed to take an experienced (5 or more years) security professional and fill in small gaps of knowledge in domains outside the scope of their day-to-day practice. I do not believe the intent was for every reader to be able to manually reproduce the inner workings of various algorithms; in fact, dragging readers to those depths obscures what I believe he should have attempted: To provide every reader a sound basis for making decisions regarding the practical implementation of encryption technologies (and, along the way, passing the exam). If he had accomplished this primary objective I could have forgiven his self-indulgence. As it is, I had to rely on personal experience and other sources (see below) to deal with that domain on the test.
I was surprised by the number of typos and grammatical errors throughout the book. While those shortcomings distract, they are not so eggregious as to prevent the reader from understanding the material. The review questions are oftentimes badly worded and in at least one case the "correct" answer is contradicted in the text. Still, having seen the exam, I can tell you that the questions and answers in the book and the exam are about equally bad.
I began my preparation several years ago using the first edition of this book. In the weeks leading up to the exam I found myself consulting both references.
I would recommend that anyone preparing for the test take their time, use multiple references, and--most important--talk through any areas you're not sure you understand with someone who does.
Best of luck.

I passed the CISSP Exam with only this book. I spent about 20 hours on each domain (some domains a little more) and used the practice CD included in the book. I also bought the Harris Book but it was full of extra stories and stuff I didnt need to read and I only went a few pages and gave up on that one. This book is a little dry but if you can put the the time in to it, this book will get a pass on the exam. Dont underestimate the exam! Make shure you know this stuff before you take it! good luck!

For the most part, this book accomplishes the task of touching upon the key areas that security professionals need to know about today. For this, I give the book full marks. But, there is a real lack of consistent editing across all 10 sections. The writing style and radically different approaches to structuring the content make me wonder why this is the second edition. In particular, the superfluous Chapter 3 is almost childish, as compared to much more specific and direct nature of Chapter 2. It reminds me of a person who wants to prove how important his/her role is, rather than provide a concrete, objective template that students can readily consume and apply. Silly really! This section is one of the least complex and maybe that's why the author tries so hard to pad it with...stuff.