Customer Reviews: CISSP All-in-One Exam Guide, Fifth Edition
Amazon Vehicles GoldBox Amazon Fashion Learn more Discover it Songs of Summer Fire TV Stick Health, Household and Grocery Back to School Totes Amazon Cash Back Offer TheKicks TheKicks TheKicks  Amazon Echo  Echo Dot  Amazon Tap  Echo Dot  Amazon Tap  Amazon Echo Starting at $49.99 All-New Kindle Oasis Florida Georgia Line Shop Now

Your rating(Clear)Rate this item

There was a problem filtering reviews right now. Please try again later.

on November 26, 2012
If you want to pass the CISSP exam on the first attempt, then make this book your PRIMARY study guide. If you are not planning on taking the CISSP exam, but you work in Information Security, then make this book part of your required reading. It is an invaluable tool to any security practitioner.

Shon Harris has updated both the content and the layout of this newest edition. Key terms are defined in separate attention-grabbing boxes. This is a huge help when you are stuck on a difficult concept that you want to review, such as the concepts that make up "The Common Criteria", or the seemingly infinite terms associated with the Telecommunications and Network Security Domain. If you are a person who uses a highlighter, or if you annotate passages on an e-reader, these attention boxes are fantastic for easily isolating the important details.

The CISSP exam is peppered with many "scenario-based" questions, and Shon has updated her end-of-chapter quizzes to include these types of questions. The quizzes provided on the disc (included with the book) are comprehensive across each domain. The questions offered on the disc will test your true knowledge of the subjects. The Practice Exam book is the perfect companion for the main book, offering detailed explanations of why one answer is "The Best" choice for a particular question.

The folks who compose the questions for the CISSP exam tend to lean towards the "sinister", attempting to trip you up with subtle and sometimes vague wording. Shon writes her questions in a similar style, making you really think about the material to derive the best answer rather than simply memorizing passages from the book. Her questions and the answer choices will get you into the correct mindset to pass the exam. Don't just take her practice exams once and move on - come back and take the same exams again. Even if you start to memorize the answers, Shon's quizzes will help you pick out the important wording of a question so that "sinister and vague" will no longer trip you.

Your studies of the "Common Body of Knowledge" will take you to other sources of information, and while this is encouraged, you will see that none of those sources compare with the directed focus and thought-provoking approach offered in Shon's book. I used 4 different sources for my studies, but Shon's book remained as my "go to" book for clear, concise, and accurate information. Do not be discouraged by the size of the book; when you are taking the test and are presented with a particularly tricky question, you will be thankful for all the detail that is offered in this book. Don't underestimate its value.

This is simply the best book on the market for not only understanding Information Security on a practical and professional level, but also for passing the CISSP exam.
11 comment| 56 people found this helpful. Was this review helpful to you?YesNoReport abuse
on May 30, 2010
There is no simple formula to prepare for the CISSP certification, and no single resource which can guarantee success on the certification exam since every applicant's background is unique. However, this book (fifth edition) was my only resource in preparing for the exam and I passed on my first attempt (April 24, 2010).

I spent 60+ hours in preparation for the exam... that's 60+ hours of DEDICATED individual study using this book and CD, not 60+ hours spent web surfing during lunch hours or commercial breaks. My recent background is in middle management, with 20 years experience in network architecture and data security, so I already had a firm technical foundation for the test areas dealing with protocols and encryption variations. I also have an MS in Computer Science. Nonetheless, the exam was so broad, with topics covering general principles and concepts, that I could have prepared twice as long and still left the exam with questions about the outcome.

My personal opinion is that formal classroom instruction, through one of the many organizations offering CISSP preparation courses, is a worthwhile companion to Shon Harris' book. A study group is also a good idea. You will not obtain CISSP certification if you take the exam without preparation. This book (fifth edition) was sufficient, but not 100% comprehensive, to prepare me for passing the CISSP test.

Note: Some reviewers do not appreciate Shon's frequent analogies and humor. Most of her analogies helped me internalize the complex topics, but that's my personal learning style. The efforts at humor were generally awful, but every once in a while she was subtle and brilliant enough to make me laugh out loud. Working through Shon's unique writing style was not a problem for me... I actually found it refreshing.
55 comments| 45 people found this helpful. Was this review helpful to you?YesNoReport abuse
on November 21, 2012
I've been teaching CISSP for over 10 years (Over 170 times) and I have certified over 1,000 individuals alone. Shon not only presents the topics needed to pass the exam, but she also adds a creative story line which separates her from all other CISSP books. I recommend this book to anyone who needs to look up CISSP topics when studying for the CISSP exam. This book series now in the 6th edition has been used by many as the official courseware for the class. There are several real world scenarios that are discussed and relevant practice test questions. Some choose to read this book cover-to-cover, others research the topics they are less fluent with. In either case, the CISSP All-in-One Exam Guide and the CISSP Practice Exams (2nd Edition) are likely to be the only two books you'll need to compliment your career. Get this book as a self-study tool or as a desk reference for your Security Operations Center (SOC). I've been using this book since the 1st edition and I'm one of the few who have page numbers memorized (as I need/use them in the classroom) and I can say that the 6th edition is the BEST. This book is by far; an essential part for studying and passing CISSP. A MUST HAVE! - Leo Dregier
0Comment| 34 people found this helpful. Was this review helpful to you?YesNoReport abuse
on December 3, 2014
Although I recommend purchasing and reading this book, I don't recommend it as your prime study material. Ms Harris spends way too much time reiterating the same concepts, and over explaining relatively simple concepts with what is undoubtedly page filers. The more important concepts, such as encryption standards and authentication is inadequately covered to help you on the exam. I studied 4 books, including this one and the CBK and found this book to be the least helpful towards the exam. Oddly, her training videos, which are very costly cover topics not found in this book, which is very odd considering that this is supposed to be the definitive study guide. I can only assume this is to encourage you to purchase the much more costly training videos.

With a master's degree in Cybersecurity, and B.S. in Information Assurance and after reading several other books prior, I found my self constantly making correction notations in this book for information that was poorly explained or over iterated. Of course being able to correct errors in this book assured me that I was ready to take the exam.

For those taking the exam, I suggest keeping this as a cram study guide, for after you learn the subject matter elsewhere, but it is worthless in teaching you the topics needed to pass. My suggestions,

1. Read the official CBK published by ISC2 and highlight important technical information.
2. Repeat step 1, but this time read your highlights
3. Read the Sybex official guide, and highlight sections you are still unsure and the reread only highlighted sections.
4. Skim through this book, and read references to the items you highlighted from the prior two books, for a different perspective. At this point, you should be familiar enough with the material that you can make corrections to Ms Harris's book and be able to more accurately explain the topics.
5. Never study for longer than 2 hours. Typically after the first hour, you start to retain less and less information. Take frequent breaks. This will keep the information fresh and in long term memory.

What I don't recommend doing.

1. Repeatedly taking practice exams. This will not help you. In fact it will hurt you. The CISSP exam is unique because it doesn't have wrong answers. You will be presented with 4 answers, 3 of them are correct and 1 is flat out wrong. You have to pick the best answer, not the correct one. Practice Exams are memorizations of the questions and corresponding answers, which if they appear on the exam, will be slightly reworded to fool you into thinking you have the right answer when in truth, it is second or third best answer. The test writers know these practice exams exists and will intentionally try to fool anyone trying to take the easy way out.

2. Going to a boot camp. This is not only a waste of money, but will not help you learn the material. If your company is paying for your voucher, if you fail , they may want to you to reimburse. Either way, placing complicated subjects into short term memory will not help you much, the further you take for the exam. These pass for sure company's will usually give the exam directly after the final lesson in hopes that you will pass if they just gave you the lesson. This rarely helps. I have seen people attend these boot camps 3 to 8 times before passing. Doing the reading. Its not hard and knowing the material will help you greatly further down the road.

My suggestion on taking the exam.

1. Carry one of your study guides with you in the car when you go to take the test. Show up early and quickly read over the high lighted material, particularly subjects you was having difficulty with. By this time you should be very familiar with the material. This book is especially good because despite its over reiteration and failure to explain certain topics, you should be able to read through the garage info, add to the stuff not explained enough.

2. While in your car, focus on memorizing short term data, like numbers, protocols specifics and names. This sort of stuff isn't the type of data we keep in long term memory if you can help it and its usually the first to be forgotten. Don't try to fight this naturally tendency. Instead, brush up on it directly before the exam, place it in short term memory where it belongs until after the exam.

3. Read every question to its literal meaning. Your a lawyer. If the question says something, don't try to interpreted it as something else. The people writing this exam aren't stupid. If they word a question a certain way, that's exactly how they wanted it worded. There is no implied meaning to a question so don't try to analyze it.

4. Don't look for correct answers. Typically ever question will have 3 correct answers and 1 wrong one. You are trying to select the most correct one. If you immediately select the answer you think is correct, you will likely pick the wrong one. Instead, look for wrong answers and cross them out. You should be able to eliminate 1 answer right away. Take the remaining three and begin eliminating answers that aren't as good from the other. The last answer remaining is your correct one. (Again, remember there is no implied questions, do don't select answers that sound good to you, select the one that best matches the literal question as worded.)

5 Turn your test in. Congratulations, you passed.
22 comments| 41 people found this helpful. Was this review helpful to you?YesNoReport abuse
on November 28, 2012
The latest edition of the Shon Harris CISSP All In One book has once again being revamped to include all of the new changes that were introduced on the 2012 CBK.

It is definitively one of the top two books for anyone who is serious about becoming a CISSP and passing the exam on the first trial.

ISC2 has not updated their own book yet. They have only 4 chapters available in IBook format. They sell each of the chapter for almost $13 each which is totally crazy for a digital edition. It means you will pay almost $130 for the full book. For 1/4 of this price you can get the new All In One Sixth edition.

ISC2 needs to rethink their strategy.

0Comment| 17 people found this helpful. Was this review helpful to you?YesNoReport abuse
on March 26, 2010
From a perspective of preparation for the CISSP examination this book is one of the standard places to start from. In that respect, I would give it a 4-start simply because it follows the core notion of the exam itself in that it is a mile wide and an inch deep.

However, do not expect this book to provide technical details or even technical language consistently. There's a lot of verbiage, needless attempts at humor - which really degrades the overall standing of the book - and just the right amount of information, but no more.

Also, do not make this book the sole resource for preparation. You *may* pass the exam but will be none the wiser for most of what the book covers.

Given that this is a technical examination after all, I would have much appreciated if the author did not try and frame the same statement in multiple ways in the same paragraph, stuck to using consistent technical language and provided more links to resources for additional information. It would also have been nicer if the key technical points, definitions, important values were better highlighted - or even repeated in a prominent tip - after every section so that a second reading becomes a lot less demanding. The exam is challenging in itself and the book and author can do a lot more to make preparation a less demanding experience.

It is difficult to come across books that are worthy of technical appreciation and I am afraid the above points make this a middle of the road effort.

I have no particular affinity to either the author or publication but would recommend giving the Mike Chapple book a shot. You will be a lot less frustrated reading technical matter for a technical examination than with the narrative-style of the Shon Harris book.
33 comments| 28 people found this helpful. Was this review helpful to you?YesNoReport abuse
on January 16, 2013
Over my years teaching information security and working on the field I had the opportunity to consult, read and learn from a variety of sources. From specialized websites, to conference transcripts, to magazine articles, to books. The information you need is out there and there are a plethora of places where you can get the content around.

But not all the content is the same. When it comes to information security and in particular the CISSP exam the amount of information that a potential exam candidate and the new infosec professional has to understand is huge. Moving from end to end of several spectrum, going into the details of complex cryptography algorithms that involves mathematical theories that very few of us can grasp to the understanding of purely managerial concerns that seems abstract in nature but have very clear repercussions on the day to day like risk management or the concepts of confidentiality, privacy or integrity; the information security field relates to one too many disciplines and understanding those disciplines and their relation to one another is crucial for the success of the CISSP exam candidate and the infosec professional.

Where CISSP All-in-One excels at, and this has been a trademark of Shon Harris over all the past editions, is the way the content is presented to the reader. This book makes Information Security a fun and digestible read. Shon tackles complex issues with clear and to the point analogies that allows the reader to "click" into the new concept, it creates the moment of "Ohhhh... I now get it!" that makes us feel smart and alive when studying something new.

And for the experienced infosec professional this book gives him or her proven ways to explain to those that are outside of our field how things work and how they should work.

I highly recommend this book not only as an exam preparation material but also as a reference piece over those areas and subjects that we may have to re-learn as we grow in our information security careers.

Congratulations Shon, you did it again.
0Comment| 8 people found this helpful. Was this review helpful to you?YesNoReport abuse
on May 29, 2014
Where to begin?
-CISSP exam- it's a 6 hour 250 question exam with a free colonoscopy.

-CISSP book- very down in the weeds type of book. I did not use the CD but pounded the heck on the practice exam. Not as "reference book" as the CBK but it will help you understand the course material. There are some typos but every tech book has typos. I was getting 70 to 80% on the practice test before I was even comfortable with taking the exam. Coming from a very technical background I had difficulty in the "management" domains. The book helped me in understanding those parts.

-Qualitative Value- It's a good book for studying but you have to complement it with some other material. You CANNOT pass the exam on the book alone. ISC2 changed the exam (January of 2014) with a bunch of drag and drops and more scenario based questions. You have to know the material and how it applies to the situation. Unfortunately, this book does not prepare you for that. I don't think there is anything out there that can help explain the situations. You just have to know the material and how it applies.

-Quantitative Value- For less than $50 it's a great deal to include to your library. The exam costs $600 and the job salary automatically jumps you a good 20K (depending on your locality and previous education and job experience). It's a good deal

-Professional Impact Analysis - Buy the book, buy other books, go to CCCure for more info, buy another book, question your existence, reason out why you need this, buy the same book but different edition, curse out loud and register for the exam, fail the exam and repeat the process/pass the exam and feel a euphoria you never felt before then realize the responsibility you have in protecting the world from all the bad stuff it generates. If you get the CISSP you will be the IT superhero. Good luck.

-BTW- I passed the exam in under 4 hours and my colonsocopy came back as CLEAR. Wooohooo!
22 comments| 8 people found this helpful. Was this review helpful to you?YesNoReport abuse
on February 24, 2010
I bought the third edition of this book in October 2009 to prepare for the exam. The reason for buying that instead of this fifth edition is obvious. It cost me only $2.95 plus $4.00 shipping. I was a little worry at the beginning because of the new material that was added since 2005. However, I though I can supplement with material in the internet. At the end, I don't have the time because the exam was on January 16, 2010 which gave me less than 4 months. During the exam, I did not see anything that I have not seen in the third edition. If you know something about the exam, you know they are not going to ask you directly about a concept or technology. So, you really have to understand the material. Since CISSP is more about principle and concept and less about specific technology, using a third or fifth edition is not going to make a big different. I passed the exam in one shot. Don't get me wrong. Getting the latest and the greatest is always good and I will consider getting the fifth in the near future when I need to brush up the knowledge. But if you want to save a little of money, consider getting the fourth or the third.
11 comment| 36 people found this helpful. Was this review helpful to you?YesNoReport abuse
on November 10, 2012
I have had the 5th Edition of this book (and therefore that version PDF) for quite some time now, but only recently have had the time to begin preparing for the exam. As I've heard there are some changes in the exam for which having this copy of the book will be handy, I went ahead with purchasing it. Personally, I could care less for the hardcopy book, instead I purchased it to obtain the eBook PDF version. It mentions in the description that Adobe Digital Editions is required. I wasn't entirely sure what this was, but figured it was a secure copy of the eBook.

I have an iPad, and thought it wouldn't present a problem that the PDF was a Secure version. Come to find, however, that there is no native support for such a file on the iPad or via Adobe software for the iPad. I was able to find another app, Bluefire Reader, for the iPad that worked like a charm.

In order to download the Secure PDF file follow these steps: 1. Download Adobe Digital Editions (tried to paste the url, but apparently Amazon will remove urls - so just google the app name), Install and Register an account from within the Adobe Digital Editions Application, 2. Insert the CD included with the book into your computer, 3. as long as your computer is setup to auto-run, a popup will give you several options, one of which will be to obtain the eBook (the file you download is not the eBook, but rather a .acsm file that is the key file to obtain the secure pdf, 4. double click on the .acsm file to launch Adobe Digital Editions and it will then download the secure .pdf file and you should be all set for your computer.

In order to use the secure pdf file on an iPad, find the .pdf file (On OSX: your-home-directory/Documents/Digital Editions, On Windows: your-home-directory/Documents/My Digital Editions), install the Bluefire Reader App from the AppStore, login to the app using your Adobe Digital Editional account created in the steps above, then sync the file directly to the app via itunes. For more on this part of the process, follow the steps from the bluefire support page which you can find by google'ing "bluefire reader using library books".

Hope this helps and removes any hesitation from purchasing this fine work. Cheers and good luck to all on the CISSP exam!
33 comments| 11 people found this helpful. Was this review helpful to you?YesNoReport abuse