- File Size: 1631 KB
- Print Length: 133 pages
- Simultaneous Device Usage: Unlimited
- Publication Date: May 12, 2014
- Sold by: Amazon Digital Services LLC
- Language: English
- ASIN: B00KAYL51E
- Text-to-Speech: Enabled
- Word Wise: Not Enabled
- Lending: Enabled
- Amazon Best Sellers Rank: #667,791 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
The CISSP companion handbook: A collection of tales, experiences and straight up fabrications fitted into the 10 CISSP domains of information security Kindle Edition
"Children of Blood and Bone"
Tomi Adeyemi conjures a stunning world of dark magic and danger in her West African-inspired fantasy debut. Learn more
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Customers who bought this item also bought
Would you like to tell us about a lower price?
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
But if you are looking for an entertaining and educational book to give a break to the monotonous work of CISSP preparation; this is your guide, and a very funny one at that. Even for those security gurus that have the treasured and adored CISSP certification (and all the more so for those with SANS certifications), the book is a witty look at the world of information security, and ones man’s observation of it.
What are Malik’s accomplishments? Well, he really knows information security and brings a lot of experience to the table. He won the RSA Social Security Blogger award for the most entertaining blogger, as well as the best security video blogger and most entertaining blog at the European Security Blogger Awards. The book is entertaining in the sense that he doesn’t drone on about information security abbreviations and acronyms.
When discussing TCP/IP, the book uses rock music as an analogy. Drums are TCP, an electric guitar is UDP; vocals are IP, with the band manager as ARP and the record label are RARP. While those analogies certainly won’t help you pass the test; they will definitely give you a more realistic understanding of what the protocols really do.
No CISSP guide would be complete without a reference to the Bell-LaPadula model, which the book mentions on page 107. The book doesn’t really define it, but notes that it may be used and implemented in pencil pushing governmental departments.
As an aside, I once worked with a really smart guy who once worked with Len LaPadula at Bell Labs. He couldn’t tell me what the model was either. But he did note that most people mispronounced his name as La-pa-doo-la. When Dr. LaPadula himself pronounced it as le-pad-you-lah.
In movies such as Cars, much of the humor is lost on the children, while the adults will laugh. This book is very much like that in the sense that those have been in the industry for a while will get the humor and irony Malik’s writing. In Domain 3: Information Security Governance & Risk Management, he writes that if you do things just because they are best practices, you end up becoming an auditor, and notes that nobody likes an auditor. In the footnote, he clarifies hat despite the sweeping generalization, there are some good and effective auditors in existence… a few. Only those who have been in information security for a while can appreciate the humor there.
The book is only available for the Kindle, and at 99 cents, that comes out to less than 10 cents per CBK domain. Note that in the book, he never defines what CBK stands for, which would leave a CISSP candidate grasping in horror for an acronym without a definition.
When it comes to pure CISSP guides, a best practice is to use the CISSP All-in-One Exam Guide by Shon Harris, all 1,500 pages of it.
If you want the funniest and cheapest and downright educational guide around, nothing beats The CISSP companion handbook: A collection of tales, experiences and straight up fabrications fitted into the 10 CISSP domains of information security.
For example, his explanation of asymmetric cryptography is worth the price of the book.
Have you ever tried to explain asymmetric encryption to someone who has never heard of it?
It is a maddening process that usually adds confusion rather than clarification.
You can talk all about substitution and transposition of characters. You can scream about how to secretly exchange keys. You can do all this while your blood pressure rises and the person to whom you are explaining it just becomes more mystified at your gibberish rant.
However, if you read Javvad’s description of asymmetric cryptography, you will be able to explain it to anyone and watch their eyes light up as they start to understand the beauty of it.
Equally, if you are studying for the CISSP exam and that cryptography chapter is making you reconsider your career in InfoSec, read Javvad’s explanation and your eyes will light up, because you too will now understand.
Then I read "The CISSP companion handbook" by Javvad Malik.
The scales fell from my eyes as I joyfully read riveting word after riveting word. My intellectual horizons grew ten sizes larger as I was captivated by Javvad's clear and compelling prose. I understood security like I never had before...and I knew what I needed to do.
I am ashamed to admit that I had, in the past, scoffed at the CISSP. "Mile wide and an inch deep" I would announce..."Only useful to impress HR dweebs" I would think... "Not worth doing at only six-pence cost" I would say to myself in a voice eerily reminiscent of how you would imagine Keanu Reeves would sound doing a posh London accent.
But I have seen the light. Nay, I have *become* the light. The light of security, compliance, and goodness that cannot be extinguished...
And I owe it all to Javvad...