- List Price: $290.00
- Save: $233.31 (80%)
- FREE return shipping at the end of the semester.
- Access codes and supplements are not guaranteed with rentals.
Other Sellers on Amazon
& FREE Shipping. Details
Follow the Authors
Information Security Management Handbook, 6th Edition 6th Edition
Considered the gold-standard reference on information security, the Information Security Management Handbook provides an authoritative compilation of the fundamental knowledge, skills, techniques, and tools required of today's IT security professional. Now in its sixth edition, this 3200 page, 4 volume stand-alone reference is organized under the CISSP Common Body of Knowledge domains and has been updated yearly. Each annual update, the latest is Volume 6, reflects the changes to the CBK in response to new laws and evolving technology.
Books with Buzz
Discover the latest buzz-worthy books, from mysteries and romance to humor and nonfiction. Explore more
- Publisher : CRC Press; 6th edition (May 14, 2007)
- Language : English
- Hardcover : 3280 pages
- ISBN-10 : 0849374952
- ISBN-13 : 978-0849374951
- Item Weight : 14.7 pounds
- Dimensions : 10.3 x 3.5 x 14.1 inches
- Best Sellers Rank: #675,188 in Books (See Top 100 in Books)
- Customer Reviews:
About the authors
Top reviews from the United States
There was a problem filtering reviews right now. Please try again later.
I gave it a 2 star because I was disappointed at the number of errors and omissions I discovered in this book, for example chapter 4 has 4 dates for ITGI's begining which are all wrong, Chapter 8 has the correct date. as matter of fact if I was the editor of the book, I would remove the entire chapter 4. I was happy to see Kevin Henry bring up the "placement of security" but he does not take it far enough. So chapter 14 we are back to "IT" based information security. I think it is time for security experts to start writing outside the box, most companies have confidential information that is not "IT" related, take contracts as an example.
Chapter 76 "Intrusion in information system security simply means the attempts or actions of unauthorized entry into an IT system. " really!, this is 1990's way of thinking Gildas Deograt-Lumy Roy Naldo Please read The Art of Intrusion by Kevin D. Mitnick.
I would write a book describing all that is wrong with this book, only if I had the time and writing skills some of which was wasted reading this book, Oh by the way Mr.Ralph Spencer Poore, there are so many exciting new standards coming up with cryptographic key management you should have and could have written about, such as the 1619.3, but I guess I have to read yet another book to learn about it.
The content is excellent for security professionals, particularly those at the management level. There are 220+ articles within the 10 (ISC)2 domains on a wide variety of topics. Most of the stuff is higher level but just technical enough for you to have confidence in the concepts presented. It would probably be typical that you'd read an article in here for one of three reasons: background research for an immediate decision that doesn't require detailed technical knowledge; introduction to concepts that will require further in-depth research; or research for a presentation to senior management, in which case you'd have to distill and simplify conceptually (something you're probably already used to).
You will find multiple articles on single topics- some more complete than others, and potentially with a variety of perspectives, so you'll have to make your own calls on what's presented. It's not a "InfoSec Management for Dummies" book that will give you easy answers to your problem or a step-by-step "how to implement an InfoSec program" guide; it's more like an encyclopedia for research that you can use to factor into making your own, independent decisions. For example, there's not a lot of specifics on actual risk assessment techniques, but there are high level articles on the principles.
I wish each of the individual articles were specifically dated so I'd know the time context; seeing a statement like "the position of CISO was virtually unheard of five years ago" or even "80 percent of companies monitor their employees' email" means less without knowing when the article was written.
I could probably find a lot of similar information Googling for it, but Google doesn't seem to be what it once was (or the Internet for that matter... so much for the days of shared research) and my time is too valuable to spend a lot of it culling through blogs, noisy forums, and marketing junk disguised as whitepapers to get this information.
For the record, I have passed the CISSP exam. I did not use this book, nor would I recommend it as a study guide. I bought this particular book because I needed it as a reference for my work. If you mastered this book cover to cover and didn't read anything else, you'd probably do OK on the exam, but there are far more efficient means to getting there.
It is a fairly easy read and is modular, but after I have used it for my courses I won't be keeping it for reference. It is far too dated.