- Series: (ISC)2 Press
- Hardcover: 1304 pages
- Publisher: Auerbach Publications; 4 edition (March 11, 2015)
- Language: English
- ISBN-10: 1482262754
- ISBN-13: 978-1482262759
- Product Dimensions: 7.2 x 2.5 x 10 inches
- Shipping Weight: 5.4 pounds (View shipping rates and policies)
- Average Customer Review: 134 customer reviews
- Amazon Best Sellers Rank: #24,542 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Official (ISC)2 Guide to the CISSP CBK, Fourth Edition ((ISC)2 Press) 4th Edition
Use the Amazon App to scan ISBNs and compare prices.
The Amazon Book Review
Author interviews, book reviews, editors picks, and more. Read it now
Frequently bought together
Customers who bought this item also bought
Browse award-winning titles. See more
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
My main beef with the book is that it's unnecessarily wordy and highbrow. Here's an example.
"Specifically, what the security architect needs to accomplish through the investment of this time is to gain a better understanding of the usage scenarios that each stakeholder brings to the system in question and what the intricacies of those scenarios are in order to perform a risk analysis against them, and as a result, he or she will gain a better understanding of the powerful threats and vulnerabilities to be addressed as part of any defenses that may be planned and implemented".
Good gawd, I almost fell asleep while typing that out. That sentence could easily be cut in half.
Here's another example.
"Several common methods of cryptography exist including stream-based and block ciphers. The information security professional must have a basic understanding of both to ensure further understanding of encryption implementations."
The second sentence is unnecessary. It just adds weight to the book.There are a ton of sentences like that all throughout the book.
"Computers are inherently designed for predictability not randomness. Computers are so thoroughly deterministic that they have a hard time generating high-quality randomness. Therefore, special purpose built hardware and software called "random number generators," or RNG's, are needed for cryptography applications. The U.S. federal government provides recommendations on deterministic random number generators through the NIST. An international standard for random number generation suitable for cryptographic systems is sponsored by the International Organization for Standardization as ISO 18031. A rigorous statistical analysis of the output is often needed to have confidence in such RNG algorithms. A random number generator based solely on deterministic computation done solely by a computer cannot be regarded as a true random number generator sufficient in lack of predictability for cryptographic applications because its output is inherently predictable."
The last sentence is totally unnecessary. That was already stated in the first two sentences. I could give you many, many more examples but you get the picture.
The publisher must have wanted to get this book out quickly to capitalize on the new CISSP exam so they opted to skip proofreading.
Here's some proof for you.
"Iris scanning is the most accurate biometric technology."
"Retina scan devices are probably the most accurate biometric available today".
That's 4 points down the drain if I get a question on the exam about the most accurate biometric.
I especially love this one.
"Some areas to consider are actions such as planning for delivery of office supplies to the alternate site, setting up a package delivery account for the alternate site like UPS or Airborne...."
Airborne hasn't been around since 2003 when it got acquired by DHL.
Go with the latest Shon Harris book, she does a much better job of explaining the material. Although it doesn't reflect the new 8 domains, it still has everything you need to know to pass the latest CISSP exam, and you won't be bored to death.
I am sending my copy back for a refund. I understand that (ISC)2 had to update the CBK, but they could have taken a little extra time for editing, or could have done a better job of planning ahead for a release that coincided with the April 2015 changes.
I believe this book is essential in your preparation for the exam, however should not be consider a singular or comprehensive resource for exam preparation.
The information is really hard to follow in general due to the lack of appropriate structure. For example for domain 1 (Just because that's where I happen to be on my second pass):
Licensing and Intellectual Property:
- There are two categories of IT Law: Intellectual Property and Privacy Regulations
-- Intellectual Property Laws: Divided into Industrial Property and Copyright
--- Patent: Intellectual law...
--- Trademark: Intellectual law designed to protect goodwill...
--- Copyright: Privacy regulation -- yes! right here in between!
--- Trade Secret: Intellectual law...
--- Licensing issues: SW Piracy. Which is applicable only to Copyright.
I am waiting on the Official Study Guide to arrive. Which definitely looks better structured. However, I wonder how the guide will point to the book as reference... maybe it won't :-S