Official (ISC)2 Guide to the CISSP CBK ((ISC)2 Press) 4th Edition
Use the Amazon App to scan ISBNs and compare prices.
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Frequently bought together
- ASIN : 1482262754
- Publisher : Auerbach Publications; 4th edition (March 11, 2015)
- Language : English
- Hardcover : 1304 pages
- ISBN-10 : 9781482262759
- ISBN-13 : 978-1482262759
- Item Weight : 5.25 pounds
- Dimensions : 7.5 x 2.25 x 10.5 inches
- Best Sellers Rank: #397,965 in Books (See Top 100 in Books)
- Customer Reviews:
Reviews with images
Top reviews from the United States
There was a problem filtering reviews right now. Please try again later.
My main beef with the book is that it's unnecessarily wordy and highbrow. Here's an example.
"Specifically, what the security architect needs to accomplish through the investment of this time is to gain a better understanding of the usage scenarios that each stakeholder brings to the system in question and what the intricacies of those scenarios are in order to perform a risk analysis against them, and as a result, he or she will gain a better understanding of the powerful threats and vulnerabilities to be addressed as part of any defenses that may be planned and implemented".
Good gawd, I almost fell asleep while typing that out. That sentence could easily be cut in half.
Here's another example.
"Several common methods of cryptography exist including stream-based and block ciphers. The information security professional must have a basic understanding of both to ensure further understanding of encryption implementations."
The second sentence is unnecessary. It just adds weight to the book.There are a ton of sentences like that all throughout the book.
"Computers are inherently designed for predictability not randomness. Computers are so thoroughly deterministic that they have a hard time generating high-quality randomness. Therefore, special purpose built hardware and software called "random number generators," or RNG's, are needed for cryptography applications. The U.S. federal government provides recommendations on deterministic random number generators through the NIST. An international standard for random number generation suitable for cryptographic systems is sponsored by the International Organization for Standardization as ISO 18031. A rigorous statistical analysis of the output is often needed to have confidence in such RNG algorithms. A random number generator based solely on deterministic computation done solely by a computer cannot be regarded as a true random number generator sufficient in lack of predictability for cryptographic applications because its output is inherently predictable."
The last sentence is totally unnecessary. That was already stated in the first two sentences. I could give you many, many more examples but you get the picture.
The publisher must have wanted to get this book out quickly to capitalize on the new CISSP exam so they opted to skip proofreading.
Here's some proof for you.
"Iris scanning is the most accurate biometric technology."
"Retina scan devices are probably the most accurate biometric available today".
That's 4 points down the drain if I get a question on the exam about the most accurate biometric.
I especially love this one.
"Some areas to consider are actions such as planning for delivery of office supplies to the alternate site, setting up a package delivery account for the alternate site like UPS or Airborne...."
Airborne hasn't been around since 2003 when it got acquired by DHL.
Go with the latest Shon Harris book, she does a much better job of explaining the material. Although it doesn't reflect the new 8 domains, it still has everything you need to know to pass the latest CISSP exam, and you won't be bored to death.
"Whereas analog communication uses complex wave forms to represent information, digital communication uses two electronic states (On and Off). By convention, 1 is assigned to the on state and 0 to off. Electrical signals that consist of these two states can be transmitted over a cable, converted to light and transmitted over fiber optics, and broadcasted with a wireless device. In all of the above media, the signal would be a series of one of two states: On and Off."
Seriously he takes a whole paragraph to say: Digital communication uses Binary 1s and 0s in an on or off state respectively to broadcast
information over all forms of digital media.
The book seems worded to imply that the reader has no basic knowledge of computers whatsoever, which if that were the case this could be a good thing. However why would a person without any knowledge of computers want to get their CISSP? At any rate this book is as boring to read as a phone book from front to back. I only have it because my College class required it and I wasn't about to pay full price. Even as far as my class goes I have no intention of reading the whole thing only skimming for answers. If you need it I highly recommend buying it used as it is most
definitely not a keeper, even better if you can borrow it from a friend. (It's my opinion that the Author plumped up the book so he could pump up his price!)
I would suggest buying it, but please beware. Do not use it as your primary resource.
Top reviews from other countries
Large amounts of material are identical to other online sources or publications. I'm not claiming this book infringes copyright - it's possible the original authors gave permission to use their material in it, although no acknowledgements appear. It's possible that some of them copied it from the CISSP book, but in many cases the publication dates precede the CISSP book by several years, or the text contains additional features which make it clear which was the original. I amused myself for an afternoon searching for choice phrases in it and finding the sources, before remembering that the point of having the book was to pass the CISSP.
Regardless of the legality of the material, it's just not useful. I waded through about half of it, regularly throwing it down every few pages and uttering some choice words, as my wife can attest. Really, don't bother with this book. A far, far better book is the Official Study Guide for CISSP. This is arranged logically, is well explained and has practice questions.
Complete, but not concise.