"This book should be part of your study plan for the CISSP." -J. Stapp

The Effective CISSP: Security and Risk Management is for CISSP aspirants and those who are interested in information security or confused by cybersecurity buzzwords and jargon. It is a supplement, not a replacement, to the CISSP study guides that CISSP aspirants have used as their primary source. It introduces core concepts, not all topics, of Domain One in the CISSP CBK - Security and Risk Management. It helps CISSP aspirants build a conceptual security model or blueprint so that they can proceed to read other materials, learn confidently and with less frustration, and pass the CISSP exam accordingly. Moreover, this book is also beneficial for ISSMP, CISM, and other cybersecurity certifications.

This book proposes an integral conceptual security model by integrating ISO 31000, NIST FARM Risk Framework, and PMI Organizational Project Management (OPM) Framework to provide a holistic view for CISSP aspirants. It introduces two overarching models as the guidance for the first CISSP Domain: Wentz's Risk and Governance Model.

• Wentz's Risk Model is based on the concept of neutral risk and integrates the Peacock Model, the Onion Model, and the Protection Ring Model derived from the NIST Generic Risk Model.
• Wentz's Governance Model is derived from the integral discipline of governance, risk management, and compliance.

There are six chapters in this book organized structurally and sequenced logically. If you are new to CISSP, read them in sequence; if you are eager to learn anything and have a bird view from one thousand feet high, the author highly suggests keeping an eye on Chapter 2 Security and Risk Management.

This book, as both a tutorial and reference, deserves space on your bookshelf.

This book has a nickname, CISSP Sudoku 365, a metaphor of turning the 365 questions into the exciting game, Sudoku. It is for CISSP aspirants who:

1. intend to learn by topics,
2. finish the first round of study, or
3. sprint for the CISSP exam.

Reasoning and Justification

This book not only provides a pool of quality questions and suggested answer keys but also advocates reasoning and justification. Most of the questions synthesize two or more facts and entail an analysis of the implications.

How to Use This Book

To use this book effectively, readers need to:

1. think, research, and study intensively,
2. use judgment and critical thinking, and
3. develop justification and identify the best answer.

Handy Navigation Experience

This book also features its handy navigation experience. Readers can navigate between questions and answers and justification from the author's blog. If you have tried this Sudoku challenge and not retreated, you may feel more comfortable in the real exam.

CISSP數獨365!

這是本書的另一個名字！它是一個比喻，希望能把365個具有挑戰性的考試題目變成令人興奮、又好玩的遊戲-數獨。

這本書是為對CISSP充滿熱情的考生而寫，適合以下讀者:

1. 打算採取主題式學習
2. 打算採取主題式學習
3. 為CISSP考試作最後衝刺

推理與論證

這本書不只提供高品質的題庫及解答，更提倡推理和論證的過程。大多數問題綜合了兩個或更多的知識點，需要進一步分析題目的意涵。

如何使用本書

為了有效地使用這本書，讀者需要:

1. 仔細閱讀、思考、找資料、及研讀
2. 運用判斷力和關鍵性思考能力
3. 提出接受或拒絕每個選項的理由，並選出最佳答案

便捷的瀏覽體驗(僅適用Kindle電子書)

讀者可以在題目、答案以及作者網站詳解頁面之間快速切換。或者在作的網站輸入題目日期或關鍵字查詢，以獲得英文詳細解說。