Customer Rating:  
Summary: CISSP
Comment: I think the authors of this book are more lucid than many other course materials I have read about these major domains. I liked the diagrams and their explanation, plus the terminology library is useful. It is getting older, though, and may need to be brought up to-date, especially the test questions.
Customer Rating:
Summary: CISSP test
Comment: The study guide is fine for experienced professionals. More like a reference encyclopedia. If a beginner use the Shon Harris book.
I studied with an online course and this book. The book actually explained area's that were vague on online.
Overall a good reference to keep around after the test.
Customer Rating:
Summary: Very in depth but very dry
Comment: A very good in depth guide, but very dry and hard to read as a result. I recommend the Shon Harris book in lieu of this as it will keep your attention much longer.
Customer Rating:
Summary: Not quite everything you need to know to receive the CISSP certification,
Comment: This is a complete guide to passing the CISSP exam. It's mostly well written, handsome, and despite its bulk, I found it easier to carry around that the usual computer guide.
My beef is with the accreditation itself. Too much of the (ISC)2 required body of knowledge presented here is either out-of-date, irrelevant, naive, silly, or wrong.
For example, in the physical security chapter, security professionals are advised to encourage notebook PC users to avoid carrying their notebooks in computer cases because that will tip off potential thieves. That's just plain silly advice, at least in everyday life. I might follow advice like that if I were to visit a particularly dangerous city like Rio or Johannesburg, but a typical North American or European city, forget it.
In the chapter dealing with legal aspects of security, the author states that software piracy is just like the theft of a book from a bookstore. No, it isn't. Intellectual property is not a settled area of law and is continually changing. I'm not saying (ISC)2 should advocate software piracy but neither should they go around making definite statements about something that is still not well understood.
In the chapter on networking, much is made of the "ping-of-death" attack. Well, the ping of death is ten years out of date. It makes as much sense to study that for the CISSP exam as to study Token Ring over coax cabling for the MSCE exam: it's irrelevant.
So, if you are required to pass the CISSP certification get this book. If you want to learn about security, then my advice is to read up on UNIX system administration, subscribe to magazines like SysAdmin, and then read up on Windows and on other topics, and above all take every opportunity at work to think about security at your job. To be a generalist, the best thing is to learn from many different sources.
Vincent Poirier, Tokyo
Afterword: I underwent the exam last March and passed. I can't talk about the exam's content (as part of the agreement one signs upon taking the exam) but I will make one positive comment: the questions were more relevant and less naive than the study material had led me to expect.
VP, Dublin
Customer Rating:
Summary: CISSP
Comment: Dear Sir/Madam,
Thanks for your great help, I have a very good text book for my study.
Thanks for your efficient and reliable service too,
Jacky
|
