The CISSP Prep Guide: Mastering the Ten Domains of Computer Security

Since this is a study guide, the emphasis is on breadth, not depth of coverage, and that's the way it should be.

Several inaccuracies and typos should be corrected in the second edition (e.g. the description of lattice-based control on p. 34, or sample question 9 in Chapter 10 and its answer).

So is this now my favorite survey of computer and information security? Not quite. I still prefer "Secure Computing" by Rita C. Summers, even though it is already 4 years old. Unfortunately it is out of print, and it is a mystery why McGraw Hill wouldn't print a few thousand copies to satisfy the demand.

Another CISSP prep book is coming soon (Mandy Andress, "CISSP Exam Cram"). Let's hope it will be as good as the Prep Guide.

Rating:
Summary: Masterful Coverage, Well Organized
Review: I have had the CISSP certification squarely on my radar for about a year now, but the sheer amount of information to compile and read and remember is simply too much. This is because the compiled readings are mainly at best, guesswork. What's more, the weightages of the Ten Domains of Computer Security can be markedly different, and no one can really be sure of the importance of certain sections as compared to others. For example, both authors who are themselves CISSP certified, place Telecommunications and Network Security as more heavily covered in the exam than say, Security Management Practices, clearly a time saver for those who like me, am also pursuing the BS7799 Auditor certification.

Within each chapter, the authors also clearly prioritize the topics. In the Chapter entitled Access Systems, the topic Decntralized/Distributed Access Control takes up half of the chapter, again, demonstrating that more attention has to be paid by the reader.

Though the information to cover is vast, I never felt that I needed a map to navigate the contents. Each chapter's objectives are clearly stated, and the section lucidly explained. Best of all, the visual and textual aspects are just right for the eye. Of course, for a exam that covers 10 domains, the number of acronyms faced is numerous, but the nifty Glossary takes care of any confusion that may arise. Besides the coverage of the ten domains in 10 chapters, the Appendices are extremely helpful. Topics such as HIPAA Compliance through HIPAA-CMM are covered, so is the British Standard 7799.

If you feel that coverage is not deep enough (which is not really a factor in the exam), the authors provide useful References for Further Study, also found as Appendix H.

In summation, the book is extremely well organized, and the additional information provided in each Appendix make this not only a required study tool, but also a "must have" reference.

Rating:
Summary: Best available so far!!
Review: ...Anyhow, it really isn't necessary because this is a very good book. I am a CISA and a security consultant for a large firm, and I can say that this will be of great benefit for those of you studying the CISSP. At first glance, I don't think it can be your only study material, but it will get you very close. For [the] list price, I would have liked to have seen a study CD or such like most other guides priced much cheaper than this, but if you can get it for... less, it is money well spent.

Rating:
Summary: It's about time someone wrote this! :-)
Review: If you are considering purchasing this book, then likely you work in the information security industry and have been holding your breath for a "real" CISSP study manual. Well, breathe again friend because this book by Kurtz and Vines is what you have been waiting for! No more half-written study guides and poorly constructed "textbooks" (you know what I refer to there), this book will break it down for you and give you information on all you need to know. Don't waste time elsewhere, start here and review other materials if needed. Three cheers!

Rating:
Summary: Good Prep Guide for Passing the Test
Review: I liked this prep guide because it's not one of those huge books that's impossible to fit in your carry-on or laptop bag if you're traveling. It has enough information to pass the test, which is good enough for me because that's all I needed to pass the test this month. But, if you're one of those people who has a need to get every single question right, this is not the book for you. The book doesn't cover every single thing you need to know for the exam, just enough to pass it. The only draw back to this book is that it doesn't come with a CD with a comprehensive set of sample test questions. I had to go to one of those huge books that I bought a couple of years ago for that, but I didn't read the huge book.

Rating:
Summary: Excellent CISSP preparation guide
Review: In June 2004, the International Organization for Standardization (known as the ISO) granted certification in the area of information security for the Certified Information Systems Security Professional (CISSP) designation. With ISO certification, the CISSP is gaining in prominence, making The CISSP Prep Guide a timely and informative resource.

This book is useful for anyone preparing to take the CISSP or ISSEP (Information Systems Security Engineering Professional) exams. The CISSP is tailored for professionals working in the private sector, while ISSEP has been designed, in conjunction with the National Security Agency, for would-be security engineers.

The guide has 14 chapters. The first ten chapters correspond to the ten domains of the security Common Body of Knowledge that underlies the CISSP exam. ISSEP candidates will find the final four chapters geared to them.

A CD-ROM that accompanies the book includes simulated testing for each exam. The CISSP preparation software contains 327 questions, while another 120 are devoted to the ISSEP exam. These tests are helpful, but they should not be used in lieu of studying. Overall, the package is an effective aid for anyone planning to take the CISSP or ISSEP exam.


Rating:
Summary: Thorough Coverage of all CISSP Domains
Review: I used this book as my primary study source for the CISSP exam, it helped me pass (first time). The coverage of the ten domains is strong and and provides an excellent basis for preparing. The CISSP domain I found hardest to study for was Cryptography - this book provides great 'plain English' coverage of this topic. My only caution would be, that to maximize the chances of passing, it is better to use more than one text / source. Also, like all exams, sufficient practice makes the exam easier.

Rating:
Summary: A disappointment.
Review: I already have my CISSP and I purchased this book for the ISSEP content. I think the writing is miserable. It looks like the author simply copied and pasted contents from the referenced government documents. Yes, the information is there. No, it is not a "fun" read like Shon Harris' book. Wait for the third edition of Shon's book - I'm sure it will be much better.

Rating:
Summary: Good Prep Guide for Passing the Test
Review: I liked this prep guide because it's not one of those huge books that's impossible to fit in your carry-on or laptop bag if you're traveling. It has enough information to pass the test, which is good enough for me because that's all I needed to pass the test this month. But, if you're one of those people who has a need to get every single question right, this is not the book for you. The book doesn't cover every single thing you need to know for the exam, just enough to pass it. The only draw back to this book is that it doesn't come with a CD with a comprehensive set of sample test questions. I had to go to one of those huge books that I bought a couple of years ago for that, but I didn't read the huge book.