CISSP All-in-One Exam Guide, Second Edition (All-in-One)

CISSP test is very general (generic, and not for a specific product or service) and thus a frustration. But that is what CISSP is about. For professional and marketable working knowledge, use this book as a framework, along with many other good books such as (1) Incident Response (by Mandia & Prosise) and (2) Hacking Exposed (2nd ed, by Scambray, McClure, Kurtz) or (3) Maximum Security (3rd ed, Anonymous), or (4) Counter Hack by Stoudis, to supplement the reading and case study.

Rating:
Summary: A solid foundation
Review: The CISSP All-in-One Exam Guide is a very good jumping off point for your quest to achieve the CISSP certification. Having looked closely at both it and the CISSP Prep Guide prior to purchasing one several months ago, I found both to be solid foundations for learning but quickly came to the opinion that the Shon Harris book is far better written. Her relaxed, conversational writing style makes this a better choice for learning the basic material.

The book is not perfect, however. The index is fairly good, but not entirely thorough. The glossary is just plain lousy, but this is a fairly common complaint for technical textbooks in my experience. A glossary should contain every definable term used in a book. This one doesn't even come close. The book also implies that the bulleted summaries at the end of each chapter contain the crucial information the reader needs to know from each domain covered. This is not true at all. In reality, you will need to know everything in each chapter and quite a bit more if you want to be completely prepared for the exam. No book contains all the testable material for the exam, including this one.

Start with this book, get the basics, visit the URLs that Shon includes at the end of each section. Take notes. From there, take as many practice tests as you can get your hands on, starting with the ones on the CD included with this book. The more practice tests the better. They will not only get you used to the style of questions on the exam (this is *not* a simple fill-in-the-blank exam), but they will also quickly highlight areas of knowledge deficiency. The Boson exams are very good, as is the SRV CISSP practice book.

Rating:
Summary: Helpful Understanding of Security
Review: This book is very good from an overall security perspective. I found it helpful as a foundation and as a refresher for my understanding of the topics. I highly recommend it as a starting point towards your CISSP or for anyone who wants to gain a basic understanding of I.S. Security and Business Continuity.
Like most people will tell you the CISSP, as well as this book, is a mile wide and an inch deep. After reading this you will be well versed in the concepts and terminology but not an expert in any of the 10 subjects.

If you really want to get involved in these topics then you may want to follow up with some security based web-sites (insecure.org, packetstormsecurity.com, etc). These are invaluable learning tools.

Final note: Do not expect to read this book and be able to pass the CISSP exam. This book is a merely starting point, though it is a good one.

Rating:
Summary: CISSP prep cosmo style
Review: If I had to pick the worst IT book I have ever read, this one should be the top contender.

Writing style is unbelievably poor and appropriate for girl's magazines, but not for a serious IT or technical book. The book is so irritating that I spent twice as much time reading it as I would have with another book on similar subject. Although all domains are somewhat covered in the book, they are not exact match for the requirements described in CBK. Some concepts described in official ISC2 course are not mentioned at all, while other, which are irrelevant to the exam contents are described in fine details on tens of pages.

Definitions in the book are fairly accurate since they are taken from other documents, but examples given to visualize them are amusing, to be polite. It appears that author has never actually performed any real work, but spent all her life teaching something she read from the books. Thus you can read that application level protocols are HTTP, FTP and WWW, or that DLL interprets voltages. In each chapter there are at least few amusements.

CD is nothing to write home about, if you need good questions go for Krutz&Russel editions.

All in all, don't waste your time over this book. If you have ever been on a course where instructor does not know what he is talking about, you'll know how I felt after reading this book.

Rating:
Summary: Great idea, poor execution
Review: I was really excited about this book, and despite reading some of the not-so-great reviews, I decided to buy it. All I can say now is that I'm glad the cost was reimbursed by my company.

Did I pass the test? Yes - no problem. Did this book help? Somewhat, but not nearly as much as other tools I used. Here's why:

- Tone and length. I have to agree with some of the other reviewers that the tone of this book is unbearably chatty. One thing that appealed to me about this book was its size - I figured I was getting a ton of information from such a large book. As it turns out, the size has more to do with the author's inability to be concise, not the unusual volume of information. The author also tends to go into detail in areas where it isn't entirely relevant. For example, in the Operations chapter, several pages are spent on how email works. Although securing email is a relevant operations function, and people should know generally how email works, it is largely outside the scope of the CISSP exam.
- Level. Some of the analogies in this book are so basic as to be condescending. For example, in the Security Management chapter, the author likens a poor security structure to a house with a weak foundation, and actually includes a sketch of a house that has crumpled inward. Nevertheless, to sit for the exam, CISSP candidates have to be adults with a minimum of 3 years of industry experience. Although I think it's important to make the point that a sound security structure is vital to an organization, I don't think anyone really needs a picture of a crumbling house to get it.
- Chapter study questions. At the end of each chapter is a set of study questions. Answers are given, but no explanation, so if you don't know why you got a question wrong, you're out of luck. What bothered me more was the source of the questions. I took a bootcamp-style review course. During the day we did the ISC2 CBK Review, and in the evening the instructor spent some time going over random review questions. The set he used was identical to the set in the book. I asked him where the questions came from and he told me they were from the publicly-available pool on the Internet, on websites such as www.cccure.org. The cost of this book is so high in part because of all the "features" it has - like study questions that you can get for free on the Internet. :(
- Quality. In a book this size, I expect the occasional typo or grammatical error. This book had LOTS of errors. Sometimes several on a page. It was enough to be distracting. Not only did the copy editor not do his/her job, they didn't even bother to run a basic spelling and grammar check with their word processing software - it was that bad. I don't even think the author re-read her own work.
- CD contents. The CD purports to have three practice exams and three final exams. That would be nice. As it turns out, practice exam one and final exam one are identical, practice exam two and final exam two are identical, and practice exam three and final exam three are identical. So there are actually only three exams, not six. I suppose it's possible that I got a mis-printed CD and that other CDs really do have six exams.
- Networking and Telecomm. As most people know, the Networking and Telecomm domain is the largest. Some of you may also know that ISC2 approaches networking concepts somewhat differently than we learn with the OSI model. In the book, Ms. Harris chooses to approach networking in her own way, which is different from both the OSI model and the ISC2 approach. I think that to people who work in the area of networking and telecommunications on a regular basis this may be inconsequential. But for people who are not so familiar with this domain, it is advisable to study the material as ISC2 sees it, since that's what will be reflected on the exam. I'm one of the latter, and can honestly say that the Networking and Telecomm domain was the only one that I was worried about on the exam. I noticed the differences between the book and what was in the CBK review, and am glad that I decided not to spend time on this chapter of the book.
- Sample policies in the back. There are a number of appendices to the book that contain "bonus" material ¡V nothing you need to know for the exam. One of appendices has sample policies in it. This is my area of expertise - I've been writing policies for clients for 5 years now. The policies in this appendix are not very good. There are some terminology issues, as well as significant omissions. Given that the author doesn't seem to have deep expertise in this area, and that the CISSP exam doesn't involve writing policies, I'm not quite sure why this appendix is even in the book.

But going back to my title statement, this book was a good idea. I commend Ms. Harris for trying, and hope she tries again and makes it better - I suggest she engage experts in the various domains and co-author a book, rather than trying to do it all herself. This book isn't a total loss - it does have generally useful information. If you can borrow it from a friend or from the library, it might be worthwhile. But definitely check out cccure.org, and if you want to make a good use of $50 or so, buy a copy of Transcender's CISSP exam questions. Those were probably the most helpful to me.

Good Luck!

Rating:
Summary: I Passed. - - This book is a keeper!
Review: I sat for the CISSP and passed. I used two other books in addition to this one. (The CISSP Prep Guide: ISBN:0-471-41456-9 & Secured Computing CISSP Study Guide: ISBN: 1-55212-889-X) The author, Shon Harris, is truly a talented teacher. Her humor and practical examples make this my favorite of the three, in a sense enjoyable to read. With most study guides, I sell them after I'm done with the test. Not with this one! The quality and content of this book will provide me with an excellent reference for years to come. Studying all the material you can get your hands on is always a good idea. However, I likely could have just purchased this single book, called upon my years of hands on experience and sat for the exam.

The only VERY minor negative I have is the included CD ROM simulated test software. It seems to have left the developer's desk "half baked" as it has errors in it.

The test is very challenging. I'm glad that it is.
It is not a test for "paper chasers". You must understand and practice your profession.

Buy this book. You will not be dissapointed!

Rating:
Summary: The Best by Far for preparing for the CISSP exam
Review: I'm now a CISSP certified and I can easily say that over 90% was because of Shon's book, I read all the major ones that they have in the market and the key diference was not only that Shon prepares you for the exam but you come out understanding the reason why of certain key topics. Most Prep Guides just give you a short summary of information but do not explain how it would work in the "big picture" of life. Well Shon takes care of that. She goes in depth in all 10 domains (without being over boring) and she gives good examples of real life situation and how you would use it. If you have Shon's book you are well ahead of the game. The CISSP exam it is one of the hardest one I ever took, mainly because of the huge amount of topics that you will find and will need to know about the 10 domains, but it is one of the most gratifying certifications title to have.

Rating:
Summary: Fantastic Book for CISSP Test Takers
Review: Very very well written! I loved this book and I passed the exam last week. Bravo Shon Harris.

Rating:
Summary: New "CISSP Prep Guide Second Edition" is better
Review: I have several CISSP books, including this one and the just released "CISSP Prep Guide: Mastering the CISSP and ISSEP Exams". While this is a good book, the new Krutz/Vines book has more information, is more up-to-date with better questions and a better value, with 1000+ pages @ $40. I can also use it for my ISSEP study when I get my CISSP. FYI: don't get the older "Prep Guide" variants, get the latest one.

Rating:
Summary: Don't study just one book!
Review: There are 250 questions in the exam. Since the authors are all CISSPs, they are not allowed to directly give away the questions. Each book offers a relative limited number of practice questions. When I was preparing for the exam I realized that I would need to practice with a large number of questions to be properly prepared. So, I decided to ignore all the comments here on which book was better. I bought and read several books to prepare for it. My logic was: if I read an additional book and it helped me to get just that one additional question that I might need to pass the exam it would worth the additional $500 that I would have to otherwise pay to take it again. I took the exam recently and passed! Looking back, this and the others all helped.