Rating: 
Summary: Good Basics for CISSP review
Review: I felt the need to respond to the negative reviews of this book. The ISMH is designed to give the reader an introduction to specific basic material in a domain format under the CISSP program. It was never designed to be a brain-dump or all inclusive study guide to pass the exam. Subsequent volumes of this series either updates or introduces other topics in each domain.If you are looking for an all inclusive study-guide for the CISSP cert then this book is not for you. However, it is easily arguable that no book can be an all inclusive tome of the expansive subject matter the certification covers. I highly recommend the recommended reading list on the ISC2 web site.
Rating: 
Summary: Did I get a bad copy?
Review: I have read the 1st 150 pages. The references to exhibits are all messed up - the discussion of radius, diameter and tacacs servers is brutal. They seem to keep replacing the three interchangebly clearly making mistakes. And to top it off only 9 domains are included? I think something must be wrong with the copy I received.
Rating: 
Summary: Passing the CISSP Exam
Review: I have read this book, and while it is no doubt a good book, it is VERY dry and boring. I feel somewhat confident after reading this, but I will be buying the practice exam for this exam from boson.com before I step foot into that exam room (as well as some late night cramming). This book does seem to cover the various domains despite you will constantly have to pinch yourself while reading ;-)
Rating:
Summary: Very informative - a great asset
Review: I recently took and passed the CISSP exam. I used this book along with the CISSP Prep Guide as my main references. I also used CISSP Exam Cram. The opinions expressed below are not a guide to what's on the exam - just general opinions about what I liked and disliked about the book. I enjoyed a number of sections in this book particularly the ones on Biometrics (ch 1), computer crime law (ch 30) and the principles of cryptography (ch 20). My favorite section was the one on forensics (ch 28) and I would really like to see a book from Mr Welch on this subject. The section on Kerberos (ch 21) was very detailed but also very dry and boring. It needs some more editing. The chapters on Single Sign-On (ch 2) and PKI (ch 22) were not very worthwhile. The section on risk management was much more informative than a similar section in the CISSP Prep Guide - but I think I would need a lot more training to be of any use in performing quantitative risk analysis. The index was sadly lacking and a glossary definately would have been nice. All in all this was a very worthwhile book and I would recommend it - particularly if you are preparing for the CISSP.
Rating:
Summary: CISSP exam and the Information Security Management Handbook
Review: I see in the reviews of this book that it can be used for the CISSP exam. If you have taken the exam or are studying for it I'd like to ask you what you found or are finding to be useful in preparing for the exam. You can contact me at chris.mauro@esi.baesystems.com. If this book is the end-all be-all, so be it. I'm curious to know if the SRV books are useful or if the (ISC)2 seminar is this ticket. thx.
Rating:
Summary: Don't use ISM to study for the CISSP
Review: I took and passed the CISSP exam without this book. It was then recommended to me by a fellow professor. I reviewed it and found that it had very little information that was of use in taking the CISSP exam. Moreover, several folks who work for me have used this book as CISSP prep and failed the exam. Save your time & money, don't buy it.
Rating:
Summary: It's not an end-all, but it's a great reference book
Review: I'm currently using it to study for the CISSP examination, so I read it cover to cover (Which was not an easy thing to do). The authors use quite a bit of jargon and get very cerebral at times, so have some sort of IT or network security background before digging in. Although I didn't agree with everything the authors sugested, most of their procesess were right on target. I use the book extensively as a reference in my position as both an investigator and a Security Analyst. It will give the IT professional an appreciative look at security, computer crimes, and legal aspects of performing technical investigative duties. I highly recommend the book, but be wary, it can be difficult to follow at times if your reading straight through. Again, it's a great reference.
Rating:
Summary: An excellent starting point for the CISSP exam
Review: If you are studying for the CISSP or the new SSCP test, a good foundation on which to build is the Information Security Management Handbook. [Full Disclosure: I wrote one of the articles in the book]. The benefit of the book is that it is very broad in scope. Readers will be able to get a handle on the CBK (Common Body of Knowledge), on which the CISSP exam is based. Nonetheless, the breadth of the CBK means that the Handbook can't be simply read over a long weekend. It takes a lot of time to assimilate the myriad information. Given that there is no comprehensive study guide for the exam, anyone planning on sitting for the CISSP exam will find himself or herself referring to the Handbook fairly often. The only downside to the book is that since there are so many authors involved with the content of the book, there is a lack of consistent verbiage in it. But even for those that don't plan on sitting for the CISSP exam, they will find that the Handbook is a great security reference.
Rating:
Summary: Don't use this as your only study tool
Review: Many folks use this book to study for the CISSP exam. It's good to research specific topics, but don't use this book as your only study tool.
Rating:
Summary: Don't use this book alone
Review: No one book will help you 'pass' the CISSP exam. If you believe that such a book exists, you are disillusioned. If you are studying for the CISSP exam and choose to read this book, remember that you will need to 1) use a variety of sources to enhance your subject matter knowledge 2) read(pick)through volume 1 and 2 (this is volume 3) to get a full picture of what this series of books has to offer in general knowledge about the subject of information security. However, this is a popular book given that at the time this book series was started (early-mid 90's), there were few, if any, other books that even came close to aggregating the common body of subject matter knowledge. Of course, now there are several books out that attempt to cover the ten domains in an attempt to help people 'pass' the CISSP exam (ala MCSE, CNE cram-style).
| 
