Information Security Management Handbook, Fifth Edition

The book is actually Volume 1 of the Information Security Handbook, Fourth Edition. This CD ROM contains Volume 1, plus Volumes 2 and 3 of the handbook, making it a more complete compilation of the material that encompasses the ten domains of the Common Body of Knowledge (CBK) of Generally Accepted Systems Security Principles (GASSP). See the product page for Volume 1 for reviews and a complete description of that subset of this CD ROM.

Volumes 2 and 3, like Volume 1 are aligned to the ten domains, but have more up-to-date material and new papers addressing a wider array of topics. Moreover, CISSP candidates will find a great deal more study material, and working practitioners will find information that covers emerging trends and technologies that have surfaced since Volume 1 was published.

The new or expanded material of the two additional volumes on this CD ROM are:

Volume 2 - (published in 2000), goes deeper in network security, but also covers interesting topics such as single-signon (will be of particular interest to organizations implementing LDAP), centralized authentication, and related topics in addition to newer coverage in each of the ten CBKs.

Volume 2 (published in 2001), is an overall update for each of the CBKs and contains a lot of fresh material that is fair game for CISSP exam questions, as well as a compendium of fresh material for practitioners.

In addition to the convenience of having all of this material on a CD ROM vs. over ten pounds of paper, the contents are searchable using the built in search facility, and can be printed when hard copy is required. This is a nice feature for consultants who can bring a wealth of reference material on site for quick cross-referencing during assessments or developing action plans that are consistent with the GASSP. Of course, the fact that this collection is more complete, comprehensive and up-to-date than the book by the same title makes this an attractive choice for anyone who requires working references or wants to prepare for the CISSP examination.

Rating:
Summary: Excellent reference!
Review: Excellent reference!

This is an excellent security reference!

If you are looking for a pure CISSP prep book, this is not the best. But for general info sec, this is an awesome book.

Rating:
Summary: Excellent reference!
Review: Excellent reference!

This is an excellent security reference!

If you are looking for a pure CISSP prep book, this is not the best. But for general info sec, this is an awesome book.

Rating:
Summary: Inconsistent and Occasionally Inaccurate
Review: I recently took and passed the CISSP exam. I used this book along with the CISSP Prep Guide as my main references. I also used CISSP Exam Cram. The opinions expressed below are not a guide to what's on the exam - just general opinions about what I liked and disliked about the book. I enjoyed a number of sections in this book particularly the ones on Biometrics (ch 1), computer crime law (ch 30) and the principles of cryptography (ch 20). My favorite section was the one on forensics (ch 28) and I would really like to see a book from Mr Welch on this subject. The section on Kerberos (ch 21) was very detailed but also very dry and boring. It needs some more editing. The chapters on Single Sign-On (ch 2) and PKI (ch 22) were not very worthwhile. The section on risk management was much more informative than a similar section in the CISSP Prep Guide - but I think I would need a lot more training to be of any use in performing quantitative risk analysis. The index was sadly lacking and a glossary definately would have been nice. All in all this was a very worthwhile book and I would recommend it - particularly if you are preparing for the CISSP.

Rating:
Summary: Good supplemental reading for the Security dude
Review: This book gives good supplemental reading about the 10 domains. It is a must read for the CISSP candidate, but don't depend on it entirely. The chapters are well written, thought provoking and topical. You need it on your shelf if you're a real security person.

Rating:
Summary: Not written as an exam guide & is Vol 1 of 3 volumes
Review: This book is a collection of papers that covers the ten domains of the Common Body of Knowledge (CBK) Generally Accepted Systems Security Principles (GASSP). As a compendium of knowledge from acknowledged experts this book represents an exceptionally valuable tool for security practitioners, and because the papers are grouped by CBK domain, it is also a useful study aid for anyone who is pursuing CISSP certification.

The papers, individually and collectively, contain a wealth of information. However, anyone who wants to use this book as a resource for preparing for the CISSP exam should know that this book is Volume 1 of a three volume set. Moreover, this is not a book that was written as a study guide as much as a professional reference, and it isn't the only book a CISSP candidate should read.

For the practitioner this book is an excellent investment because it does cover all ten CBK domains in great detail. However, I recommend investing in the CD ROM version of this book (Information Security Management Handbook on CD-ROM, ISBN 0849312345), which contains this book and Volumes 2 and 3. The CD ROM is more up-to-date and is more convenient then three books that combined contain nearly 2000 pages.

Regardless of whether you opt for this book or the CD ROM, you'll gain a wealth of knowledge from this book and if used in conjunction with other sources of information you will be well prepared to pass the CISSP exam.

Rating:
Summary: Not written as an exam guide & is Vol 1 of 3 volumes
Review: This book is a collection of papers that covers the ten domains of the Common Body of Knowledge (CBK) Generally Accepted Systems Security Principles (GASSP). As a compendium of knowledge from acknowledged experts this book represents an exceptionally valuable tool for security practitioners, and because the papers are grouped by CBK domain, it is also a useful study aid for anyone who is pursuing CISSP certification.

The papers, individually and collectively, contain a wealth of information. However, anyone who wants to use this book as a resource for preparing for the CISSP exam should know that this book is Volume 1 of a three volume set. Moreover, this is not a book that was written as a study guide as much as a professional reference, and it isn't the only book a CISSP candidate should read.

For the practitioner this book is an excellent investment because it does cover all ten CBK domains in great detail. However, I recommend investing in the CD ROM version of this book (Information Security Management Handbook on CD-ROM, ISBN 0849312345), which contains this book and Volumes 2 and 3. The CD ROM is more up-to-date and is more convenient then three books that combined contain nearly 2000 pages.

Regardless of whether you opt for this book or the CD ROM, you'll gain a wealth of knowledge from this book and if used in conjunction with other sources of information you will be well prepared to pass the CISSP exam.

Rating:
Summary: Nothing short of a masterpiece
Review: This book truly is a masterpiece. Tipton has compiled all of the diverse chapters smoothly and keeps your attention with subtle humor. This book is a "must have" if you are to be responsible for the implementation of BCP/DRP in your organization.

Ignore the negative responses. You have to possess a higher level of knowledge in order to comprehend books of this nature.

Very enjoyable reading. Bravo Tipton and Krause.

Rating:
Summary: A Must for Information Security
Review: This CD is a must for all CISSPs and those who wish to become one. This CD ROM also has material not found in the printed format.