Product Description

The Third Edition of this proven All-in-One exam guide provides total coverage of the CISSP certification exam, which has again been voted one of the Top 10 IT certifications in 2005 by CertCities. Revised and updated using feedback from Instructors and students, learn security operations in the areas of telecommunications, cryptography, management practices, and more. Plan for continuity and disaster recovery. Update your knowledge of laws, investigations, and ethics. Plus, run the CD-ROM and practice with more than 500 all new simulated exam questions. Browse the all new electronic book for studying on the go. Let security consultant and author Shon Harris lead you to successful completion of the CISSP.

Product Details

• Amazon Sales Rank: #108584 in Books
• Published on: 2005-09-15
• Original language: English
• Number of items: 1
• Binding: Hardcover
• 1001 pages

From the Back Cover

Prepare to pass…the CISSP certification exam

Get complete up-to-date coverage of all the material on the Certified Information Systems Security Professional (CISSP) exam inside this all-inclusive resource. With full treatment of all the 10 exam domains, as developed by the International Information Systems Security Certification Consortium (ISC)², this definitive tool contains learning objectives at the beginning of each chapter, sidebars with in-depth technical explanations, practice questions, and real-world scenarios. Detailed and authoritative, this dual-purpose volume serves as both a comprehensive certification study guide and a fundamental on-the-job reference.

Get full details on all 10 subject areas covered on the exam:

• Access control systems and methodology
• Applications and systems development security
• Business continuity planning and disaster recovery planning
• Cryptography
• Law, investigation, and ethics
• Operations security
• Physical security
• Security models and architecture
• Security management practices
• Telecommunications and network security

Included on the CD-ROM

• Simulated exam with practice questions and answers
• Complete electronic book
• Cryptography CBT demo

About the Author
Shon Harris, CISSP, MCSE, is the president of Logical Security, a security consultant, and a former engineer in the Air Force’s Information Warfare unit. She has taught computer and information security to a wide range of clients, including RSA, the Department of Defense, the National Security Agency (NSA), Bank of America, and others. Shon was recognized as one of the top 25 women in the Information Security field by Information Security Magazine.

Customer Reviews

I'll try to be serious
I've read some reviews and they are very controversial, so if you feel you're getting confused read this.

I've just got a confirmation that I passed the test, and I used only this book for studying. So that books is definitly not a joke and can get you through.

Why the reviews are so different?

First, the author's style. It's more like recorded lectures then a reference. The author included some jokes and funny examples. They are perfectly correct, not abusive, they add some spice to a highly proffesional text and I personally love them because they make reading that huge book not so boring, but looks like the fact the style is different drives some people mad.

Second, the nature of the exam. The covered area is very wide and includes more topic then most people normally know and use. So many readers think the topics they know the best could be written better. The problem is because of so wide coverage you can not go deeper then a certain level. The book is almost 1000 pages long and I personally think it's well balanced and provides adequate knowledge for the test. Yes, some chapters could be extended but then you'd be overwhelmed by the volume and I doubt it would improve your passing score significantly.

Some people complained about mistakes. Well, it's true, there are some. But, it's the same idea here. They are not crucial and don't really affect your score much.

It's like if you need to get to the airport and you friend offers help you don't really care what car he has. But if you go to dealership to buy a car every minor option gets so important. Same idea here. If your goal is to pass the test, the book can be used as the only training material and provides adequate up-to-date information in a resonable volume for a pretty cheap price. The book does it's job and does it well. It also has some personality so you may love or hate it, but it's just your emotional perception. The knowledge is there.

The Best Available in Market
I enjoy reading this book very much. I believe that this book is the best so far in the market for CISSP and as an introduction and survey to provide a solid framework for the field, and especially for those to prepare CISSP. It is very well written as a summary (better and comprehensive than "The CISSP Prep Guide" by Krutz, et al) with the orignial and critical sources. My delight and best part of this book: for each topic the author kindly provides the web sites (for further study and reading).

CISSP test is very general (generic, and not for a specific product or service) and thus a frustration. But that is what CISSP is about. For professional and marketable working knowledge, use this book as a framework, along with many other good books such as (1) Incident Response (by Mandia & Prosise) and (2) Hacking Exposed (2nd ed, by Scambray, McClure, Kurtz) or (3) Maximum Security (3rd ed, Anonymous), or (4) Counter Hack by Stoudis, to supplement the reading and case study.

How to study and pass the CISSP.
Three weeks after I took the CISSP exam, I received an email telling me I had passed. I came out of the exam fairly confident I'd pass but one can never be too sure with the CISSP - the questions are quite ambiguous and quite often you are making an educated guess in picking out what you think is the best among the 2 choices you have narrowed down to. It has often been said that the CISSP is an exam that is an inch deep and a mile wide. You'd be lucky if you use more than half of what you studied for this exam. I am a software engineer and I know I will never have to choose which fire extinguisher to use for which kind of fire, unless I am actually struck in one!

Now here are a few tips about how to study and pass this exam effectively. Good and bad things have been said about Shon Harris's book. Most of the time people are happy with the fact that this book is a one stop shop and covers the entire curriculum quite comprehensively. Likewise, most of the time, people are frustrated by the bad jokes and the poor editing. Both charges are true. This was pretty much the only book I used to study and though I did peek into Ronald Krutz from time to time, I found that Krutz is not only a drier textbook but also that it covers a lot of detail that goes beyond the scope of the exam. For instance in the cryptography chapter, Krutz goes into the details of the algorithms in some depth that this not required for the exam. So, after all it is true that Harris's book is "All-in-One" as it claims to be. It is however entirely true that the editing is shoddy. Other people have said in their reviews that Shon Harris's lighthearted writing style makes the CISSP preparation a lot more bearable. While its okay to be light hearted and humorous, it is quite frustrating to sit down at home after a day's work at the office and have to wade through half a dozen pages before she gets to the meat of the matter. With some intelligent editing, the number of pages in this book can really be cut down by at least a third. Because of this rambling style of writing, so much of the truly useful information has been relegated to the appendices in this book. So after all this bashing, should I buy this book or not, you ask? Yes, you should buy it. Not because it is flawless but because the other books are a little more flawed than this one!

So what do you do about the long winded writing? Take notes. That way you dont have to wade through it again when you are looking for some particular piece of information the day before the exam. I took about 200 pages of notes as I read this book. The summary at the end of each chapter is very succinct, so between the summaries and the notes, I was able to revise the whole book in a couple of days just before the exam. This was truly helpful. This is probably just my style but taking notes also drove the concepts down deeper into my memory.

While it may be possible to pass this exam with just this book, you'd be well advised to try a few practice tests. I got Boson's six tests but used only three. I have complaints about the quality of the Boson tests. Several of the questions were very badly framed, some of them were out of the exam's scope and many explanations were unconvincing. Some of the URL links in the explanation were broken. There is a feedback menu item on the Boson test that I used extensively to tell them they need to improve but I know other people have done that and it is not clear Boson actually takes this feedback seriously. Despite all these complaints, I think the tests helped. Boson allows you to take the tests in chunks of sixty questions each and that helps because you don't have to set apart 6 hours at once to take the entire exam. It also helps that Boson splits your score by domain and shows you clearly where you need to improve. So despite all the deficiencies, try Boson. I have also heard from other CISSPs that PrepLogic has a good set of questions that mirror the real exam quite closely and you may want to try that out too.

The other study tool I used was Shon Harris's 3-DVD collection and this in my opinion is a total waste. You cannot use it as a standalone resource to pass the exam though it is mostly a summary of the concepts covered in the textbook. There is an occasional video that helps you understand concepts better but for the most part, you just have Harris's talking head and deadpan voice. This may have been useful if it had been an audio CD instead, at a fraction of the price.

A lot of people also have good things to say about www.cccure.org which has a CISSP discussion forum, free reading material and free practice tests. I didn't use it at all and was still able to pass but it'd be a good idea to check it out.

Good luck with your CISSP.