Cissp (Isc)2 Certified Information Systems Security Professional Official Study Guide

This was my main source to study for the CISSP. I couldn't stomach Harris' overt sexism, and annoying attempts at humor at the beginning of each paragraph in the AIO. The ISC2 Official guide simply made me want to stab myself in the eye with a fork - too dry. I couldn't read that book for 10 minutes before falling asleep. Now regarding this book: It had the correct amount of information and level of detail. It's moderately dry also, but come on, this is IT Security, not your favorite murder mystery novel. It came with a very decent CD that was well-worth the price alone. Now here's the disclaimer: Not one of these books is going to give you all you need to pass the exam, so pick at least two, so you get plenty of coverage. The exam is 50 percent knowledge and 50 percent logic, so be prepared to take plenty of practice exams and read the questions slowly and carefully on the real exam. If you master this book and do that, you'll be a CISSP. Good luck!

I picked up this book and the Shon Harris book as primary study resources for the CISSP exam. I thought this book was far superior to the Harris book for a number of reasons including readability and usefulness of the subject matter coverage beyond the exam. The Harris book had all of these little 'cute' italicized sayings when introducing many topics and they were either confusing, not cute or distracting. Example - "Trust and Assurance: I trust that you will act properly, thus I have a high level of assurance in you. Response: You are such a fool." What the heck? As I read each book my initial take was that the authors for this book were more experienced than the Harris book, and I quickly put the Harris book down. I do a lot of consulting and I thought this book had some chapters that would be good reference for higher level managers that aren't strong technically. Bottom line - I passed.

This book is adequate to pass the CISSP exam --I did, and only like 600 pages to read. I also go the Shon Harris book, but it is tooo loong-- like 1000 pages, and too detailed. I also got the Official ISC2 book to hear it from 'the horse's mouth'. All 3 have CD ROMs with questions. This book is a bit dated now, Shon's book was re-released in late 2006. -- You want to try to really pass the CISSP the first time. Good Luck!!

In response to M. from NY - "Sloppy work" posted July 10, 2006: I am the primary author on this book. M. from NY - I appreciate your comments. I appologize for any errors or typos that appear in the text. However, several of the items you mentioned as problems are not so. Yes, there are typos, but you won't find a single book in print that does not have typos. Authors and editors try to eliminate these, but they continue to crop up due to the number of people who handle manuscripts and tools used to get materials into print. Yes, even in multiple editions, old errors can be retained and new errors introduced. P 54 - yes, ICMP is mis-spelled as IMCP. That is a typo. P 254 - an relational database does define one to one relationships, such as one item in a column to one item in a row. An RDBMS does not limit the number of rows or columns that can exist in the database. You completely misunderstood the concept. You are confusing the concept that each row can have entries in mulitple columns, and that mulitple rows can exist with values in each column. P 251, Q 10 - nonvolatile should be volatile, that is a typo. However, RAM is not a sequential access technology, it is dynamic or random access. In fact, that is exactly what the acronym stands for "Random Access Memory". Yes, you can force a computer to access RAM sequentially, but you'll be doing so by creating software code to perform that action, RAM will still be random access no matter what. Tape devices are sequential access. Once again, you are not seeing the concepts clearly. P277 - yes, CGI is not a language, it is a concept / technique of allowing client input to be received and processed on the Web server by a server-side script or application. This is an error introduced by the editor. CGI scripts or applications can be written in many languages. P371 - that is a mistake, it should read "...into simple machine lanaguage instructions..." You have only mentioned 6 issues, two which are your misunderstanding, one which is a simple typo, and three which you are correct they are errors. Your scathing poor review of our work is not justified by the evidence you have presented. I challenge you to find any other CISSP book that is as current and exhaustive as ours which does not have errors. You will not find one. I will be adding these items to the errata to help ensure these errors are corrected in the next edition. I appreciate your input, you are entitled to your opinion, but I urge you to be realistic and sensible in your critique. I'll be happy to address anyone's concerns or issues with this book. We, the authors, editors, and publishers of this book, have worked hard to update and improve the contents of this work in the production of each edition. The CISSP Study Guide 3rd Edition is to date the most current, complete, and exhaustive book for preparing for the CISSP exam. Posted May 4, 2006: I must take offense with "Doggers"' review as his statements about my bo

I must admit a soft spot for Sybex (and Ed Tittel) study guides, having used them extensively for Microsoft exams. This book follows in that tradition, providing a good balance between detailed explanation and comprehensive coverage of the exam topics.The bundled CD is useful. I raced through the 250 flash cards in an hour, which is good for jogging the memory. The four bonus exams, of 75 questions each, are good, but are not as difficult as the real thing. These exams provide grades broken down by each CISSP exam domain, which is excellent for identifying topics for revision.One book can not guarantee coverage of all CISSP exam topics, particularly given the long list of references on the CISSP suggested reading list. I also skimmed through a friend's copy of Shon Harris's "All-in-One" exam guide. I would still rate this book higher, but Harris's book covers some topics in more detail then the Sybex book. The "All-in-One" practice exams are more difficult, though some of the questions are not clearly worded.The biggest disappoint I have with the exam preparation experience is with the CISSP's ten domains. The examination questions are based on 'good exam fodder' from topics in the ten domains. The topics lean towards an academic approach to security, rather then knowledge needed by a working security professional.The other references I would strongly suggest to help to gain a security brain, as well as a high exam score include: Stephen Northcutt's `Inside Network Perimeter Security', Ross Anderson's `Security Engineering', and Syngress's `Special Ops'. Maybe I should take one of the SANS security exams, which are much more practical in nature.And best of luck with the exam!