Official (Isc)2 Guide to the Cissp Exam

I recently passed the exam, and can honestly say that it is essential to have this book, if only as a reference. The main reason is that the Terminology and Definitions used in this book are "Official" meaning you can expect to see them used in the exam (although not always in industry.) I found that the various books differ slightly, and although this may sound insignificant, it can lead to incorrect answers. Remember that the exam is about providing the "best answer" so if one book uses the term "Separation of Duties" and another uses "Segregation of Duties" which is the better term to remember? Another point is that very few people are experts in all 10 domains, and certainly no author I have read so far. This book was written by several people, who are experts in different domains, which makes the content a bit more acceptable. Admittedly, the book is not that exciting to read, but it contains all the necessary ingredients to pass the exam. Some "easier reading" books explain concepts a bit better, but have a surprising number of factual errors mostly because the author is not fluent in the specific domain. Also the balance tends to be a problem, where authors focus too much on their favourite domain and focus less on other domains. This can lead to a misconception about the balance and difficulty of questions in the exam. A good idea might be to read several books on the subject, but keep referring back to this one to make sure you are still on track.

I highly recommend this book when preparing for the CISSP exam. It is a wealth of information and well laid out. I did not have problems with the different authors writing styles. The book is broken into the 10 Domains and is designed to be a reference for you as you prepare for the exam, AND as a reference in the Information Security Field. This book was my primary study resource when preparing for the exam. After studying the official guide for a few weeks, I was fully confident that I would pass and I had no problems on test day. This book is well worth the price.

Honestly folks, the exam is designed for somebody with 3 - 5 years of experience in security. All of the low reviews apply to the ability of this book to serve as a training guide for security - a task for which it is not designed. The book did an excellent job of isolating how the test would ask questions and how ISC2 expects a CISSP candidate to understand and answer questions about security as a security professional. Highly recommended for both a study review and a professional reference. {For the curious, yes, I passed the test with the assistance of this book.}

I always read the negative reviews to get a better handle on the quality of the book. I become suspicious of negative reviews when people mention errors (which seems to happen to every cert book) but then don't give any examples of them. I'm not finished with the book yet but what I've read so far seems accurate and pretty straight forward. I'm not saying there aren't errors but just that I haven't found any yet. Like any test, you shouldn't rely on just one book to pass it but this book should definitely be on the list of those you read.

This was my favorite book for studying for the CISSP exam because it provides information directly related to what is needed to know to pass. I recommend it for anyone taking the CISSP or for anyone who wants to gain a basic understanding of the broad range of information system security topics. I found the level of detail beneficial and continue to use it as a reference tool.