Posted: Sat Oct 23, 2004 2:47 pm Post subject: Book Review - The CISSP Prep Guide, 2nd Edition
The CISSP Prep Guide 2nd Edition
Author(s): Ronald L. Krutz & Russell Dean vines
Publisher:Wiley Book Specifications: Soft-Cover, 1024 pages
Category: Computer Security Certification
User Level: All levels
Suggested Publisher Price: $60.00 USA/ $86.99 CAN/ £39.99 Net UK
Amazon.co.uk:The CISSP Prep Guide 2nd Edition Amazon.com:The CISSP Prep Guide 2nd Edition
Info from Back: "The U.S government has mandated that all contractors – nearly all current CISSPs, and those yet to be certified as CISSPs – attain the security engineering subject certification Information Systems Security Engineering Professional (ISSEP). The ISSEP targets specific job requirements or career directions, and is an extension of the Certified Information Systems Security Professional (CISSP) certification – the industry standard test for IT security professionals. The CISSP Prep Guide, Second Edition includes new, up-to-date CISSP review material that is relevant to the ISSEP, and provides comprehensive coverage of the ISSEP for those individuals who already have the CISSP credential.”
In the security industry today there is now a rather cluttered environment when it comes to certifications. There is a great deal out there now going all the way from the basic of Security+ to the highly technical one’s such as the GIAC certifications. Where does that leave the budding security professional though? If you are new to this field of computer security work then you have a dizzying array of seemingly good choices. Fact of the matter is though that is not true.
As with most things involving money you should always exercise “buyer beware” before registering for a certification. There are a few notable exceptions though. They would be the CISSP and the new ISSEP as well as the afore-mentioned GIAC certs. Simply put you won’t be wasting your money or time by attempting to get one of these certifications. What distinguishes the two or rather three from each other? Well it is generally acknowledged that the CISSP is the premiere certification for the security professional in a management position while the GIAC one’s are for the technical specialists. That being said if you aspire one day to make it to a management level then even the technical specialists should strive to get the CISSP. Lastly the CISSP has received recognition from ISO as a professional certification.
Content & Overview
This book (which is a hefty tome indeed) is broken down into three parts. One of these parts are the appendices. The other two relate to the CISSP itself, and the new ISSEP. Much as one would expect the material on the CISSP is broken down into the ten CBK’s or common bodies of knowledge. If at this point you have not heard of what the ten CBK’s are then please see the below noted;
1) Security Management Practices
2) Access Control Systems
3) Telecommunications and Network Security
5) Security Architecture and Models
6) Operations Security
7) Applications and Systems Development
8) Business Continuity Planning and Disaster Recovery Planning
9) Law, Investigation, and Ethics
10) Physical Security
You will note from the above noted list that pretty much every aspect of network security is covered. Each of these ten CBK’s receives a thorough treatment from the authors. Though like many people if cryptography is your weak link then the cryptography section actually is longer then the others at a total of sixty pages.
Also in this book is extensive coverage of the new ISSEP certification offered by isc2. Seen above in the “info from the back” section is the fact that the US government will soon require all contractors to have this certification. If you plan on doing any work for the .gov then you may want to buy this book on that strength alone. Lastly as to content is the very large part comprising the appendices. There is a total of seven appendices covering everything from answer to assessment questions to glossary of terms, and acronyms. Also in the appendices is what is on the accompanying CDROM. Suffice it to say that the book is very much a wealth of knowledge when it comes to the CISSP and ISSEP certifications. I don’t believe after having gone through it that they left anything out at all.
Style and Detail
The first thing I noticed about the book was that it had a very nicely laid out “contents” list. For a book of this length and depth having such a detailed “content” list is rather crucial. If you are like myself quite familiar with certain CBK’s then you can quickly go to area’s that are still giving you trouble. Beginning each chapter though is the actual definition of the domain itself. Once again if you are new to the industry itself this is quite invaluable to have as a clear, and concise definition is not always easy to come by. Following the domain definition is the meat of the book itself, which are in-depth explanations of the expected exam content. After all of the material is covered for a certain domain the chapter wraps up with assessment questions. This formula is used by most books for it tests you on the material you have just covered. A rather logical flow of learning followed up by a quizzing.
While some may argue as to the validity, or merit of the CISSP there is no arguing that it is the best known network security certification out there today. What this book will give you is a very solid platform on which to base your studies should you choose to pursue this certification. I for one would counsel anyone in the security industry today to get the CISSP, and to buy this book to aid them in their preparation. The material is not only very well laid out there is also the accompanying CDROM, which has on it the Boson testing engine to help gauge your level of knowledge. This CD is a very nice addition to the book. I for one wholeheartedly endorse this book.
This book gets an SFDC 8/10 from me
Keywords for this post: The CISSP Prep Guide 2nd Edition
This review is copyright 2004 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum