CISSP Cert Guide 1st Edition

This CISSP Cert Guide is good resource to use as a final review before taking the exam. I can't say that it is better than other books because the only other books that I have purchased for the CISSP exam is the Office ISC2 Guide. However as far as study guides good this one seem to be clear and focused. You don't get access to the information available on the accompanying CD with the Kindle addition, however I am still happy with the purchase.Note. I do not have a kindle, I use the kindle app on my Samsung tablet and I have had no issues and I don't have any complaints.

Loved this book, its all you need for the CISSP. Several contractors within our company used this book to pass the cert test. Wish I had this book when I was taking my test. Over-all We used this book as a team to review to take the test. Having passed this test a few years ago, I found this book a great review. And yes I am going to use it for this years CME's :)

This is a very good book to read. The writing style and contents are very comprehensive and focused.Unlike other books e.g the CBK that mingle every piece together and difficult to understand.

Simple and easy to understand. Choose this book as your skeleton and the other as reference.

Excellent, Delivered on time, Good Job and keep-up

Do you want to acquire additional certifications beyond the CISSP certification? If you do, then this book is for you! Authors Troy McMillan and Robin Abernathy, have done an outstanding job of writing a book that will help you pass the current version of the (ISC)² CISSP Certification Exam.Authors McMillan and Abernathy, begin by discussing why the CISSP credential is a way security professionals can demonstrate the ability to design, implement, and maintain the correct security posture for an organization based on the complex environments in which today’s organizations exist. Then, the authors introduce you to access control, where a subject’s ability to communicate with an object is allowed or denied, based on an organization’s security requirements. They also cover the protection of wired and wireless transmissions and of the network devices that perform the transmissions; as well as, some networking fundamentals required to understand transmission security. The authors continue by showing you how to use the information security governance and risk management components to assess risk, implement controls for identified risks, monitor control effectiveness, and perform future risk assessments. Then, they discuss software development methodology, best practices for secure development, and types of malware and methods of mitigating the effects of malware. The authors then introduce you to cryptography concepts, cryptography history, cryptosystem features, cryptography methods, encryption systems, message integrity, public key infrastructure, key management, encryption communication levels, e-mail security, Internet security, and cryptography attacks. Next, they take a closer look at some of the security issues that can be created during development; some guidelines for secure practices; and, some of the common attacks on software that need to be mitigated. The authors also cover operations security concepts and their application to an ever-changing environment. They continue by explaining the business continuity and disaster recovery concepts that you need to understand for the CISSP exam. Then, the authors cover all of the topics regarding the legal, regulations, investigations, and compliance domain for the CISSP exam. Finally, they focus on the complete treatment of preventing intentional and unintentional damage to facilities, equipment and people.Throughout this most excellent book, you will see references made to policies and principles that can guide you to all of the security operations. Also, throughout this great book, the importance of preventing physical access to assets has been emphasized.

As an instructor I’m faced with the choice, over and over, of a thick, detailed textbook versus a more concise one. Thinner would be the easier choice, except that some authors manage to make their thicker books easy, even breezy reading. Other thick books are just … thick. Many of the A+ texts, for instance, go much, much deeper into details than the test they cover does.This book, which is for the 10-domain test, strikes a very good balance. At 470-odd pages of actual reading material (less Glossary, Index and front matter), it’s a reasonable size for the cert courses I teach. I found it easy to cover 50 pages an hour, though I’ve got over 20 years’ experience with this area so not much slows me down. But I’ve dealt with many (many) books filled with page after page of thick, hard-to-read and hard-to-comprehend text, so many that the slimmer, more terse books tend to make me cautious. This one’s slim and terse and absolutely readable.Tight texts like this work by using short, declarative sentences. They state facts, explain simply, and provide solid nuggets of useful information, but they also don’t supply many examples, don’t try to explain things using scenarios, and don’t provide much if any historical context. If you’re already the kind of network professional you’re supposed to be to test for this certification, this won’t be a problem. A couple of paragraphs of discussion can cover Kerberos just fine – for the initiated. If you’re trying to “leverage” your way to a higher certification (and it pays to know that if you can’t document five years’ experience, you get an “associate” certification), though, this may not be the book for you. Actually, if you haven’t done the real groundwork, this isn’t the certification for you, either.One very strong point about the Pearson IT cert texts is the sample questions and tests. I’ve seen too many questions in sample tests from several sources that are mangled, ungrammatical, ambiguous or just plain incorrect, but not here. As a long-time technical editor, I appreciate the good, clear, concise questions and the use of multiple plausible answers that made me slow down and think before choosing. The chapter-end questions and sample tests also seem very much in what I’d label “(ISC)2 style” – there is little or no sneakiness about them, unlike the questions common on some certifications I could name but won’t. They’re short and clear: What’s the second step in a Business Impact Analysis? On which layer is the Internet destination address added? And you either know the answer or you don’t, simple as that.It was a little sad that the CD that came with my book had some kind of manufacturing defect that looked a little like a tire had run over the edge of the disk, rendering it useless. Ironically, it really was useless: since I already have the Pearson test engine installed, the enclosed license code did the trick all by itself, downloading the latest version of the test and activating it. From there it was all joy for me. With any luck this was a sheer fluke no one else will run into.Where I did see some weakness in the text was in the tables and diagrams. Personally, I never like matrix tables: a crosswalk of administrative controls against access control categories means almost nothing to me unless something entices me to look carefully at the rows of Xs. This type of table is often necessary for compliance documentation, but it makes for pretty dull reading in a textbook. And diagrams are best if they show relationships and flow. Eight gray bubbles in a row do NOT illustrate the complexity of the ticket-granting process, for instance. From my own experience writing textbooks, I know this is a tough area. Personally, I cheat: I hire a graphic designer and build the simplest, clearest flow diagrams we can make. And fortunately, in this case, not all the graphics are tables and rows-of-bubbles diagrams. Some, for instance the software development models, are pretty good. In fact seeing the waterfall model as an inverted view of the agile model gave me an interesting moment.A really good glossary and index are gold for most of my students. You know how this field is: the acronyms are like a bowl of Alpha-Bits, and the nomenclature is thicker than the nearest competitor (psychology). In this book the glossary and index cover over 120 pages, which is to say a quarter the size of the reading proper. For a lower-level text it would be too much. For this cert it’s enough, but not too much. These things are not easy to build, and you’ll appreciate them when you’re scratching your head: where the heck did they define this?I’d be confident to teach from this text immediately, and I’d be confident taking the test after reading this. At this point I’m still evaluating books for teaching the CISSP going forward, but the certification is looking like a winner because of the demand I’m seeing for it in the sectors I serve: labs, bases, government and education. For this class of student, this book is just about ideal.Full disclosure: I get textbooks for review from several sources, in this case from Pearson IT Certifications. I also work for a certifying organization (ISECOM), participate in building certifications (the OPST and SAI), write textbooks and teach at two universities (UNM and NMSU), so while I’m not the usual test subject, I am frequently the instructor.