IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled



 


CISSP, Security+ Book Reviews

Index

CISSP
Security+



CISSP

"Advanced CISSP Prep Guide: Exam Q & A", Ronald L. Krutz/Russell Dean Vines, 2003

Like "The Total CISSP Exam Prep Book" (cf. BKTCIEPB.RVW) before it, this volume contains no tutorial material, only questions, and then questions and answers. The format is quite similar to the Peltier work, with the book divided into the standard ten domains. A major difference is the inclusion of a CD-ROM with a testing engine. Every CISSP candidate wants sample exams and sample questions, so the query remains, are the questions any good?

Read More ...



" CISSP All-in-One Certification Exam Guide", Shon Harris, 2002


Chapter one is a very reasonable review of the CISSP (Certified Information Systems Security Professional) credential, and the (ISC)^2 (International Information Systems Security Certification Consortium) exam process, including recertification. As with most of the chapters in the book, it has a set of sample questions, and while I could quibble with some, they cover a decent range of topics and a representative extent of difficulty.

Read More ...


"
CISSP for Dummies", Lawrence Miller/Peter Gregory, 2002

A 'cheat sheet' is bound into the front of the book. It offers some general advice for taking the CISSP (Certified Information Systems Security Professional) exam, the most useful aspect of which is to prepare. Most of the tips are vague, such as the suggestion to budget your time, or review CISSP resources, without any information about what factors should be considered in time management or where to find resources.

Read More ...


"CISSP (Exam Cram)", Mandy Andress, 2001

It is interesting, and somewhat disturbing, to note that while there are a number of effusive quotes on and inside the cover extolling the virtues of the Exam Cram series, none specifically mention this book.

Read More ...


"CISSP Examination Textbooks", S. Rao Vallabhaneni

These books will not help you study for or write the CISSP (Certified Information Systems Security Professional) exam.

These books may, in fact, make your study more difficult, and your chances of passing the exam more remote.

Read More ...


"The CISSP Prep Guide", Ronald L. Krutz/Russell Dean Vines, 2001

Of late there has been a significant increase in interest in the CISSP (Certified Information Systems Security Professional) exam and designation produced by the (ISC)^2 (International Information Systems Security Certification Consortium). The CISSP exam is based on the Common Body of Knowledge (CBK) which, as the name implies, is that information assumed to be customarily known by those qualified or experienced in the field of computer security. Since the (ISC)^2 also runs courses based on the CBK, many people seem to feel that there is some trick or secret to passing the exam.

Read More ...


"The CISSP Prep Guide Gold Edition", Ronald L. Krutz/Russell Dean Vines, 2003

I happened to notice, in the preparation of this review, that a certain online bookstore has a special in relation to this title. You can buy it, along with the "Advanced CISSP Prep Guide: Exam Q & A" for a price slightly less than that of the two volumes together. Pity those who take the bookstore up on their offer: this volume is nothing more than "The CISSP Prep Guide" (cf. BKCISPPG.RVW) and "Advanced CISSP Prep Guide: Exam Q & A" (cf. BKADCIPG.RVW) bound together.

Read More ...


"CISSP Training Guide", Roberta Bragg, 2003

The introduction and frontmatter appear to be much more concerned with the structure of the book (and this particular series of books) than the CISSP (Certified Information Systems Security Professional) exam. The initial list of topics covered by the domains has notable gaps and some oddities in organization.

Read More ...


"Mike Meyers' Certification Passport CISSP", Shon Harris, 2002

There is a "Check-In" foreword, which seems to be about the series, and an introduction that provides a very terse overview of the CISSP (Certified Information Systems Security Professional) exam.

The book consists of ten chapters, one for each of the CBK (Common Body of Knowledge) domains. "Security Management Practices" demonstrates that the book is perhaps a bit too thin: illustrations and other materials from Harris' "All-in-One" guide (cf. BKCISPA1.RVW) appear, but most of the tutorial material is vague and generic.

Read More ...


"Secured Computing", Carl F. Endorf, 2002

Like Mandy Andress' book (cf. BKCISPEC.RVW), this concentrates on terminology, rather than the concepts that the CISSP exam actually tests for. Like Krutz and Vines' book (cf. BKCISPPG.RVW), this obviously and slavishly follows the (ISC)^2 syllabus. Unlike Shon Harris' book (cf. BKCISPA1.RVW), it doesn't provide much added value or explanation.

Read More ...


"The Total CISSP Exam Prep Book", Thomas R. Peltier/Patrick D. Howard, 2002

Both the preface and the back cover copy stress the assertion that" until now, [CISSP (Certified Information Systems Security Professional) candidates] were not afforded the luxury of studying a single, easy-to-use manual." Despite the reservations that I may have about the quality of their works, this statement must surely be a shock to Shon Harris (cf. BKCISPA1.RVW), Mandy Andress (cf. BKCISPEC.RVW), S. Rao Vallabhaneni (cf. BKCISPET.RVW), and Ronald Krutz and Russell Vines (cf. BKCISPPG.RVW) and Carl Endorf (wait for it). (Well, I suppose that, technically, Vallabhaneni's is *two* books ...)

Read More ...


Security+

"Mike Meyers' Security+ Certification Passport", Trevor Kay, 2003

Given the organization of the Security+ objectives, part one covers general security concepts and chapter one is on access control. Some factors are dismissed a little bit too concisely: it is difficult to justify the blanket statement that biometric authentication is" extremely accurate and secure." (Biometrics does get a bit more explanation in the chapter on physical security, but there is no indication of that in this location.)

Read More ...


"Security+ Study Guide and DVD Training System", Michael Cross et al, 2002

The book admits that the Security+ certification from CompTIA (Computing Technology Industry Association) is, in comparison to the CISSP (Certified Information Systems Security Professional), an entry level designation. At the same time, Security+ has obviously been influenced by the CISSP. There are five "domains": general security concepts, communications, infrastructure, cryptography, and organizational security.

Read More ...