IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled


"CISSP Examination Textbooks", S. Rao Vallabhaneni, 2000, , U$213.00 %A S. Rao Vallabhaneni srvbooks@aol.com
%C P.O. Box 681354, Schaumburg, IL 60168-1354
%D 2000
%I SRV Professional Publications
%O U$99.00 per volume 847-330-0126 www.srvbooks.com
%P ~500 p. per volume
%T "CISSP Examination Textbooks" (vol 1 Theory, vol 2 Practice)

These books will not help you study for or write the CISSP (Certified Information Systems Security Professional) exam.

These books may, in fact, make your study more difficult, and your chances of passing the exam more remote.

At the very best, the time you spend studying these books will be wasted, when you could have been reviewing other, more useful material.

If I went back through the files I might be able to find one, but, off the top of my head, I cannot recall a technical book with a poorer structure, organization, or grasp of the titular material. Many authors fail to do full research. A large number present the content in a disorganized manner, forcing the reader to do more work. Some have their own idiosyncratic definition of the topic, and may be slightly misleading in what they deliver. Seldom do the confluences of those aspects reach the depths of uselessness seen in these volumes.

While the (ISC)2 (International Information Systems Security Certification Consortium) CBK (Common Body of Knowledge) domain structure can be problematic, the "Theory" volume does not seem to follow either the (ISC)2 study guide nor the CBK course outline. Point or section numbering is inconsistent, making it difficult even to follow the material. Tables and illustrations are unclear, and either baldly repeat surrounding text, or have no relation to it. (Tables are often carelessly broken between pages, making reading of the charts and also surrrounding text extremely difficult.) There are endless mistakes in spelling, grammar, and sentence or paragraph structure. Non-standard terms are used, and not defined. Occasionally small variations in phraseology seem to imply different topics that further (and pointless) study reveals to be identical. Major heading are sometimes simply printed, and are not explained or introduced. Certain topics and phrases are heavily emphasized, although not defined, and many of these are the most minor of issues in terms both of security and of the CISSP exam. Much of the technical material is confused, such as an analysis of the correspondence between "ISDN and OSI networks," which is something like comparing apples and juice extractors. The text contradicts itself frequently: a simple list of firewalls on one page does not relate to another three pages later. Some technologies have only one aspect explained, others are touched on without mentioning inherent dangers, others are so confused that closely related topics end up being set in opposition to each other. (The malware definitions, needless to say, are appalling.)

The "Practice" volume is a set of multiple choice questions supposedly similar to those you would encounter on the CISSP exam itself. Only those on the exam committee would be able to say, for certain, how close these questions come to the real thing, but I can say that, in terms of information security, a great many of these questions simply make no sense. The quality of the second volume seems to approximate that of the first.

I must say that, while the books and the Web site do carry a disclaimer that the tomes are not endorsed by (ISC)2, I am slightly appalled that (ISC)2 has not objected to the use of this particular name. In fact, these books appear on the (ISC)2 resource list. Which, itself, carries a disclaimer that such a listing does not imply any endorsement. Even so, the simple association gives the work a cachet that is wholly undeserved, and probably misleading.

At the risk of repeating myself, if you are studying for the CISSP:

Do not buy these books.

If you have bought these books, do not read them.

(If you have passed the CISSP, you can, of course, do whatever you wish.)

copyright Robert M. Slade, 2001 BKCISPET.RVW 20011122