IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled


"Secured Computing", Carl F. Endorf, 2002, 1-55212-889-X,
%A Carl F. Endorf etresearch@hotmail.com
%C Suite 6E, 2333 Government Street, Victoria, BC V8T 4P4
%D 2002
%G 1-55212-889-X
%I Trafford Publishing
%O U$44.95/C$64.00 888-232-4444 FAX 250-383-6804 sales@trafford.Com
%O http://www.amazon.com/exec/obidos/ASIN/155212889X/robsladesinterne
%P 538 p.
%T "Secured Computing: CISSP Study Guide, Second Edition"

Like Mandy Andress' book (cf. BKCISPEC.RVW), this concentrates on terminology, rather than the concepts that the CISSP exam actually tests for. Like Krutz and Vines' book (cf. BKCISPPG.RVW), this obviously and slavishly follows the (ISC)^2 syllabus. Unlike Shon Harris' book (cf. BKCISPA1.RVW), it doesn't provide much added value or explanation.

It does offer a money back guarantee. If, within six months of buying the book, you take the CISSP exam twice (at U$450 a pop) and fail both times, you get the price of the book back. Less shipping and handling. (Also, you might need to be careful when ordering the book. The ISBN is identical for both the first and second editions.)

Some of the errors in the first edition of the book have been corrected, but a few remain, such as the addition of a "strong star" property to the Bell-LaPadula security model.

Since the work concentrates on jargon, there are glaring gaps in the coverage. For example, the Law, Investigation, and Ethics domain has almost nothing to say about incident response, investigation, preservation of evidence, computer forensics, or interviewing.

Added to the book in this second edition is a practice CISSP exam. Although the structure of the questions appears to be similar to those you would see on a real exam, the answers, oddly enough, rely on non- standard terminology.

Approximately one third of the total material in the second edition is a reprint of the "Standard of Good Practice" document available from the Information Security Forum (www.securityforum.org). While there is nothing wrong with the document, and it could be a useful aid to the practitioner, it isn't much of a help in studying for the CISSP.

While this book might provide some assistance in exam prep, it is probably not a sufficient guide by itself.

copyright Robert M. Slade, 2002 BKSCDCMP.RVW 20020905