Mandy Andress' book (cf.
BKCISPEC.RVW), this concentrates
terminology, rather than the concepts that the CISSP
tests for. Like Krutz and Vines' book (cf.
obviously and slavishly follows the (ISC)^2 syllabus.
Harris' book (cf.
BKCISPA1.RVW), it doesn't provide much
does offer a money back guarantee. If, within six months
the book, you take the CISSP exam twice (at U$450 a pop)
and fail both
times, you get the price of the book back. Less shipping
handling. (Also, you might need to be careful when ordering
The ISBN is identical for both the first and second editions.)
of the errors in the first edition of the book have
corrected, but a few remain, such as the addition of
a "strong star" property to the Bell-LaPadula security model.
the work concentrates on jargon, there are glaring
gaps in the
coverage. For example, the Law, Investigation, and Ethics
almost nothing to say about incident response, investigation,
preservation of evidence, computer forensics, or interviewing.
to the book in this second edition is a practice CISSP
Although the structure of the questions appears to be
similar to those
you would see on a real exam, the answers, oddly enough,
rely on non-
one third of the total material in the second edition
a reprint of the "Standard of Good Practice" document
the Information Security Forum (www.securityforum.org).
is nothing wrong with the document, and it could be a
useful aid to
the practitioner, it isn't much of a help in studying
for the CISSP.
this book might provide some assistance in exam prep,
probably not a sufficient guide by itself.
copyright Robert M. Slade, 2002 BKSCDCMP.RVW 20020905