Like
Mandy Andress' book (cf.
BKCISPEC.RVW), this concentrates
on
terminology, rather than the concepts that the CISSP
exam actually
tests for. Like Krutz and Vines' book (cf.
BKCISPPG.RVW),
this
obviously and slavishly follows the (ISC)^2 syllabus.
Unlike Shon
Harris' book (cf.
BKCISPA1.RVW), it doesn't provide much
added value
or explanation.
It
does offer a money back guarantee. If, within six months
of buying
the book, you take the CISSP exam twice (at U$450 a pop)
and fail both
times, you get the price of the book back. Less shipping
and
handling. (Also, you might need to be careful when ordering
the book.
The ISBN is identical for both the first and second editions.)
Some
of the errors in the first edition of the book have
been
corrected, but a few remain, such as the addition of
a "strong star" property to the Bell-LaPadula security model.
Since
the work concentrates on jargon, there are glaring
gaps in the
coverage. For example, the Law, Investigation, and Ethics
domain has
almost nothing to say about incident response, investigation,
preservation of evidence, computer forensics, or interviewing.
Added
to the book in this second edition is a practice CISSP
exam.
Although the structure of the questions appears to be
similar to those
you would see on a real exam, the answers, oddly enough,
rely on non-
standard terminology.
Approximately
one third of the total material in the second edition
is
a reprint of the "Standard of Good Practice" document
available from
the Information Security Forum (www.securityforum.org).
While there
is nothing wrong with the document, and it could be a
useful aid to
the practitioner, it isn't much of a help in studying
for the CISSP.
While
this book might provide some assistance in exam prep,
it is
probably not a sufficient guide by itself.
copyright Robert M. Slade, 2002 BKSCDCMP.RVW 20020905
|
