Nonfiction

ISC2 CISSP Certified Information Systems Security Professional Official Study Guide

ISC2 CISSP Certified Information Systems Security Professional Official Study Guide

  • Downloads:7094
  • Type:Epub+TxT+PDF+Mobi
  • Create Date:2024-05-22 09:20:42
  • Update Date:2025-09-07
  • Status:finish
  • Author:Mike Chapple
  • ISBN:1394254695
  • Environment:PC/Android/iPhone/iPad/Kindle

Reviews

Mara G

The longevity of this read is something to be scoffed at, as the next generations of this book are already in the works。 The mismatched domains makes this read a jittery nightmare at best。 Repetition was meant for pianists, whom I am not, and be it repetition at least try my brain at a difficult concept。 I will not be recommending this for my students。

Tyler

This review has been hidden because it contains spoilers。 To view it, click here。 (Actually read the 9th but didn't want to be the only review)Best resource to prepare yourself for the exam imo。 (Actually read the 9th but didn't want to be the only review)Best resource to prepare yourself for the exam imo。 。。。more

Max Pietsch

Listening to this on audiobook made me realize how verbose it is。 It's hard to listen to just because there are so many words。 Were the authors just trying to make a longer book so it sells better for people who expect to have to read a lot to pass the exam? Eleventh Hour CISSP did not have this problem, and is much more listenable。 Listening to this on audiobook made me realize how verbose it is。 It's hard to listen to just because there are so many words。 Were the authors just trying to make a longer book so it sells better for people who expect to have to read a lot to pass the exam? Eleventh Hour CISSP did not have this problem, and is much more listenable。 。。。more

Patrick

I give it 5 stars now。。。 Might change it after the test。haha。

Jorge

Computers were a mistake

Justin

It has the advantages of being comprehensive and the official study guide。 I really liked how chapters overlapped and referred back to each other, which helped remind me of material I’d read previously。 The summary, exam essentials, and review questions were also brilliant at reinforcing what was covered in a chapter。 These elements seem to have been cleverly designed to achieve that revision throughout。However, it was pretty turgid at times - and I read it cover to cover - without much in the w It has the advantages of being comprehensive and the official study guide。 I really liked how chapters overlapped and referred back to each other, which helped remind me of material I’d read previously。 The summary, exam essentials, and review questions were also brilliant at reinforcing what was covered in a chapter。 These elements seem to have been cleverly designed to achieve that revision throughout。However, it was pretty turgid at times - and I read it cover to cover - without much in the way of illustrations and the relatively sparse real-world examples were generally sanitised to the point that they weren’t particularly memorable or enlightening。 It’s good, but there’s room for a bit of improvement。 。。。more

Franco

Essential reading for anyone looking to attempt their CISSP exam。

Chuck

This was a great book and primer to getting my CISSP certification。 It gave me firm understanding of all the major domains needed to pass the test。

Eric

Good read。 Would even go back and read again as a refresher on the cloud technologies section。

John Hollenberger

One of many great resources on the road to the CISSP。

Erik Gaull

This is the only CISSP book worth reading。 It is very thorough albeit a bit on the dry side (really, what did you expect?) 。。。 I think it's a must-read for anyone studying for the CISSP exam。 This is the only CISSP book worth reading。 It is very thorough albeit a bit on the dry side (really, what did you expect?) 。。。 I think it's a must-read for anyone studying for the CISSP exam。 。。。more

Meryl Thomas

One of my senior recommended me this one。https://www。hi8security。com。au/servic。。。 One of my senior recommended me this one。https://www。hi8security。com。au/servic。。。 。。。more

Eliotgriggs

This book is an excellent reference for infosec practitioners。 It was central to my test plan, and I still reference it on occasion to brush up on concepts。

Samuel

This was the reference I used to pass my CISSP。 More info than needed for the exam however very well put together

Jim Reprogle

Lengthy book。 Covers a breadth of topics in the 8 information security domains。 This book is a must read for anyone looking to tackle CISSP certification。 I recommend also getting the practice exams to test your knowledge。 This book will prime you for the topics covered on the exam, but don't take the usual technical exam route of trying to memorize the material。 You really have to know the content and the domains to be successful on the exam。 Lengthy book。 Covers a breadth of topics in the 8 information security domains。 This book is a must read for anyone looking to tackle CISSP certification。 I recommend also getting the practice exams to test your knowledge。 This book will prime you for the topics covered on the exam, but don't take the usual technical exam route of trying to memorize the material。 You really have to know the content and the domains to be successful on the exam。 。。。more

John

I don't put much stock in certifications, but 。 。 。 In the last couple of years I've had to correspond with the CISOs of numerous companies, asking them to fill our security questionnaires, assessing their worthiness to be a business partners on security grounds, and so forth。 And one thing I see is that a lot of these people have the CISSP credential。 I have a related cert, Security+, but this one -- the Certified Information Systems Security Professional -- is what people seem to recognize as I don't put much stock in certifications, but 。 。 。 In the last couple of years I've had to correspond with the CISOs of numerous companies, asking them to fill our security questionnaires, assessing their worthiness to be a business partners on security grounds, and so forth。 And one thing I see is that a lot of these people have the CISSP credential。 I have a related cert, Security+, but this one -- the Certified Information Systems Security Professional -- is what people seem to recognize as the one that has some meaning and value。 So I decided to pursue it。 The quantity of information reminds me of what is required for a master's degree。 The exam used to be 6 hours and you had to get 70% or 75% of the questions right。 Now it is adaptive and takes about 3 hours but that's still a big chunk of time。 It's also not cheap: At $700, it's not one that I want to take twice。 And people apparently fail。 The Facebook group devoted to the CISSP exam is littered with posts from people who have significant experience in technology and yet have failed once, twice, etc。This book seems to be the standard guide for getting it done。 It's about 1,000 pages。 I actually started with the 7th edition, and then, when trying a practice exam for the newest version of the exam, noticed a startling number of concepts not in that edition; so I bought this one, and indeed it is more current and up-to-date, even containing a citation of the great DevOps novel, The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win。I read the whole thing except for the last two chapters (on programming and software security) where I took a gamble and went straight to the chapter-ending quizzes, where I did OK。 (More at the end on skipping chapters regarding what you think you know。) And yet this book is not enough: Based on what I read online, everyone does practice exams, online question drills, watches YouTube videos。 (Tip: The primary author, Mike Chapple, has a decent video series regarding the CISSP on LinkedIn Learning [formerly Lynda。com] on this material -- though thinner。) This all suggests to me that there isn't a lot of intellectual coherence to the certification。 But what can you do? ¯\_(ツ)_/¯ As a former professor, I'd suggest breaking the whole thing up and requiring, say, 5 out of 7 tight subjects for the cert。So what about this book? It is maddening。 It is loaded with useful information。 For example, in a 40 page chapter, its compressed account of how to understand and manage risk seems to be about as good as anything out there (I've read a few) in such a brief compass。 Elsewhere in the book, you will learn about business continuity planning and disaster recovery, security governance, cryptography, ethics, secure software development, and on and on。 The book can most certainly serve as a reference and is worth keeping on your desk after your period of close study。 The vast range of this book and certification suggest to me that our organizations are so profoundly insecure that there is a fantasy that it can all be understood and managed in one role。 Under the hood, I think you could almost get by with a reading of the documentation for NIST 800-53 and a few other federal guidelines。 Oh, that's something else I should mention: Some 25% of the book, I'd wager, comes out of Fed World: You learn a lot about military security classifications, hardened servers, etc。Each chapter is followed by some 20 review questions, and they are pretty shallow。 This is too bad, because supposedly the cert exam itself has questions that go somewhat deeper and ask for judgement and differentiation。 (This is why people use supplements such as the questions from Boson。) The book is incredibly passive-aggressive。 On the hand, the tome expects you to memorize the steps in both the SW-CMM and IDEAL software development models (and use the rather peculiar mnemonic "I 。。。 I, Dr。 Ed, am low(w)" [don't ask] (p。 887)。 Would you ever not look this kind of thing up were it ever relevant to your job? Me, neither。 Elsewhere the book pointedly describes some detail and then says: The exam won't ask you for this level of information。 On the other hand, there is detail you are going to have to know。 For instance, the DES cryptography algorithm has 5 modes, and one of them is tolerant of a block being transmitted incorrectly, so that such errors are not propagated which would break decryption of the remainder。 That's OFB mode。 Remember that。 You're welcome。 You pretty much have no option but to try to memorize everything。 And some of it is, at this point in 2019, genuinely "who cares?" The book seems to want you to know about WEP, but the real message should simply be to destroy any wifi devices that still use WEP。 The book would be some 20% shorter were truly obsolete technologies left out。 (They could replace all that stuff with an advisory that if you are evaluating something defined through acronyms you don't know 。 。 。 look 'em up!)This kind of unevenness in approach to detail is maddening, and eventually you just go "f it" and try to keep as much in your head and hope for the best。Another crazy thing about the book is that there are long lists of things you should do for various things, that seem to be in some order, but the order is not apparent。 So, for example, on p。 67 there is a bullet list of some 30 "threats and vulnerabilities": Viruses 。 。 。 disgruntled employees 。 。 。 natural disasters 。 。 。 buffer overflows 。 。 。 This is ridiculous。 How about grouping these things? This pattern is ubiquitous in the book。 I pity the reader who doesn't already have a leg up on this material。Now, as to skipping chapters if you think you know the topic。 Don't do it。 The bad news is that even for a topic you know, security world has a somewhat different vocabulary, and you are going to have to know their way of understanding things。 For instance, they will use inkhorn/academic terms for concepts that of course you once knew through that vocabulary: While you know that a table's size in rows is a sometimes interesting metric, you're going to have to remember that the term is art is the "degree" of the table。 After many years of programming, you probably have seen timing errors, where a timestamp on a file is checked, but then the file is changed before you use it and the timestamp is stale。 Well, this is called a TOCTTOU or TOC/TOU vulnerability。 Oh, you didn't know that? Well it's in the practice quizzes。 You will have to know the different between a Gantt and a PERT chart。 Etc。I suppose I'll update this review if/when I pass the test。 For now all I can say is that reading this doorstop has probably kept me from reading 6-8 books that would be more important and valuable for my life and career。 。。。more

Ravi

A terrific bible of Information Security。 A must-read for anyone in the field。

A。J。

This was helpful toward passing the exam。 This and the Boson practice exams were my two best resources。