(ISC)² CISSP Certified Information Systems Security Professional Official Study Guide

(ISC)² CISSP Certified Information Systems Security Professional Official Study Guide

  • Downloads:7058
  • Type:Epub+TxT+PDF+Mobi
  • Create Date:2021-03-13 08:12:16
  • Update Date:2025-09-06
  • Status:finish
  • Author:Mike Chapple
  • ISBN:B07CG86947
  • Environment:PC/Android/iPhone/iPad/Kindle
  • Download

Summary

CISSP Study Guide -  fully updated for the 2018 CISSP Body of Knowledge

CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 8th Edition has been completely updated for the latest 2018 CISSP Body of Knowledge。 This bestselling Sybex study guide covers 100% of all exam objectives。 You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more。 Reinforce what you've learned with key topic exam essentials and chapter review questions。

Along with the book, you also get access to Sybex's superior online interactive learning environment that includes:

Four unique 250 question practice exams to help you identify where you need to study more。 Get more than 90 percent of the answers correct, and you're ready to take the certification exam。 More than 650 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam

Coverage of all of the exam topics in the book means you'll be ready for:

Security and Risk Management Asset Security Security Engineering Communication and Network Security Identity and Access Management Security Assessment and Testing Security Operations Software Development Security

Download

Reviews

Meryl Thomas

One of my senior recommended me this one。https://www。hi8security。com。au/servic。。。 One of my senior recommended me this one。https://www。hi8security。com。au/servic。。。 。。。more

Samuel

This was the reference I used to pass my CISSP。 More info than needed for the exam however very well put together

Jim Reprogle

Lengthy book。 Covers a breadth of topics in the 8 information security domains。 This book is a must read for anyone looking to tackle CISSP certification。 I recommend also getting the practice exams to test your knowledge。 This book will prime you for the topics covered on the exam, but don't take the usual technical exam route of trying to memorize the material。 You really have to know the content and the domains to be successful on the exam。 Lengthy book。 Covers a breadth of topics in the 8 information security domains。 This book is a must read for anyone looking to tackle CISSP certification。 I recommend also getting the practice exams to test your knowledge。 This book will prime you for the topics covered on the exam, but don't take the usual technical exam route of trying to memorize the material。 You really have to know the content and the domains to be successful on the exam。 。。。more

John

I don't put much stock in certifications, but 。 。 。 In the last couple of years I've had to correspond with the CISOs of numerous companies, asking them to fill our security questionnaires, assessing their worthiness to be a business partners on security grounds, and so forth。 And one thing I see is that a lot of these people have the CISSP credential。 I have a related cert, Security+, but this one -- the Certified Information Systems Security Professional -- is what people seem to recognize as I don't put much stock in certifications, but 。 。 。 In the last couple of years I've had to correspond with the CISOs of numerous companies, asking them to fill our security questionnaires, assessing their worthiness to be a business partners on security grounds, and so forth。 And one thing I see is that a lot of these people have the CISSP credential。 I have a related cert, Security+, but this one -- the Certified Information Systems Security Professional -- is what people seem to recognize as the one that has some meaning and value。 So I decided to pursue it。 The quantity of information reminds me of what is required for a master's degree。 The exam used to be 6 hours and you had to get 70% or 75% of the questions right。 Now it is adaptive and takes about 3 hours but that's still a big chunk of time。 It's also not cheap: At $700, it's not one that I want to take twice。 And people apparently fail。 The Facebook group devoted to the CISSP exam is littered with posts from people who have significant experience in technology and yet have failed once, twice, etc。This book seems to be the standard guide for getting it done。 It's about 1,000 pages。 I actually started with the 7th edition, and then, when trying a practice exam for the newest version of the exam, noticed a startling number of concepts not in that edition; so I bought this one, and indeed it is more current and up-to-date, even containing a citation of the great DevOps novel, The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win。I read the whole thing except for the last two chapters (on programming and software security) where I took a gamble and went straight to the chapter-ending quizzes, where I did OK。 (More at the end on skipping chapters regarding what you think you know。) And yet this book is not enough: Based on what I read online, everyone does practice exams, online question drills, watches YouTube videos。 (Tip: The primary author, Mike Chapple, has a decent video series regarding the CISSP on LinkedIn Learning [formerly Lynda。com] on this material -- though thinner。) This all suggests to me that there isn't a lot of intellectual coherence to the certification。 But what can you do? ¯\_(ツ)_/¯ As a former professor, I'd suggest breaking the whole thing up and requiring, say, 5 out of 7 tight subjects for the cert。So what about this book? It is maddening。 It is loaded with useful information。 For example, in a 40 page chapter, its compressed account of how to understand and manage risk seems to be about as good as anything out there (I've read a few) in such a brief compass。 Elsewhere in the book, you will learn about business continuity planning and disaster recovery, security governance, cryptography, ethics, secure software development, and on and on。 The book can most certainly serve as a reference and is worth keeping on your desk after your period of close study。 The vast range of this book and certification suggest to me that our organizations are so profoundly insecure that there is a fantasy that it can all be understood and managed in one role。 Under the hood, I think you could almost get by with a reading of the documentation for NIST 800-53 and a few other federal guidelines。 Oh, that's something else I should mention: Some 25% of the book, I'd wager, comes out of Fed World: You learn a lot about military security classifications, hardened servers, etc。Each chapter is followed by some 20 review questions, and they are pretty shallow。 This is too bad, because supposedly the cert exam itself has questions that go somewhat deeper and ask for judgement and differentiation。 (This is why people use supplements such as the questions from Boson。) The book is incredibly passive-aggressive。 On the hand, the tome expects you to memorize the steps in both the SW-CMM and IDEAL software development models (and use the rather peculiar mnemonic "I 。。。 I, Dr。 Ed, am low(w)" [don't ask] (p。 887)。 Would you ever not look this kind of thing up were it ever relevant to your job? Me, neither。 Elsewhere the book pointedly describes some detail and then says: The exam won't ask you for this level of information。 On the other hand, there is detail you are going to have to know。 For instance, the DES cryptography algorithm has 5 modes, and one of them is tolerant of a block being transmitted incorrectly, so that such errors are not propagated which would break decryption of the remainder。 That's OFB mode。 Remember that。 You're welcome。 You pretty much have no option but to try to memorize everything。 And some of it is, at this point in 2019, genuinely "who cares?" The book seems to want you to know about WEP, but the real message should simply be to destroy any wifi devices that still use WEP。 The book would be some 20% shorter were truly obsolete technologies left out。 (They could replace all that stuff with an advisory that if you are evaluating something defined through acronyms you don't know 。 。 。 look 'em up!)This kind of unevenness in approach to detail is maddening, and eventually you just go "f it" and try to keep as much in your head and hope for the best。Another crazy thing about the book is that there are long lists of things you should do for various things, that seem to be in some order, but the order is not apparent。 So, for example, on p。 67 there is a bullet list of some 30 "threats and vulnerabilities": Viruses 。 。 。 disgruntled employees 。 。 。 natural disasters 。 。 。 buffer overflows 。 。 。 This is ridiculous。 How about grouping these things? This pattern is ubiquitous in the book。 I pity the reader who doesn't already have a leg up on this material。Now, as to skipping chapters if you think you know the topic。 Don't do it。 The bad news is that even for a topic you know, security world has a somewhat different vocabulary, and you are going to have to know their way of understanding things。 For instance, they will use inkhorn/academic terms for concepts that of course you once knew through that vocabulary: While you know that a table's size in rows is a sometimes interesting metric, you're going to have to remember that the term is art is the "degree" of the table。 After many years of programming, you probably have seen timing errors, where a timestamp on a file is checked, but then the file is changed before you use it and the timestamp is stale。 Well, this is called a TOCTTOU or TOC/TOU vulnerability。 Oh, you didn't know that? Well it's in the practice quizzes。 You will have to know the different between a Gantt and a PERT chart。 Etc。I suppose I'll update this review if/when I pass the test。 For now all I can say is that reading this doorstop has probably kept me from reading 6-8 books that would be more important and valuable for my life and career。 。。。more

Ravi

A terrific bible of Information Security。 A must-read for anyone in the field。

A。J。

This was helpful toward passing the exam。 This and the Boson practice exams were my two best resources。

Reference

google book https://www.google.com/search?tbm=bks&q=(ISC)² CISSP Certified Information Systems Security Professional Official Study Guide

hathitrust digital library https://babel.hathitrust.org/cgi/ls?q1=(ISC)² CISSP Certified Information Systems Security Professional Official Study Guide&field1=ocr&a=srchls&ft=ft&lmt=ft

The British Library https://bll01.primo.exlibrisgroup.com/discovery/search?query=any,contains,(ISC)² CISSP Certified Information Systems Security Professional Official Study Guide&tab=LibraryCatalog&search_scope=Not_BL_Suppress&vid=44BL_INST:BLL01&lang=en&offset=0