The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'CISSP for Dummies'

Cover of CISSP for Dummies
TitleCISSP for Dummies
Author(s)Lawrence Miller, Peter Gregory
ISBN0764516701
LanguageEnglish
PublishedSeptember 2002
PublisherJohn Wiley & Sons
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer
Amazon.com info for CISSP for Dummies

Score:

Vote for this book

The Virtual Bookcase Reviews of 'CISSP for Dummies':

Reviewer Rob Slade wrote:
A 'cheat sheet' is bound into the front of the book. It offers some general advice for taking the CISSP (Certified Information Systems Security Professional) exam, the most useful aspect of which is to prepare. Most of the tips are vague, such as the suggestion to budget your time, or review CISSP resources, without any information about what factors should be considered in time management or where to find resources. Some tips are overly specific, such as the recommendation that you bring a big bottle of water. (Yes, six hours is a long time for the exam, and, yes, you may need refreshment. The tip does not mention that proctors vary in rigour when applying the exam regulations, and may not allow bottles of water at the test tables. Besides which, only one person may be excused from the room at any one time.) Part one reviews the CISSP exam itself. At the beginning of chapter one, the authors point out that some CISSP study guides are too hard, and some CISSP study guides are too soft, but this book is just right. Then it moves on to information about (ISC)^2 (the International Information Systems Security Certification Consortium), arrangements for the exam, and some study tips. The material is more up-to-date than in other CISSP study guides, but the text is badly written, duplicating content and repeating itself, possibly because the structure and organization is weak. The suggestions and information are reasonable, although occasionally questionable: the recommendations for study guides and practice exams are rather weak. Chapter two briefly lists the ten domains of the common body of knowledge (CBK), and is really only an expanded table of contents for the chapters in the next section. Part two describes the ten domains in detail. Chapter three covers most of access control, but unevenly. Given the constraints that the authors themselves mention (the CISSP CBK is a mile wide and an inch deep), too much space is devoted to a simplistic set of password choice rules, an excellent (but, in this situation, overlong) review of Kerberos, and a number of jokes which are not going to help candidates remember important points, and may very well confuse the issues. Some material is problematic, such as the discussion of security "domains" that follows the Microsoft networking model rather than the Bell-LaPadula derived structure that the CBK requires, and a baffling non-explanation of the lattice model. (There are also a number of perplexing inclusions, such as a cross-reference to cryptography in the introduction to single sign-on systems.) Telecommunications and network security is presented in chapter four. The authors have used the OSI (Open Systems Interconnection) model to structure the discussion of various technologies: an interesting concept, but one which is flawed by the fact that a number of topics are placed in the wrong level. (Media access and packet switching, for example, are listed in the data link layer, rather than the physical and network layers, respectively.) There are also problematic references to "native" PPP (Point-to-Point Protocol) encryption, and an assertion that ICMP (Internet *Control* Message Protocol) packets are not required for network operations. The basics of security management are covered in chapter five, but very tersely. The major standards are not listed here: the Common Criteria is mentioned briefly in chapter eight (security architecture) but British Standard 7799/ISO (International Standards Organization) 17799 is not listed at all. The set of roles and responsibilities is short and risk analysis terms are not well defined. This must be considered a serious weakness in the book, since security management is very important in the CISSP exam. Application development is dealt with briefly and poorly: again, this is an area where many CISSP candidates do need extra help, and they won't get it here. System development methods are not discussed at all, and the malware section is full of errors. (Each chapter lists a set of books for extra research: I should note that neither of the virus books listed at the ISC2 site appear on the list for this chapter. In fact, the bibliography is rather short overall: Krutz and Vines "The CISSP Prep Guide" (see reviews) which is not much better than the current work, is listed in every set.) There are also odd inclusions from other domains, such as almost a full page devoted to the SYN flood attack, which was adequately explained in a paragraph in chapter four. The material on cryptography, in chapter seven, lists all the terms and technologies, but has poor or non-existent explanations, mathematical errors, and the authors obviously do *not* understand S-boxes. (The process described would not allow for decryption.) There is too much text about CPUs (Central Processing Units), and too little on distributed systems, formal models, and the various evaluation criteria in chapter eight's review of security architecture. Operations security, in chapter nine, seems to be a collection of random topics, with a fair concentration on audit logs. Chapter ten's overview of Business Continuity Planning (BCP) is not bad, although a bit shy on details. (The vital topic of backups, for example, is mentioned only long enough to say that you should have one, and the various types, with varying strengths and weaknesses, are not discussed at all.) Law, investigation, and ethics is reasonable, although the list of specific privacy laws is probably not too helpful (and I rather suspect that the authors got taken in by the "Desert Storm Virus" myth). Most of the material on physical security, in chapter twelve, appears to have been copied from some other source without much understanding: the sections on visibility, capacitance sensors, and UPSes (Uninterruptable Power Supplies) are among those that contain errors or seem to miss the major points. Part three is the usual "dummies" "part of tens." Chapter thirteen relists the ten domains. (Didn't we do this already?) Ten other security certifications are recorded in chapter fourteen. Websites are given in chapter fifteen: three are actually useful. The cheat sheet and chapter one are reprised in sixteen and seventeen. One of the books listed in chapter eighteen ("Security Engineering," by Ross Anderson, cf. BKSECENG.RVW) would be very useful for exam candidates. Sample test questions are a big part of every CISSP study book (in the case of Peltier and Howard's "The Total CISSP Exam Prep Book," in fact, the *only* part). This book has both its own set of questions, and a set from the Boson exams. As I have said elsewhere, the Boson exams are not necessarily wrong, but they are far too simplistic to be considered adequate preparation for the CISSP exam, and the answer guides are completely tied to "Secured Computing" (see reviews). If any set of questions are simpler, and therefore less useful, than the Boson set, they are the ones listed in this book. And, like the Boson collection, the answers are completely self-referential. Like Andress' "CISSP Exam Cram" (see reviews), this text does sometimes simply list the terminology, although Miller and Gregory are somewhat more complete and do provide greater explanations of the domains themselves. It would be hard to make a distinction between this volume and "Secured Computing": Miller and Gregory provide *some* outside references but Endorf makes fewer errors. As previously noted, Krutz and Vines do not give the reader much in the way of explanatory material, but they do cover the domains more comprehensively than the current work. Harris' "CISSP All-in-One Certification Exam Guide" is, as noted (see reviews), the one guide that might get you through the CISSP exam, albeit not necessarily with high marks: Miller and Gregory might get you through, but only if you stood a pretty good chance without the volume. copyright Robert M. Slade, 2002
Add my review for CISSP for Dummies

Book description:

* Includes quick assessment tests at the beginning of each chapter as well as a prep test at the end. * Presents the material in a down-to-earth, jargon-free style for real studying and understanding. * Provides hundreds of randomly generated test questions on the enclosed CD-ROM. * Offers timed and untimed versions of the practice tests on the CD-ROM.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement