The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first. | |
 |
Home Recent reviews Collected book news Welcome to this site Add your own book |
Book details of 'The CISSP Prep Guide: Mastering the Ten Domains of Computer Security'
| Title | The CISSP Prep Guide: Mastering the Ten Domains of Computer Security |
| Author(s) | Ronald L. Krutz, Russell Dean Vines, Edward M. Stroz |
| ISBN | 0471413569 |
| Language | English |
| Published | August 2001 |
| Publisher | John Wiley & Sons |
Back to shelf Computer security
Amazon.com info for The CISSP Prep Guide: Mastering the Ten Domains of Computer Security
Score:
Vote for this bookThe Virtual Bookcase Reviews of 'The CISSP Prep Guide: Mastering the Ten Domains of Computer Security':
Reviewer amazon.com wrote:The Certified Information Systems Security Professional (CISSP) rating is difficult to earn and rare in the marketplace, which means you're a valuable commodity if you've proven your skills by passing the exam. The CISSP Prep Guide, one of only a handful of books on its subject, does a good job of giving readers a feel for the scope of the test and the style of its questions. It's ideal for use either as a preliminary survey of the CISSP subject areas (the test's publisher and the authors of this book call them "domains") for relative newcomers to computer security, or as a pure study guide to help more experienced professionals zero in on the weak spots in their knowledge. Don't expect to do well on the CISSP exam having only read this book. You'll want to have some practical experience and some specialized reading under your belt.Ronald Krutz and Russell Vines are good writers and fine teachers; they explain the wide-ranging CISSP domains (which have to do with everything from cryptographic algorithms to fire-suppression techniques to legal principles). They take care to explain potentially unfamiliar terms--there's a good glossary in the back of this book--and employ conceptual diagrams well. However, the answer keys for the sample questions that conclude each chapter aren't annotated and some readers will wish for more references to specialized sources. --David Wall Topics covered: The subjects covered by the Certified Information Systems Security Professional (CISSP) exam published by the International Information Systems Security Certification Consortium, including cryptography, access control, security policy, legal matters, and the physical safety of information, equipment, and people.
Reviewer Rob Slade wrote:
Of late there has been a significant increase in interest in the CISSP (Certified Information Systems Security Professional) exam and designation produced by the (ISC)^2 (International Information Systems Security Certification Consortium). The CISSP exam is based on the Common Body of Knowledge (CBK) which, as the name implies, is that information assumed to be customarily known by those qualified or experienced in the field of computer security. Since the (ISC)^2 also runs courses based on the CBK, many people seem to feel that there is some trick or secret to passing the exam. Krutz and Vines appear to want to foster this myth, since the first sentence of the introduction states that this book holds the "key to unlocking the secrets of the world of information systems security." If true, this assertion would make a mockery of the (ISC)^2 requirement for three years' work experience, and the insistence that no one book holds the entire CBK. The introduction also states that this work is intended as a preparatory guide for CISSP students, a reference for students of other information security courses, and a manual in security basics and emerging technologies for security professionals. That's a rather tall order. For those who have seen the (ISC)^2 CBK course materials, it is immediately obvious where the structure of the book, and most of the content, originates. Much of the text is in point form, following the slides used in the CBK, with only minor expansion to explain the elements. Discussion of concepts is limited, and some of the detail provided is of questionable value. In addition, while the CBK is a substantial and useful work, the (ISC)^2 course structure does suffer, over time, as areas are added or amended, and the strict adherence to that order, which can be smoothed over in a seminar, makes the book very jumpy in places. Security management practices, in chapter one, is rather choppy, and access control, in chapter two, is even worse in this regard. Each chapter covers one of the ten domains of the CBK. These topics tend to overlap in places, but there is little attempt to explain, reconcile, or reference duplicated material. Both chapter two and telecommunications and network security, in chapter three, address intrusion detection systems, but neither section refers to the other. (Telecom and networks is a large topic, and would have benefitted from some attempt at reorganization.) Chapter four describes many details of cryptography. While the particulars provided are correct, the lack of background reduces the value of the text. Security architecture and models, in chapter five, defines most of the terms, but does not give a complete picture of the topic. Operations security generally involves the coordination of a number of individually simple aspects, so chapter six deals with the topic adequately. The same minimalist denotation of points does not work as well for applications and systems development, in chapter seven. (In addition, it is disturbing to see that discussion of viruses has been completely excluded, particularly in view of the fact that the subject has greater representation in the CISSP exam than in the CBK course itself.) Again, business continuity and disaster recovery planning involve a number of basic operations, so chapter eight provides reasonable coverage. Chapter nine's review of law, investigation, and ethics is terse, but not out of line with the requirements of the exam. Physical security, in chapter ten, is covered better than most other areas. There are a number of appendices. A glossary is taken from the old (1985) US government glossary, with a few additions. There is an overview of the old "Rainbow" series of security manuals. An essay on using the Capability Maturity Model (CMM) with the Health Information Portability and Accountability Act (HIPAA) will possibly be of interest to a very select group. There is an overview of the National Security Agency (NSA) Infosec Assessment Methodology, a simplistic look at penetration testing, and a ludicrously brief list of the contents of British Standard 7799. The examination of the Common Criteria is slightly better, but not sufficient to address the needs of the CISSP exam. A list of references for further study is basically taken from the (ISC)^2 resource list with some added URLs, and is not annotated. Oddly, the illustrations are not copied from the CBK course, and table and section headings relate very poorly to the surrounding text. Practice with sample questions can be important in preparing for the CISSP exam. Those provided by the CBK course, and even the independent www.cccure.org site, are very similar in tone, style, and difficulty, to those on the exam. The specimen questions in this book, however, are not. The quizzes are simplistic reading checks and definition queries, with none of the complexity of the exam, and requiring little in the way of judgment. The full list of questions is given again in appendix C, with answers: the solutions are sometimes explained, but often are not. For those studying for the CISSP exam, this book does provide a guide to the topics to be covered. If you are confident that you know more than the book at every point, you should be in good shape to sit the exam: if not, you will have to get help somewhere else. If you are studying for another security course, or are a security professional, this work will not have much to offer you. copyright Robert M. Slade, 2001
Add my review for The CISSP Prep Guide: Mastering the Ten Domains of Computer Security