Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "CISSP All-in-One Certification Exam Guide", Shon Harris

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKCISPA1.RVW 20020503 CISSP All-in-One Certification Exam Guide , Shon Harris, 2002, 0-07-219353-0, U$79.99 %A Shon Harris shonharris@hotmail.com %C 300
    Message 1 of 1 , May 27, 2002
    • 0 Attachment
      BKCISPA1.RVW 20020503

      "CISSP All-in-One Certification Exam Guide", Shon Harris, 2002,
      0-07-219353-0, U$79.99
      %A Shon Harris shonharris@...
      %C 300 Water Street, Whitby, Ontario L1N 9B6
      %D 2002
      %G 0-07-219353-0
      %I McGraw-Hill Ryerson/Osborne
      %O U$79.99 905-430-5000 +1-800-565-5758 fax: 905-430-5020
      %P 971 p. + CD-ROM
      %T "CISSP All-in-One Certification Exam Guide"

      Chapter one is a very reasonable review of the CISSP (Certified
      Information Systems Security Professional) credential, and the (ISC)^2
      (International Information Systems Security Certification Consortium)
      exam process, including recertification. As with most of the chapters
      in the book, it has a set of sample questions, and while I could
      quibble with some, they cover a decent range of topics and a
      representative extent of difficulty. There are resources listed in
      this and other chapters, mostly Web sites. Web sites are, of course,
      most easily accessible, but they also die on a regular basis, and it
      might have been an idea to include references to other books on
      specific topics. It is difficult to see the point of chapter two--an
      opinion-piece level overview of various security related topics.

      Chapter three begins the first of the ten domains of the Common Body
      of Knowledge (CBK) with security management practices. It is obvious
      that the material has been structured and based on the (ISC)^2 CBK
      review course, even to the use of specific tables and diagrams, but
      the material is, at least, enhanced and extended by narrative
      discussion. Access control is explained clearly (and sometimes
      amusingly) in chapter four (although biometrics is generally
      considered to be a form of authentication, not identification). In
      general, the coverage of security architecture and models in chapter
      five is quite useful. However, there is too much emphasis on the old
      "Orange Book" TCSEC (Trusted Computer System Evaluation Criteria) and
      not enough on the newer Common Criteria. (The inclusion of a section
      on computer hardware is also a bit odd.) Chapter six has many of the
      blind spots about physical security common to most computer security
      types (including some erroneous information about Halon from the old
      CBK course). The telecommunications and networking material, in
      chapter seven, presents the underlying concepts well, but for some
      reason fails to address many of the security technologies. The
      explanations of cryptography, in chapter eight, are problematic.
      Fortunately, the content is not necessarily wrong. The author
      obviously is not familiar with this area, and the text in such areas
      as DES (Data Encryption Standard) modes and one way encryption doesn't
      make sense, although it does not necessarily misinform the reader.
      Chapter nine, dealing with business continuity and disaster recovery,
      is reasonable, but not as detailed as other sections. Law,
      Investigation, and ethics is pretty good, although some old crimes and
      the insistence on the salami scam myth are some notable flaws in
      chapter ten. Chapter eleven, applications development, contains the
      basic information but does not always make the connections to
      security. Operations security gets a sensible review in chapter
      twelve.

      The material is much more reliable and better structured than the SRV
      Press books (cf. BKCISPET.RVW), and much more reliable and complete
      than the Andress work (cf. BKCISPEC.RVW). Like the Krutz and Vines
      volume (cf. BKCISPPG.RVW) it is quite obvious that the content and
      organization is copied from the old CBK course (sometimes slavishly),
      although Harris does put more explanatory and narrative substance into
      the text. (Interestingly, there are some indications that this is
      based on an even older version of the course than Krutz and Vines
      used.) Even considering the noted weak areas in this book, it should
      provide a reasonable basis as a study guide for the CISSP exam,
      although those who use only this work should not expect to get a
      particularly high mark.

      copyright Robert M. Slade, 2002 BKCISPA1.RVW 20020503


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Anyone who considers arithmetical methods of producing random
      numbers is, of course, in a state of sin.
      - John Louis von Neumann
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.