Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Mike Meyers' Certification Passport CISSP", Shon Harris

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKMMCISP.RVW 20021106 Mike Meyers Certification Passport CISSP , Shon Harris, 2002, 0-07-222578-5, U$29.99/C$44.95 %A Shon Harris shonharris@hotmail.com
    Message 1 of 1 , Jan 13, 2003
    • 0 Attachment
      BKMMCISP.RVW 20021106

      "Mike Meyers' Certification Passport CISSP", Shon Harris, 2002,
      0-07-222578-5, U$29.99/C$44.95
      %A Shon Harris shonharris@... www.intenseschool.com
      %C 300 Water Street, Whitby, Ontario L1N 9B6
      %D 2002
      %G 0-07-222578-5
      %I McGraw-Hill Ryerson/Osborne
      %O U$29.99/C$44.95 +1-800-565-5758 +1-905-430-5134 fax: 905-430-5020
      %O http://www.amazon.com/exec/obidos/ASIN/0072225785/robsladesinterne
      %P 422 p.
      %T "Mike Meyers' Certification Passport CISSP"

      There is a "Check-In" foreword, which seems to be about the series,
      and an introduction that provides a very terse overview of the CISSP
      (Certified Information Systems Security Professional) exam.

      The book consists of ten chapters, one for each of the CBK (Common
      Body of Knowledge) domains. "Security Management Practices"
      demonstrates that the book is perhaps a bit too thin: illustrations
      and other materials from Harris' "All-in-One" guide (cf. BKCISPA1.RVW)
      appear, but most of the tutorial material is vague and generic. (When
      covering "controls," a vital concept in this domain, the text provides
      an "exam tip" that controls should be visible enough to deter
      misdeeds, but not visible enough to be avoided, but completely
      neglects the second axis of the control matrix, which covers
      deterrence, detection, and so forth.) The review questions at the end
      of the chapter are better than some, but still quite simplistic. As
      well as being limited, the content is suspect in places: a "cognitive
      password" is very insecure, and why would a retina scanner blow air
      into your eye? The "Computers 101" part of "Security Architecture and
      Models" is all right, although very brief and with significant gaps,
      but the formal models are simplified to a problematic extent (and the
      explanation of lattice models is flatly wrong). The "Physical
      Security" chapter is probably adequate for study purposes. Even after
      all of the above, I was surprised at how poor the material in
      "Telecommunications and Networking Security" was. The TCP/IP content
      is definitely insufficient, and specific errors are made in a number
      of areas (such as the ability of PPTP [Point-to-Point Tunneling
      Protocol] to encrypt data). "Cryptography" is limited to little more
      than the terms involved, and it is odd how much space is wasted on
      editorial comment. (The text could also use a bit more organization:
      a number of topics appear, in isolation, at a fair distance away from
      related items.) "Disaster Recovery and Business Continuity" is terse,
      but possibly sufficient for study purposes. The material in "Law,
      Investigation, and Ethics" is problematic: it appears to be somewhat
      dated and has some important gaps, such as corporate liability,
      interviewing, and the process of incident response. A great deal of
      the content in "Application Development" seems to have been parroted
      without any understanding: the iterative class of systems development
      models are not collected, the spiral model description is incorrectly
      described, the point of Java as a hybrid of compilation and
      interpretation seems to have been completely lost, and the malware
      text is rife with errors. "Operations Security" doesn't have as many
      mistakes, but it seems to be pretty much of an unorganized grab bag of
      topics.

      Yes, I can see the need (or desire) for a short and quick reference to
      the CISSP CBK. However, if you are going to take on that task, you
      have to make every single word (and figure) count. This book doesn't.
      Since McGraw-Hill also published "CISSP All-in-One Certification Exam
      Guide" they should probably have heeded the old dictum that "if it
      ain't broke, don't fix it." As it is, this work is well back in the
      CISSP pack, along with "Secured Computing" (cf. BKSCDCMP.RVW) and
      "CISSP for Dummies" (cf. BKCISPDM.RVW).

      copyright Robert M. Slade, 2002 BKMMCISP.RVW 20021106


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      The biggest conspiracy has always been the fact that there is no
      conspiracy. Nobody's out to get you. Nobody gives a shit whether
      you live or die. There, you feel better now? - Dennis Miller
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.