Posted by: Tony Bradley
book review, CISSP
Sixth edition. That alone should tell you a lot about this book. There are tons of CISSP exam prep resources out there, and a virtually endless supply of information security books–but very few can claim to be in their sixth edition. The fact that Shon Harris’ CISSP All-In-One Exam Guide is still the #1 CISSP exam guide after all these years is a testament to the knowledge and skills of Harris, and the quality of this book.
Does my praise for the book seem a tad “glowing”? It should. I took the Certified Information Systems Security Professional exam in 2002. I had a strong foundation as an MCSE and Windows network administrator, but the CISSP exam covers an intimidating breadth of information. I used the CISSP All-In-One Exam Guide to prepare for the exam, and passed without any problem. I have been an ardent fan, and evangelist for the book ever since.
Don’t take my word for it. This latest edition includes the following quote from me in the front matter at the beginning of the book: “Shon is brilliant when it comes to network security, and even better at conveying network security concepts to others. Her book, CISSP All-In-One Exam Guide, single-handedly helped me to achieve the CISSP certification, and I recommend her lectures and training materials every chance I get. She has been a tremendous source of advice and support for me, and I highly recommend working or training with Shon to anyone.”
The CISSP certification is still regarded as the de facto credential for information security professionals. It has become table stakes expected of applicants to even get a foot in the door for potential information security roles. The exam itself is a grueling six hours, but if you’ve prepared yourself with this book you don’t need to stress about it.
About The Book
If you get past the first chapter and you still want to be an information security professional, buckle up. The CISSP exam is broken into ten domains, and Harris delves into each one in painstaking detail. The book covers Information Security Governance and Risk Management; Access Control; Security Architecture and Design; Physical and Environmental Security; Telecommunications and Network Security; Cryptography; Business Continuity and Disaster Recovery; Legal, Regulation, Compliance, and Investigations; Software Development Security; and Security Operations.
One of the things that I appreciated when using the book to study for my own exam is that Harris doesn’t just teach the test. The reason the book is so thick is that she provides detailed explanations and walks you through the hows and whys of information security. The book makes no assumptions about what you may or may not already know, and provides the details to reinforce the knowledge you need for the exam with the underlying foundation you need to actually put it to use in the real world. That isn’t to say that it’s the only resource you’ll ever need. The CISSP covers a broad range of information by design, but it’s not meant to make you an expert in any particular domain.
Each chapter ends with practice questions (the answers are in Appendix A), and the book includes a CD with additional training and practice exams.
If you’re familiar with the field of information security–or technology in general–then you’re aware that the only constant is change…rapid change. There are certainly core elements of information security that have remained the same from the first edition to the sixth edition of this book, but the reason there is a sixth edition at all is because information security is constantly changing. Harris does a superb job of staying on top of those changes, and incorporating them into this book to ensure the CISSP All-In-One Exam Guide remains the best resource available for potential CISSP candidates.