The Security Detail

Feb 7 2013   2:10PM GMT

Book Review: CISSP All-In-One Exam Guide (Sixth Edition)

Tony Bradley Tony Bradley Profile: Tony Bradley

Sixth edition. That alone should tell you a lot about this book. There are tons of CISSP exam prep resources out there, and a virtually endless supply of information security books–but very few can claim to be in their sixth edition. The fact that Shon Harris’ CISSP All-In-One Exam Guide is still the #1 CISSP exam guide after all these years is a testament to the knowledge and skills of Harris, and the quality of this book.

Does my praise for the book seem a tad “glowing”? It should. I took the Certified Information Systems Security Professional exam in 2002. I had a strong foundation as an MCSE and Windows network administrator, but the CISSP exam covers an intimidating breadth of information. I used the CISSP All-In-One Exam Guide to prepare for the exam, and passed without any problem. I have been an ardent fan, and evangelist for the book ever since.

Don’t take my word for it. This latest edition includes the following quote from me in the front matter at the beginning of the book: “Shon is brilliant when it comes to network security, and even better at conveying network security concepts to others. Her book, CISSP All-In-One Exam Guide, single-handedly helped me to achieve the CISSP certification, and I recommend her lectures and training materials every chance I get. She has been a tremendous source of advice and support for me, and I highly recommend working or training with Shon to anyone.”

The CISSP certification is still regarded as the de facto credential for information security professionals. It has become table stakes expected of applicants to even get a foot in the door for potential information security roles. The exam itself is a grueling six hours, but if you’ve prepared yourself with this book you don’t need to stress about it.

About The Book

At first glance, the book seems more overwhelming than the exam itself. I swear each edition of the book gets a little longer. The sixth edition comes in at nearly 1,500 pages. It’s an intimidating three inches of small print text packed cover to cover with information you need to know to pass the CISSP exam.I like that Shon opens the book with a discussion of what it means to be a CISSP. She covers the million dollar question “Why become a CISSP?” right on page one. Someone considering a career in information security should just peruse the first chapter of this book at their local library or corner book store to get an idea of what they’re getting themselves into.

If you get past the first chapter and you still want to be an information security professional, buckle up. The CISSP exam is broken into ten domains, and Harris delves into each one in painstaking detail. The book covers Information Security Governance and Risk Management; Access Control; Security Architecture and Design; Physical and Environmental Security; Telecommunications and Network Security; Cryptography; Business Continuity and Disaster Recovery; Legal, Regulation, Compliance, and Investigations; Software Development Security; and Security Operations.

One of the things that I appreciated when using the book to study for my own exam is that Harris doesn’t just teach the test. The reason the book is so thick is that she provides detailed explanations and walks you through the hows and whys of information security. The book makes no assumptions about what you may or may not already know, and provides the details to reinforce the knowledge you need for the exam with the underlying foundation you need to actually put it to use in the real world. That isn’t to say that it’s the only resource you’ll ever need. The CISSP covers a broad range of information by design, but it’s not meant to make you an expert in any particular domain.

Each chapter ends with practice questions (the answers are in Appendix A), and the book includes a CD with additional training and practice exams.

If you’re familiar with the field of information security–or technology in general–then you’re aware that the only constant is change…rapid change. There are certainly core elements of information security that have remained the same from the first edition to the sixth edition of this book, but the reason there is a sixth edition at all is because information security is constantly changing. Harris does a superb job of staying on top of those changes, and incorporating them into this book to ensure the CISSP All-In-One Exam Guide remains the best resource available for potential CISSP candidates.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: