CISSP ® : Certified Information Systems Security Professional Study Guide, Third Edition

Books Details :

Author :James Michael Stewart, Ed Tittel, Mike Chapple
Paperback: 800 pages
Publisher: Sybex; 3 edition (September 9, 2005)
Language: English
ISBN: 0782144438
Product Dimensions: 8.9 x 7.5 x 1.8 inches




Book Description
CISSP Certified Information Systems Security Professional Study Guide

Here's the book you need to prepare for the challenging CISSP exam from (ISC)¯2. This third edition was developed to meet the exacting requirements of today's security certification candidates, and has been thoroughly updated to cover recent technological advances in the field of IT security. In addition to the consistent and accessible instructional approach that readers have come to expect from Sybex, this book provides:

1. Clear and concise information on critical security technologies and topics
2. Practical examples and insights drawn from real-world experience
3. Expanded coverage of key topics such as biometrics, auditing and accountability, and software security testing
4. Leading-edge exam preparation software, including a testing engine and electronic flashcards for your PC, Pocket PC, and Palm handheld

You'll find authoritative coverage of key exam topics including:

1. Access Control Systems & Methodology
2. Applications & Systems Development
3. Business Continuity Planning
4. Cryptography
5. Law, Investigation, & Ethics
6. Operations Security & Physical Security
7. Security Architecture, Models, and Management Practices
8. Telecommunications, Network, & Internet Security

About the Author
James Michael Stewart, CISSP, is a security expert who has authored numerous publications, books, and courseware.

Ed Tittel, CISSP, is a freelance writer and a regular contributor to numerous publications, including C|Net, InfoWorld, and Windows IT Pro. Ed has authored over 130 books.

Mike Chapple, CISSP, is an IT security professional with the University of Notre Dame.

Spotlight Reviews :

Reviewer: M. Grader "Matt" (Upstate New York)

I took this book out from the Air Force Technical Library and found it to be extremely well-written, concise, and an excellent introduction to the field of computer security. When reading this book I felt that the author had an excellent understanding of the material presented and focused on the most important aspects of the subject matter. I have not taken the CISSP yet so I can not comment on how relevant the material is to the exam (as most people know the CISSP is mostly about work experience anyways - not something you learn from a book).

After reading this book I then read the Shon Harris CISSP book I can tell firsthand that this book (Stewart's) is of much better quality. The Shon Harris book shocked me at its lack of structure (many topics are covered multiple times and simple security/network fundamentals are repeated so much that I wanted to scream - literally), extremely simplistic and foolish examples, and very poor quality of writing. After reading both books I have much respect (professionally) for Stewart and very little for Harris.

As for the comments about typos - I did not notice any major typo in the book that took away from the presentation of the material. (So ICMP was misspelled once - who cares?) Overall I thought the quality was much better than the Harris CISSP book (which, itself, has loads of typos and incorrect quiz questions - don't get me started). Overall I would highly recommend this book to others looking to gain a firm understanding and grasp of computer security while preparing for the CISSP exam.

Reviewer: James Michael Stewart "author" (Austin, TX)
I am the primary author on this book.

M. from NY - I appreciate your comments. I appologize for any errors or typos that appear in the text. However, several of the items you mentioned as problems are not so. Yes, there are typos, but you won't find a single book in print that does not have typos. Authors and editors try to eliminate these, but they continue to crop up due to the number of people who handle manuscripts and tools used to get materials into print. Yes, even in multiple editions, old errors can be retained and new errors introduced.

P 54 - yes, ICMP is mis-spelled as IMCP. That is a typo.

P 254 - an relational database does define one to one relationships, such as one item in a column to one item in a row. An RDBMS does not limit the number of rows or columns that can exist in the database. You completely misunderstood the concept. You are confusing the concept that each row can have entries in mulitple columns, and that mulitple rows can exist with values in each column.

P 251, Q 10 - nonvolatile should be volatile, that is a typo. However, RAM is not a sequential access technology, it is dynamic or random access. In fact, that is exactly what the acronym stands for "Random Access Memory". Yes, you can force a computer to access RAM sequentially, but you'll be doing so by creating software code to perform that action, RAM will still be random access no matter what. Tape devices are sequential access. Once again, you are not seeing the concepts clearly.

P277 - yes, CGI is not a language, it is a concept / technique of allowing client input to be received and processed on the Web server by a server-side script or application. This is an error introduced by the editor. CGI scripts or applications can be written in many languages.

P371 - that is a mistake, it should read "...into simple machine lanaguage instructions..."

You have only mentioned 6 issues, two which are your misunderstanding, one which is a simple typo, and three which you are correct they are errors. Your scathing poor review of our work is not justified by the evidence you have presented. I challenge you to find any other CISSP book that is as current and exhaustive as ours which does not have errors. You will not find one.

I will be adding these items to the errata to help ensure these errors are corrected in the next edition. I appreciate your input, you are entitled to your opinion, but I urge you to be realistic and sensible in your critique.

I'll be happy to address anyone's concerns or issues with this book.

We, the authors, editors, and publishers of this book, have worked hard to update and improve the contents of this work in the production of each edition. The CISSP Study Guide 3rd Edition is to date the most current, complete, and exhaustive book for preparing for the CISSP exam.

I must take offense with "Doggers"' review as his statements about my book are false. This book is fully current on all topics and issues on the exam. The exam prep questions are similar to those on the exam. However, there are a few new question types that ISC2 has released onto the exam since the third edition revision of this book was produced. No study guide promises to get you to pass any exam. Failing to understand the topics and to perform sufficient study is not the fault of the authors. If my writing style is not palatable, that is fine, but deriding my work is non-professional. I would be happy to discuss this further if you will contact me. Please consider revising your review to a more appropriate stance.