REVIEW: "CISSP All-in-One Certification Exam Guide", Shon Harris
From: Rob Slade, doting grandpa of Ryan and Trevor (rslade@sprint.ca)Date: 05/27/02
- Next message: Rob Warnock: "Re: Biometric authentication for intranet websites?"
- Previous message: svek: "Re: Unhackable Network ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: rslade@sprint.ca (Rob Slade, doting grandpa of Ryan and Trevor) Date: Mon, 27 May 2002 14:36:23 GMT
BKCISPA1.RVW 20020503
"CISSP All-in-One Certification Exam Guide", Shon Harris, 2002,
0-07-219353-0, U$79.99
%A Shon Harris shonharris@hotmail.com
%C 300 Water Street, Whitby, Ontario L1N 9B6
%D 2002
%G 0-07-219353-0
%I McGraw-Hill Ryerson/Osborne
%O U$79.99 905-430-5000 +1-800-565-5758 fax: 905-430-5020
%P 971 p. + CD-ROM
%T "CISSP All-in-One Certification Exam Guide"
Chapter one is a very reasonable review of the CISSP (Certified
Information Systems Security Professional) credential, and the (ISC)^2
(International Information Systems Security Certification Consortium)
exam process, including recertification. As with most of the chapters
in the book, it has a set of sample questions, and while I could
quibble with some, they cover a decent range of topics and a
representative extent of difficulty. There are resources listed in
this and other chapters, mostly Web sites. Web sites are, of course,
most easily accessible, but they also die on a regular basis, and it
might have been an idea to include references to other books on
specific topics. It is difficult to see the point of chapter two--an
opinion-piece level overview of various security related topics.
Chapter three begins the first of the ten domains of the Common Body
of Knowledge (CBK) with security management practices. It is obvious
that the material has been structured and based on the (ISC)^2 CBK
review course, even to the use of specific tables and diagrams, but
the material is, at least, enhanced and extended by narrative
discussion. Access control is explained clearly (and sometimes
amusingly) in chapter four (although biometrics is generally
considered to be a form of authentication, not identification). In
general, the coverage of security architecture and models in chapter
five is quite useful. However, there is too much emphasis on the old
"Orange Book" TCSEC (Trusted Computer System Evaluation Criteria) and
not enough on the newer Common Criteria. (The inclusion of a section
on computer hardware is also a bit odd.) Chapter six has many of the
blind spots about physical security common to most computer security
types (including some erroneous information about Halon from the old
CBK course). The telecommunications and networking material, in
chapter seven, presents the underlying concepts well, but for some
reason fails to address many of the security technologies. The
explanations of cryptography, in chapter eight, are problematic.
Fortunately, the content is not necessarily wrong. The author
obviously is not familiar with this area, and the text in such areas
as DES (Data Encryption Standard) modes and one way encryption doesn't
make sense, although it does not necessarily misinform the reader.
Chapter nine, dealing with business continuity and disaster recovery,
is reasonable, but not as detailed as other sections. Law,
Investigation, and ethics is pretty good, although some old crimes and
the insistence on the salami scam myth are some notable flaws in
chapter ten. Chapter eleven, applications development, contains the
basic information but does not always make the connections to
security. Operations security gets a sensible review in chapter
twelve.
The material is much more reliable and better structured than the SRV
Press books (cf. BKCISPET.RVW), and much more reliable and complete
than the Andress work (cf. BKCISPEC.RVW). Like the Krutz and Vines
volume (cf. BKCISPPG.RVW) it is quite obvious that the content and
organization is copied from the old CBK course (sometimes slavishly),
although Harris does put more explanatory and narrative substance into
the text. (Interestingly, there are some indications that this is
based on an even older version of the course than Krutz and Vines
used.) Even considering the noted weak areas in this book, it should
provide a reasonable basis as a study guide for the CISSP exam,
although those who use only this work should not expect to get a
particularly high mark.
copyright Robert M. Slade, 2002 BKCISPA1.RVW 20020503
-- ====================== rslade@vcn.bc.ca rslade@sprint.ca slade@victoria.tc.ca p1@canada.com Find virus, book info http://victoria.tc.ca/techrev/rms.htm Mirrored at http://sun.soci.niu.edu/~rslade/rms.htm Review mailing list: send mail to techbooks-subscribe@egroups.com Robert Slade's Guide to Computer Viruses, 0-387-94663-2 (800-SPRINGER) Viruses Revealed http://viruses-revealed.org.uk or http://www.amazon.com/exec/obidos/ASIN/0072130903
- Next message: Rob Warnock: "Re: Biometric authentication for intranet websites?"
- Previous message: svek: "Re: Unhackable Network ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
