58 von 59 Kunden fanden die folgende Rezension hilfreich
- Veröffentlicht auf Amazon.com
Obviously I am biased since I am a fellow SANS instructor, but will try to support my thoughts with data. I agree with another poster that the one star ratings are unfair, especially the guy that had not read the book; too funny. Well I have read the book, cover to cover on airplanes and some sections I have read twice. Why four stars? I am concerned that if this is the only CISSP prep you have, you will not be fully prepared for the exam. On the other hand, if you have taken a CISSP review course or read another book, this will be a great supplemental tool. I am a big fan of the Shawn Harris CISSP prep book as well, but you really can't take that monster with you on a trip, this book fit right in my carry on outside pocket.
OK, let's drill down into the book:
Ch 1: How to pass the exam, 5*s, clear and practical
Ch 2: Information Security Governance, 5*s, complete, concise, nothing missing that I can see
Ch 3: Access Control: 4*s, this chapter gets a bit muddy, the authors chose to cover some of the data flow access models in Ch 6 which is fine. First half of the chapter is true to the spirit of the book, the types of attackers section seems to be a touch superficial, thought the Metasploit "Point, click and root" was a chuckle.
Ch 4:Cryptography, 5*s, in my view this is the strongest chapter in the book, clearest explanations I have ever seen with one exception, in 2nd edition I would rework the Vienere Cipher section.
Ch 5: Physical Security, 5*s, complete, concise, let's you review the material in the shortest amount of time
Ch 6:Security Architecture, 4*s, I think there is a risk that the exam could cover more virtualization than the book prepares the candidate for. Not that I have knowledge of what is on the exam, but it is one of the most important topics in security right now and it only gets three paragraphs. I would also rework polyinstantiation, most of the sections are crystal clear, but this is a bit muddy.
Ch 7: Business Continuity, 4*s, I think this chapter could have been a touch shorter to be true to the spirit and approach of the book, all the information is there, but I had to force myself to read it, in second edition, suggest a do over.
Ch 8: Telecommunications, 5*s, authors are true domain experts, so they are able to concisely explain the material
Ch 9: Application Development Security, 5*s, same comment as above, since the authors know this stuff cold, they can make it very clear
Ch 10: Operations Security, 5*s, I do wish ISC2 would get on board with the better incident response model, but that is not the author's fault, this chapter is also true to the spirit of the book.
Ch 11: Legal regulations, 5*s, authors did a better job overall than I do with my course ( I will start the rewrite this week). I would suggest adding the concept of attestation to Chain of Custody.
The remainder of the book is a self test and the authors have additional practice testing on their web site. The Glossary is complete and also concise.