64 von 65 Kunden fanden die folgende Rezension hilfreich
- Veröffentlicht auf Amazon.com
Format: Gebundene Ausgabe
Many people have commented that the Second Edition of the Official (ISC)2 Guide to the CISSP CBK was a big improvement over the first edition. I have to wonder how bad the first edition must have been?
Before getting into the details of my concerns, let's look at the layout of this hardbound, 968 page "brick".
The book is organized in a 1:1 correspondence with the 10 Domains of the CISSP CBK (i.e. one chapter per domain). This organization is nice as compared with the All-In-One CISSP 4th Edition, which has something like 12 chapters to cover the 10 domains (which can make it hard to cross reference concepts).
Each domain is written by a different author (or authors) who are CISSP's and experts in the field covered by the domain. In concept this is a good idea, and in a few places it was clear that the authors tried to impart some real-world knowledge and experience (such as the BCP/DRP chapter). However, it also leads to contrasting writing styles and some issues with "continuity".
As one might expect, many domains have concepts that overlap. On occasion, the text of the book will call attention to areas that relate or overlap with other domains, but this is inconsistent and sometimes results in the reader having some questions in their mind about the 'big picture' of the concepts. Given the CISSP is primarily a managerial level certification, understanding the big picture is critically important.
In general, the content seemed relevant, though the organization left something to be desired (more on that later). However, I was a bit surprised to see quite a bit of disparate information in this book when compared with the official (ISC)2 Review Seminar course material. There were at least a few topics covered in one, but not the other. I would have expected there to be better alignment between two current and "official" (ISC)2 sources, and it left me somewhat questioning which resource to focus on.
Speaking of the content, as compared to the All-In-One CISSP (Shon Harris) book mentioned above, this book is more of a traditional technical guide. Shon Harris' books occasionally interject opinion that borders on 'soapbox' material. And I find her "jokes" to generally not be funny, and often distracting. Some might consider the Official (ISC)2 Guide to be dry in comparison, but in technical reference books I prefer clear and succinct writing.
As mentioned, the layout of the individual chapters could be improved. The book does follow a typical hierarchy for introducing concepts (i.e. the main topic introduced with large, bold font, sub-topics using smaller fonts, italics, etc). However, in many cases the context of the material was not introduced well at the start, leading the reader to question whether a "sub-heading" represents a new topic, or a topic relating to the previous topic. In many cases the material gets nested 5 or 6 layers deep, making it hard to differentiate whether a new section is a sub-topic or a new upper level topic. This is a bit hard to explain so I hope that is clear. Again, this certification is not about memorization, but rather concepts and how they interrelate, so the book's organization is important.
Another area that was lacking was the use of tables, figures, and diagrams. There are some tables, etc, but there really should have been a few more. This could have really helped in providing additional context for some of the topics (see previous paragraph). This is an area where the Shon Harris All-In-One CISSP is better.
I also wish the editor/publisher would have taken a bit more time to improve the index. How can key elements such as "Software Development Lifecycle" and "Common Criteria" not even have index entries? My recommendation is when reading this book and taking notes, be sure to notate page numbers in your own notes for future reference.
There were also the usual amount of typo's and a few technical errors. The quantity of errors in tech books seems to be on a slow, steady rise, so I'd consider this book to be typical or maybe only slightly worse than typical.
Ultimately, for those studying for the CISSP I would recommend this book simply because no single book covers the entire CISSP scope. Couple this book with either the CISSP All-in-One Exam Guide, Fifth Edition, or perhaps the CISSP For Dummies 3rd Edition if you are looking for a cheaper option that might serve an an easier introduction to the material.
UPDATE: I forgot to add that I did pass the CISSP using primarily this book, coupled with the Review Seminar mentioned above. Took the test August 8 of 2010, received notification that I passed in September, and received my certificate in October.
My approach was as follows:
I started studying for the exam in late May, targeting a test date of August 8 (note the date on my review was August 7). I basically counted the number of days I had to prepare, subtracted 1 week for review time and about 7 "off" days to allow for days off or catch up. I also subtracted one week for the review seminar course that I took the week prior to the exam. I then took the number of remaining days an divided the number of pages in the book by that to set a pages per day goal. I think the result was something like 18 or 19 pages per day.
That was my goal - read 19 pages per day and take notes as I read. The next day I'd review the previous day's notes, and read another 19 pages and take notes. I used the Shon Harris book as a supplement to fill in gaps that I felt were unclear.