Note that there is now a second volume for the 4th edition of this book. It
is currently out of stock just about everywhere, but the second printing,
which is apparently completely allocated, has just shipped, and a third
printing is being planned.

I wrote several of the chapters in this book, and I'm in the process of
reading through the other chapters. Each one of these 'HISM' books is an
anthology with essays contributed by individual writers. The book is
perhaps a bit inbred, with most of the authors being CISSPs and many of them
knowing each other (for a completely different set of authors, look at the
anthologies edited by Dorothy Denning).

There are some gaps in the books that are available and a couple of the CBK
domains. That's why I wrote a chapter on hostile code for the latest HISM
volume. Virtually no academic research has been conducted for at least 5
years, and nobody is writing any more English language books on viri (I'm
aware of a couple recent ones in German, but they aren't very in-depth).
Given that macro viruses are the most common cause of security incidents for
many organizations, it seemed like there was a gap I could fill for CISSP
candidates.

I still think we've got a problem with sources on physical security (power,
fire suppression, burglar alarms, CATV, Electronic Access Control, etc). A
CISSP doesn't have to be an expert on any of these, but at some of the
committee meetings I've attended, we've agreed that a CISSP has to be able
to evaluate the work of experts in these areas and at least know what to ask
for. You can't do an assessment of a data center without being able to
understand something about their physical security countermeasures.

Maybe we still need another chapter on that. I'm guessing this is one of
the reasons that Mich Kabay wrote that series on the subject. He likes to
fill gaps.

That's a long way of saying that I agree that the HISM is a helpful study
guide. Be aware that it is in several parts right now, and also be aware
that Amazon has totally screwed up the entries for the two volumes of this
book. You might hold off a week or two before ordering them. Vol 1,
which is not designated as such, was published in the Fall of 1999 and has a
teal cover. Volume 2, which is designated as such, came out in the Fall of
2000 and has a colored cover. ISBN of volume 2 is 0-8493-0800-3.

I will go on record one more time as saying that the more books you read,
the better. As I see it, one of the benefits of the CISSP is that it forces
everyone to study areas that they are not necessarily interested in, and are
weak in. Hopefully, the studying you do for the CISSP will last a lifetime.

Jay Heiser

Jay Heiser, CISSP
Distinguished Member of Consulting Staff
Lucent Worldwide Services--Information Security
Zurich, Switzerland

> -----Original Message-----
> From: CISSP Study Mailing List [mailto:CISSPSTUDY@SECURITYFOCUS.COM]On
> Behalf Of Robert G. Ferrell
> Sent: Tuesday, January 23, 2001 6:31 PM
> To: CISSPSTUDY@SECURITYFOCUS.COM
> Subject: Re: Review Text (was Re: Where is the FITES book available?)
>
>
> >I am sure this question may have been asked before (if so,
> refer me to any
> >of the FAQs for this list as I cannot find them), but is
> there a review text
> >or text(s) recommend for those who intend to sit for the
> test? Some of us
> >may be weaker in certain areas (I, for example, am weak in physical
> >security) that we may never get exposure to.
>
> Standard review text is the "Information Security Management
> Handbook, 4th
> ed." by Tipton/Krause (Auerbach, ISBN 1-8493-9829-0). There
> are various
> others that will help, as well (and I'm sure other members of
> this list will
> point them out), but if you were to narrow it to one only,
> this would be it.
>
> Cheers,
>
> RGF
>
>
> Robert G. Ferrell, CISSP
> Information Systems Security Officer
> National Business Center
> U. S. Dept. of the Interior
> Robert_G_Ferrell@nbc.gov
> ========================================
> Who goeth without humor goeth unarmed.
> ========================================
>
> +--------------------------------------------+
> | You have received this email because you |
> | subscribed to the CISSPSTUDY mailing list. |
> | -- To unsubscribe, send an email to -- |
> | listserv@securityfocus.com |
> | with a message body of: |
> | UNSUBSCRIBE CISSPSTUDY |
> +--------------------------------------------+

             +--------------------------------------------+
             | You have received this email because you |
             | subscribed to the CISSPSTUDY mailing list. |
             | -- To unsubscribe, send an email to -- |
             | listserv@securityfocus.com |
             | with a message body of: |
             | UNSUBSCRIBE CISSPSTUDY |
             +--------------------------------------------+

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]