OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: MONTENEGRO,FERNANDO (HP-Canada,ex1) (fernando_montenegro@HP.COM)
Date: Thu Jan 25 2001 - 17:26:25 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hello,

    DISCLAIMER: Opinions expressed below are my own. No relation to my employer,
    etc, etc, etc...

    While some people have enjoyed the second option (CISSP vol.1) I was quite
    disappointed. The book had many technical errors (such as saying that "HTTPS
    is a Web Server for NT"). Now, I understand this is nit picking, but if I am
    buying a book to study for something, what level of confidence will I have
    when reading other things which I don't know about if I can spot such basic
    mistakes in other areas?

    On the plus side, it did have a nice summary at the end, grouped by CBK
    domain. Also some people have posted very interesting study strategies based
    around this book (see the mailing list archives for a message from Scott
    Sanchez on 30/08/00 with the subject: Repost of 'how to study' & moderator
    comments)

    My suggestion is to stick with the HISM book, plus a few others:
    - Secure Computing, by Rita Summers
    - Applied Cryptography, by Bruce Schneier
    - Secrets & Lies, by Bruce Schneier (OK, not very in-depth, but an
    interesting read nonetheless)

    The really important message, though, is that there isn't ONE book to study.
    The CISSP is not a certification of a specific product or technology: it
    encompasses most of what an information security professional should know to
    perform his/her duties. I know the analogy is a bit thin, but it is like
    asking a lawyer what *one* book is needed to pass the bar examination.

    As Bill Murray so aptly put it a few months ago, "There are no short cuts to
    professional knowledge".

    Hope this helps.

    Cheers,
    Fernando 

    --
Fernando S. Montenegro, CISSP
e-mail: fernando_montenegro@hp.com
#include <disclaimer.h>

    -----Original Message-----
From: Terry Ironside [mailto:Terry.Ironside@TELECOM.CO.NZ]
Sent: January 25, 2001 3:05 PM
To: CISSPSTUDY@SECURITYFOCUS.COM
Subject: [CISSPSTUDY] What is the best CISSP book to buy

    Hi all

    I'm looking to buy one of the following two books for the CISSP exam:

    1) Information Security Management Handbook      by Harold Tipton and
Micki Krause
2) CISSP - Volume 1: Theory  First Edition, 2000     by S. Rao
Vallabhaneni

    I would welcome any opinions on the suitability of these books, or any
others, that would give me good preparation for the CISSP exam.

    Many thanks

    Terry

                 +--------------------------------------------+
             |  You have received this email because you  |
             | subscribed to the CISSPSTUDY mailing list. |
             |   -- To unsubscribe, send an email to --   |
             |         listserv@securityfocus.com         |
             |          with a message body of:           |
             |          UNSUBSCRIBE CISSPSTUDY            |
             +--------------------------------------------+