OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Jay Heiser (jheiser@LUCENT.COM)
Date: Fri Jan 26 2001 - 02:12:05 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Yes, I read the list, and yes, I'm putting together an annotated list of
    books. It will have at least a paragraph on each book that describes what
    the book offers and why it is useful for test studying. It will only
    include books that I personally have read (authors are welcome to give me
    books if they want).

    I cannot emphasize how different the CISSP is then something like an MCSE.
    Asking for a single book is a bit like asking what book you need to study to
    pass the bar exam. I know several people who've passed the MCSE cert
    without ever administering a computer. I managed to get my general class
    ham radio ticket at age 15 by studying exam prep guides that covered the
    entire population of test questions (morse code was different, though).

    The CISSP would be of minimal value as a discriminator if it were possible
    to pass the test by reading a single book (maybe neither the MCSE nor ham
    radio licenses are useful?). One very important aspect of the CISSP is that
    it forces everyone to learn about things that they would otherwise ignore.
    Technicians must learn about policy, behavioral types must learn about
    TCP/IP. CISSPs have been exposed to a wide range of security topics and
    have a deep vocabulary of security concepts. Theoretically, this well of
    knowledge is deep enough that it won't dry up immediately after finishing
    the test.

    However, for an experienced infosec consultant looking for a review before
    the test, the HISM texts are appropriate. Please note that this is a series
    of books, and that Amazon has confused volumes 1 and 2 of the 4th edition.
    Volume 1 has a teal cover and Volume 2 has a multi-colored cover. The SRV
    texts seem to be helpful, but I have not read them.

    I'll put my annotated list on the web in about a month.

    Jay Heiser

    > -----Original Message-----
    > From: CISSP Study Mailing List [mailto:CISSPSTUDY@SECURITYFOCUS.COM]On
    > Behalf Of Sanchez, Scott
    > Sent: Thursday, January 25, 2001 11:03 PM
    > To: CISSPSTUDY@SECURITYFOCUS.COM
    > Subject: Re: What is the best CISSP book to buy
    >
    >
    > To say that any one book is the best study guide is
    > inaccurate imo. No
    > single book can give you the experience you need to pass the
    > test. (note:
    > while this may sound like a pain now, once you pass you will
    > respect your
    > knowledge level and that of your fellow cissps all the more).
    > Jay Heisser
    > is supposed to be putting together a list of recommended
    > reading. Jay, do
    > you follow this list?
    >
    > Cheers,
    > -scott
    >
    >
    > ---------------------------------------
    > Scott C. Sanchez
    > scott.sanchez@gs.com
    >
    >
    > -----Original Message-----
    > From: Terry Ironside <Terry.Ironside@TELECOM.CO.NZ>
    > To: CISSPSTUDY@SECURITYFOCUS.COM <CISSPSTUDY@SECURITYFOCUS.COM>
    > Sent: Thu Jan 25 15:05:17 2001
    > Subject: [CISSPSTUDY] What is the best CISSP book to buy
    >
    > Hi all
    >
    > I'm looking to buy one of the following two books for the CISSP exam:
    >
    > 1) Information Security Management Handbook by Harold Tipton and
    > Micki Krause
    > 2) CISSP - Volume 1: Theory First Edition, 2000 by S. Rao
    > Vallabhaneni
    >
    > I would welcome any opinions on the suitability of these books, or any
    > others, that would give me good preparation for the CISSP exam.
    >
    > Many thanks
    >
    > Terry
    >
    > +--------------------------------------------+
    > | You have received this email because you |
    > | subscribed to the CISSPSTUDY mailing list. |
    > | -- To unsubscribe, send an email to -- |
    > | listserv@securityfocus.com |
    > | with a message body of: |
    > | UNSUBSCRIBE CISSPSTUDY |
    > +--------------------------------------------+
    >
    > +--------------------------------------------+
    > | You have received this email because you |
    > | subscribed to the CISSPSTUDY mailing list. |
    > | -- To unsubscribe, send an email to -- |
    > | listserv@securityfocus.com |
    > | with a message body of: |
    > | UNSUBSCRIBE CISSPSTUDY |
    > +--------------------------------------------+

                 +--------------------------------------------+
                 | You have received this email because you |
                 | subscribed to the CISSPSTUDY mailing list. |
                 | -- To unsubscribe, send an email to -- |
                 | listserv@securityfocus.com |
                 | with a message body of: |
                 | UNSUBSCRIBE CISSPSTUDY |
                 +--------------------------------------------+