I'm presently have a couple of the InfoSec Mgmt handbooks (vol 1 & 2)
and have just purchased the CISSP Prep Guide as well as the Coriolis
CISSP Exam Cram. I has so far found this:

Exam Cram = Very light, only the top-level subjects and basic info on
them. Probably good for test takers who care more about getting the
title 'CISSP' than understanding the concepts.

Prep Guide = A little heavier. Readable and contains all the usefull
stuff. Good to go deeper into the domains.

Info Sec = Heavy, heavy book. Very good for reference and delving deep
into the domains.

I'm somewhat green on the CISSP studying but this is how I'm doing it.
My plans are to read the Exam Cram, figure out where I'm weak and to get
a overall view, then use the Prep to go deeper. If I don't feel that's
enough (which I doubt), then I'll use the InfoSec books but I plan on
using these more for reference than study guides.

Regards,

Shawn

-----Original Message-----
From: ext Mark Bell [mailto:mark.bell@digitaldefense.net]
Sent: Wednesday, October 31, 2001 8:35 PM
To: cisspstudy@lists.securityfocus.com
Subject: RE: Information Security Mgmnt Handbook

I used the Info Security Management Handbook (4th Edition) for my CISSP
study preparation. I actually found it fairly useful...Some parts
probabaly
went a little more in depth than I'd like, while others didn't even
really
touch the subject matter of the domain (how they decided to discuss
traditional Intrusion Detection in the Threats and Facility Requirements
chapter (Physical Security - Domain 10) is beyond me.) Overall, I felt
it
helped me pass the test.

However, there is no one book out there that will make you a CISSP.
Heck,
there's no five books out there that will make you a CISSP alone...at
least
50% of your knowledge had better come from on-the-job experience before
you
plunk down $450 for this test, or you're sunk (hence, the three year
requirement!). The books should merely supplement you in your weak
areas.
If it comes to the point where, say, a security guard at a computer
facility
(with at least three years of experience in Physical Security!) can just
pick up a book and pass the test, the CISSP will go the way the MCSE did
under Windows NT - a paper certification.

Mark

Mark B. Bell, CISSP
Director of Security Operations
Digital Defense, Inc.
1711 Citadel Plaza
San Antonio, Texas 78209
Phone: 888.273.1412
Fax: 210.822.9216
http://www.digitaldefense.net

-----Original Message-----
From: jkellerman@na.cokecce.com [mailto:jkellerman@na.cokecce.com]
Sent: Wednesday, October 31, 2001 4:33 PM
To: cisspstudy@lists.securityfocus.com
Subject: Information Security Mgmnt Handbook

Well I just parted with $60 for this book because it was recommended by
the
study group I am in. However, everyone at Amazon and other internet
bookstores seemed to slam the book saying it was a waste of money. I,
just
like everyone else studying for the CISSP exam, dont have time to waste
on
reading resources which will not be beneficial to my studying time.
These
ratings were very low for all three volumes. The CISSP Prep book though
seems to receive high marks as a resource for studying for the CISSP,
even
after just hitting the marketplace a couple of months ago. Does anyone
else feel the same way about the Information Security Mgmnt Handbook.
Did
you find it to be useless in your study time for the CISSP?

J. Kellerman

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]