Official (ISC)2 Guide to the CISSP CBK, Second Edition [Hardcover]

Many people have commented that the Second Edition of the Official (ISC)2 Guide to the CISSP CBK was a big improvement over the first edition. I have to wonder how bad the first edition must have been?

Before getting into the details of my concerns, let's look at the layout of this hardbound, 968 page "brick".

The book is organized in a 1:1 correspondence with the 10 Domains of the CISSP CBK (i.e. one chapter per domain). This organization is nice as compared with the All-In-One CISSP 4th Edition, which has something like 12 chapters to cover the 10 domains (which can make it hard to cross reference concepts).

Each domain is written by a different author (or authors) who are CISSP's and experts in the field covered by the domain. In concept this is a good idea, and in a few places it was clear that the authors tried to impart some real-world knowledge and experience (such as the BCP/DRP chapter). However, it also leads to contrasting writing styles and some issues with "continuity".

As one might expect, many domains have concepts that overlap. On occasion, the text of the book will call attention to areas that relate or overlap with other domains, but this is inconsistent and sometimes results in the reader having some questions in their mind about the 'big picture' of the concepts. Given the CISSP is primarily a managerial level certification, understanding the big picture is critically important.

In general, the content seemed relevant, though the organization left something to be desired (more on that later). However, I was a bit surprised to see quite a bit of disparate information in this book when compared with the official (ISC)2 Review Seminar course material. There were at least a few topics covered in one, but not the other. I would have expected there to be better alignment between two current and "official" (ISC)2 sources, and it left me somewhat questioning which resource to focus on.

Speaking of the content, as compared to the All-In-One CISSP (Shon Harris) book mentioned above, this book is more of a traditional technical guide. Shon Harris' books occasionally interject opinion that borders on 'soapbox' material. And I find her "jokes" to generally not be funny, and often distracting. Some might consider the Official (ISC)2 Guide to be dry in comparison, but in technical reference books I prefer clear and succinct writing.

As mentioned, the layout of the individual chapters could be improved. The book does follow a typical hierarchy for introducing concepts (i.e. the main topic introduced with large, bold font, sub-topics using smaller fonts, italics, etc). However, in many cases the context of the material was not introduced well at the start, leading the reader to question whether a "sub-heading" represents a new topic, or a topic relating to the previous topic. In many cases the material gets nested 5 or 6 layers deep, making it hard to differentiate whether a new section is a sub-topic or a new upper level topic. This is a bit hard to explain so I hope that is clear. Again, this certification is not about memorization, but rather concepts and how they interrelate, so the book's organization is important.

Another area that was lacking was the use of tables, figures, and diagrams. There are some tables, etc, but there really should have been a few more. This could have really helped in providing additional context for some of the topics (see previous paragraph). This is an area where the Shon Harris All-In-One CISSP is better.

I also wish the editor/publisher would have taken a bit more time to improve the index. How can key elements such as "Software Development Lifecycle" and "Common Criteria" not even have index entries? My recommendation is when reading this book and taking notes, be sure to notate page numbers in your own notes for future reference.

There were also the usual amount of typo's and a few technical errors. The quantity of errors in tech books seems to be on a slow, steady rise, so I'd consider this book to be typical or maybe only slightly worse than typical.

Ultimately, for those studying for the CISSP I would recommend this book simply because no single book covers the entire CISSP scope. Couple this book with either the CISSP All-in-One Exam Guide, Fifth Edition, or perhaps the CISSP For Dummies 3rd Edition if you are looking for a cheaper option that might serve an an easier introduction to the material.

UPDATE: I forgot to add that I did pass the CISSP using primarily this book, coupled with the Review Seminar mentioned above. Took the test August 8 of 2010, received notification that I passed in September, and received my certificate in October.

My approach was as follows:

I started studying for the exam in late May, targeting a test date of August 8 (note the date on my review was August 7). I basically counted the number of days I had to prepare, subtracted 1 week for review time and about 7 "off" days to allow for days off or catch up. I also subtracted one week for the review seminar course that I took the week prior to the exam. I then took the number of remaining days an divided the number of pages in the book by that to set a pages per day goal. I think the result was something like 18 or 19 pages per day.

That was my goal - read 19 pages per day and take notes as I read. The next day I'd review the previous day's notes, and read another 19 pages and take notes. I used the Shon Harris book as a supplement to fill in gaps that I felt were unclear.

As opposed to the rather popular Shon Harris title, the 'AIO CISSP Study Guide', this title provides a more serious and professional presentation of the requisite exam material. It can be heavy going at times, and may require the occasional re-read to ensure that information is sinking in, but then again the subject matter is heavy, and is not to be taken lightly. Not only will this text provide you all you need to know to pass the examination, it will remain as a vital ongoing reference for those professionals who are at the front lines of the Information Security profession.

Let me say that I bought the Shon Harris AIO book and could not get through it - too many stories and jokes that I found distracting. In a nutshell the AIO guide is too wordy and bored me highly (although when she gets to the CISSP material it is good as she knows her stuff). With that said I bought this book and boy was I glad I did! Finished the book a week before the exam and spent the last week taking the practice exam included (about 1 hour a day). I really enjoyed the book as it is written by several professionals that specialize in a domain (this changes the pace and ensures you learn from specialists vs a jack of all trades). Now I have taken certification exams before and have found the official books are the best ones to use (this one did not disappoint). Now on to the exam. The exam was the most difficult exam I have ever taken - really the CISSP is no joke. I felt the book (only study material I used) got me assimilated to terminology and theory and my experience made the difference in the exam for me. Since you are supposed to have 5 years experience in the field to take this exam anyways, this book should get you through the theory and your experience should get you through the rest of the test. I think ISC2 has done a wonderful job with this book and its questions (exam like but I did not find any on the actual exam) so that you may see where you stand. I am proof that you can pass with just this book and don't need to waste time with multiple sources of material if you have h security experience required to take the exam. For those without experience, I suggest the SSCP ISC2 credential instead - the CISSP requires an endorsement of your experience anyways (and potential audit) so it may be a waste of your time and money if you don't have the required experience. For those that do, rest assured you can pass with just this book (I did), buy the book with confidence and thank me later.

› Go to Amazon.com to see all 28 reviews  3.7 out of 5 stars