Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [CISSP-D] new guide

from [Dave Sims] Network Security [Permanent Link]
Subject: RE: [CISSP-D] new guide
Date: Wed, 30 Mar 2005 22:08:00 -0500 



Rand,

I was frustrated when I was studying too.  Think of this as risk mitigation.
You can never squeeze all the risk out of anything.  Just mitigate what you
can and accept the rest right?

I used these books but you can probably be just as successful with what you
have.

The CISSP Prep Guide: Gold Edition  
Ronald L. Krutz, Russell Dean Vines

CISSP Certification All-in-One Exam Guide, 2nd Edition  
Shon Harris

Applied Cryptography: Protocols, Algorithms and Source Code in C  
Bruce Schneier (This one is a personal favorite of mine and I am really glad
I bought it)  Mr. Schneier is probably as a good a teacher as he is a
cryptographer.  It is really over the top on Cryptography.  You will get
everything you need out of the first five chapters of the book for CISSP.
The important thing to me was the way the book was written.  He makes
Cryptography so much more interesting and accessible.  I strongly recommend
this book for your reference set.

There is also a mountain of free information on the web.  Be very careful
what you decide to look at.  You will find many times what you are studying
contradicts other texts.  

The most effective method I found was to use certain material sets as my
"Gold Standard" Then If I used anything else I always deferred to my
standard if I felt there was a conflict.

I had experience in three, maybe four areas of the CBK in my Infosec career.
Your situation is not at all unusual.  It seems to me that the intention
with this testing regimen is aimed to unite these fields of study and expose
them to candidates.  I hope this helps.

Best of luck,

Dave
-----Original Message-----
From: Rand [mailto:perico7@gmail.com] 
Sent: Wednesday, March 30, 2005 3:30 PM
To: rslade@sprint.ca
Cc: CISSP-Discuss@yahoogroups.com
Subject: Re: [CISSP-D] new guide



Rob, thanks for the feedback. I'm cautious about buying new material.
I got burned when I bought the "Official ISC2 Study Guide". It really
sucks. 3 different authors with 3 different writing styles with
materials that seem to be compiled from various sources (even copied),
doesn't make for easy reading.
Why is it so hard to find a good CISSP book? I find info in some books
that are not in others and I'm wondering what is exactly on this
exam??? Not to mention the fact that the requirements for the exam
don't make sense. They require 4 years of direct experience in any
domain, yet I could remain 10 years in a sec info role and still not
be exposed to most of those domains. It's really weird.
Thanks anyway,
Rand


On Wed, 30 Mar 2005 12:12:10 -0800, Rob, grandpa of Ryan, Trevor,
Devon & Hannah <rslade@sprint.ca> wrote:

From:                   "tuanizado" <perico7@gmail.com>
Date sent:              Wed, 30 Mar 2005 01:19:05 -0000


Has anyone heard/read/used this guide:
http://www.powells.com/cgi-bin/biblio?inkey=91-9889732319-0


Not quite new: it's copyright is two years old, and it doesn't reflect

some of the

new requirements for the CISSP.  It's a self-published ebook, with all the
limitations that implies.  It's seems to have been derived from a course

that was,

itself, derived from the ISC2 review seminar.  It is basically in point

form, and has

no sample questions.

Overall, the points are reasonably well selected.  (Well, that's to be

expected,

given the probable base source.  The section on malware is very

disappointing, and

the section on legal concepts is rather weak.)  The material is more

up-to-date

than any other besides the "Official (ISC)^2 Guide to the CISSP Exam" (cf.
BKOIGTCE.RVW).  In terms of books dealing with an overall familiarization

with

the topics to be covered on the CISSP exam, this one does have an

advantage in

price, and in speed of access.  (I requested a copy directly from the

author by

email, and got it within two hours.  If, for example, you are in a boot

camp course

situation, you may need all the help you can  get, quickly.)

======================
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
"If you do buy a computer, don't turn it on."     - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses"              0-387-94663-2
"Viruses Revealed"                                      0-07-213090-3
"Software Forensics"                                    0-07-142804-6
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
alternate site http://sun.soci.niu.edu/~rslade/
CISSP refs:     [Base URL]mnbksccd.htm
PC Security:    [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews:   [Base URL]mnbk.htm
               [Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
Security Educ.: http://groups.yahoo.com/group/comseced/
Review mailing list: send mail to techbooks-subscribe@egroups.com





-- 
----------------------
Rand
~~~~~~~~~~~
He not busy being born, is busy dying... Bob Dylan





 
Yahoo! Groups Links



 








 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [CISSP-D] CISSP study group in australia, roger qi
Next by Date:  [CISSP-D] book difference, scoupe11
Previous by Thread:  RE: [CISSP-D] new guide, Henry Guzman
Next by Thread:  [CISSP-D] oh my...., Rand
Indexes:  [Date] [Thread] [Top] [All Lists]