Book Review: CISSP in 21 Days - Continued Analysis
(Page 3 of 4 )
It should be pointed out once again that this book is not a complete manual that teaches you everything from the basic concepts on up as far as what you need for the examination—that couldn’t be further from the truth. Passing the exam means meeting pretty high requirements, and same goes for the eligibility for actually starting the examination as well. This book, however, is ideal during the last month of preparing to take the exam because it reviews the core concepts of each of the ten IS domains.
The first two days discuss security management practices, control environment, asset classification, risk management, and security awareness. The next two days cover the second key concept, which is physical security—vulnerabilities, threats, and countermeasures are explained along with protecting/securing equipment.
Furthermore, the access control-related techniques, concepts, and methodologies are reviewed; then penetration testing and vulnerability assessments are also covered. During the cryptography chapters, the author dwells on PKIs, various standards, and the basics of cryptography, such as types, methods, and applications.
Right after this, incident management, operations procedures and responsibilities, and reporting are explained. Just as importantly, their security and the evaluation criteria are stressed, such as the TCSEC. Over the course of next few days, application security is exhausted (software engineering and development life cycle models) and there’s much emphasis on the Telecommunications and Network Security section.
The final three days involve recalling knowledge of security architecture: trusted computing base, protection domain, various accreditation and certification schemes, and other computer security models; combined with business continuity and disaster recovery planning: the process, their goals and objectives, along with other concepts. And the last two days cover regulations, legal, compliance, and investigations.
The author does a fantastic job breaking down each of the key concepts into 3-4 sentences and explaining all of the theory in a succinct yet exhaustive way. This quick guide is excellent for anyone that may be interested in CISSP as well, even if they aren’t taking the exam yet.
Moreover, despite being targeted toward information security professionals or CISSP candidates, the book is really useful as a reference guide for system and network administrators, database administrators, software developers, system analysts, system architects, application designers, legal professionals, IT auditors, IS auditors, security officers, penetration testers, and ethical hackers.
The author's style is clear and the paragraphs convey the material lucidly. We can sense that the author is a prolific teacher, trainer, and speaker right through his words. He has an unique way of bridging the gap between professionals and others through his writings and teachings. The font used within the book is some Garamond-like style and the typography is clear, the white-on-black contrast is appropriate.
In short, let’s sum up what you can learn from this book:
ØGet to know the requirements of the CISSP examination and structure your preparation accordingly.
ØBuild your understanding of a myriad of concepts in the Information Security domain.
ØIntegrate your existing knowledge, experience, and prior learning to easily remember the concepts.
ØApproach the exam confidently with the help of step-by-step preparation and practice questions.
ØPractice the full-blown mock-up test to evaluate your knowledge and exam preparation.
