CISSP Certified Information Systems Security Professional

I bought both the Kindle and paper versions of this book. I'm weird like that. If you don't want to read my really long review I summarize as get the Kindle version, read the entire thing, take advantage of the Sybex online content (sample tests) and that should be enough to pass. I should note I have about 15 years of experience as a jack-of-all-trades UNIX admin and I have been working specifically in security for about 3 years. I had a really good foundation but I learned a LOT from this book. CISSP EXAM COMMENTS I liked the book. I learned a lot from it. I read the entire book. I took all the chapter questions (I always waited a day or two after reading the chapter so I could get a better idea on what I really learned). I took all four sample exams after reading the entire book. I passed my CISSP exam on 2/17/2016 and I felt like almost everything I needed to know was in the book. There were a few questions that I don't think the book covered but I felt like they were practical things that a security engineer would already know. My primary comment concerning the book and the chapter questions and practice exams is that most of the provided questions are fairly straightforward. When taking the real exam, I found the questions notably more difficult because I often had to read the question a second (or third!) time to really understand what was being asked. I took all four practice exams as if they were real exams. I completed all four in under two hours each and scored 78%, 82%, 84% and 89% (I think the final test was the easiest of the four). The real CISSP exam took me about 3.5 hours and all I know is that I passed. TAKE YOUR TIME. READ EVERY QUESTION CAREFULLY. READ ALL THE ANSWERS AND AFTER YOU PICK ONE, REREAD THE QUESTION TO MAKE SURE YOUR ANSWER STILL SOUNDS GOOD. It's not a race or a contest. What matters is that you pass it and don't have to pay for a retake! Every CISSP exam is a bit different but I found mine hit a couple areas really hard (SDLC specifically) but the practice exams just barely touched on them. It is important to read the entire book. KINDLE VERSION I did about 80% of my reading in the Kindle app on an iPad and in general I prefer my iPad over paper books these days (portability and low light reading). In the case of this book, there is a lot of formatting that is lost in the Kindle version. The Kindle tends to squish whitespace and indents and such so some of the visual layout just becomes text. This is the first technical book I have used Kindle for and though I did 70% of my reading there, I was not fully satisfied with it. Another annoyance on the Kindle was that the TOC drop down interface only had the chapter heads and no easy jump to a specific subsection. Some of these chapters are about 80 pages which is like 200 swipes on an iPad mini. It does support all the awesome things you expect from Kindle like bookmarks and highlights and such. I used highlights to mark things I knew I wanted to review multiple times like the big encryption algorithm comparison table and some of the model definitions or process summaries. PAPER BOOK The paper book is a goddam tome. For fun I like to drop it loudly on my desk and say "THIS is what I am working on." I loved the experience of reading the paper book compared to the Kindle version but I only spent about 10% of my time on the paper book because of the size. It was difficult to transport and I could not easily read it in bed or reclining. The paper is very thin which did not bother me but may bother some. I can't imagine how large and heavy it would be if they did't use such thin paper. I really love paper books but considering the size of this one I think I have to recommend you skip it unless you really really just want paper or you really really want this on your shelf as a trophy and/or a warning unto others. SYBEX ONLINE MATERIAL The Sybex online material is a mixed bag. You can access the material using information in the introduction of either version of the book. One awesome feature is that after you are registered and verified your purchase you can download a PDF version of the book. This is what I spent the other 20% of my time reading. The PDF version is a tough read on an iPad mini but more manageable on a full size iPad or MBA and it looked great on my 24" monitor. The PDF version has a really nice TOC in the sidebar with all the subsections marked and that feature really underscored one of the big shortcomings of the Kindle version. The PDF also has all the perfectly excellent formatting that the paper book includes. I, uh, didn't know I could download the PDF when I bought the paper book or I probably would not have bought the paper book. The Sybex online material also includes electronic versions of all the chapter tests. The web interface is a little clunky on this but it works. A complaint about the chapter tests is that they do not randomize. The 20 questions after each chapter are always in the same order. This becomes painfully apparent if you select several chapters but only want (AKA have time for) a limited number of questions. Early on I selected the first three chapters but limited the question count to 20 and what I got was all 20 Chapter 1 questions in the order they appear in the book (sigh). This online resource is nice but it could have been so much better. The Sybex online material also includes four 250 question practice exams. This seems like a pretty awesome bonus and it is nice but the interface for the exams is slightly different from the chapter tests. You can bookmark a question but there is no way to go back to a previous question and review or change your answer. In the online help is says this is a feature to mimic the actual CISSP exam which generates a giant WTF from me. This is another resource which is nice but could have been awesome. To add insult to injury there is a timeout on the web page that can kick you out. I am guessing it is a two hour timeout but my method is less than scientific. I finished all practice exams in under 120 minutes but while I was reviewing my wrong answers on two of the exams I got a session timeout which kicked me out and reset my exam. In both cases I was in the result summary screen and closed it to go back to the test review screen. I theorize that as long as you are in the review screen you won't have problems but there is some sort of session check when you transition. I said it wasn't scientific. The online material also includes a glossary which I will probably review before taking the exam and set of online flashcards which I don't plan to use because I'm just not a flashcard guy. I may end up regretting that of course.

Compared to the (now outdated) Shon Harris books, this one reads more like a college textbook. Less fluff, jokes, and conversationalism and more pure content. For a test like the CISSP, I prefer this style of book. Just give me the information I need to know and nothing else. If I'm going to sit down and read 900+ pages over the course of a month, the last thing I want to do is spend time reading unnecessary additions. In short, I passed the CISSP today, 8/17/2016, after using online this book and the online Sybex practice tests that come with it. This is in addition to 6 years of on the job infosec experience. I had SEC+, CEH, and GCIH before attempting the CISSP. How I studied: 1. Read the entire book front to back. I did this by reading 1-2 chapters an evening, and with breaks and vacations, this took about a month. After reading a chapter, I would immediately read and answer the written lab questions for that chapter, and compare my answers to those in the back of the book. (At this point is when I purchased my exam seat.) 2. After reading all of the chapters and completing all of the written lab questions, I spent a few days completing the practice exams for each individual chapter using the Sybex online tool. Of course, I reviewed any questions I missed and took mental notes of those questions and answers. 3. I then spent a week completing the four full 250 question practice exams. I'd do one exam per day, and after I finished the exam, I'd go through with a word document and type up the answers for every question that I missed in order to drill those facts into my head. 4. After completing my incorrect answers document for every chapter exam and full practice exam, I had a 10 page word document typed up with the weak spots I needed to focus on before taking the exam. I still had 2 weeks remaining until the test date so every evening I read through portions of this document and either opened the book to research the areas I was still weak on, or I'd delete the section from the document if I felt I had covered it enough to be prepared for it on the test. The real pro-tip here is to focus your studies on what you *don't know*. No need to rehash what you've already got down. This is the most efficient study method I've put into practice through undergrad, post-grad, and my other certifications. Comments on the exam: -What I read elsewhere is true; the exam questions require a keen eye for what exactly they're asking you to answer. Don't be fooled by questions that contain extraneous, unnecessary information that is not required to answer the question being asked. -This book does cover everything you need to know, but I was surprised by the difference in the knowledge covered in the exam vs what was covered in the practice exams. If you *only* studied the practice exams in this book and Sybex, you would not be prepared to pass the real test. Use the practice exams to identify weak areas of your knowledge and get up to speed in those areas. A thorough understanding of the subject of the question is often needed to choose the best answer. I noticed several questions where one answer would be correct upon an initial read of the question, but then a more correct answer would be selected upon reading the question a few times and getting an idea of what they're really asking. You've got ask yourself, what knowledge are they expecting you to prove your mastery of by with this question? I'll admit I was a little let down by the amount of studying I did for certain topics that were not touched in the exam. Just remember, the exam is different for each individual so be sure to have all of your bases covered and good luck.

Excellent coverage of the rote memorization of terminology you need to pass the multiple choice test of terminology of the CISSP exam. Includes all the essential content from U.S. National Institute of Standards Special Publication 800-53 Security and Privacy Controls Catalog (1996-present), a government written buyers guide listing features to consider when buying software applications. Perfect for high-level conversation without any of the actual details required for implementation, operation or functional protection. This twenty year old certificate is the gold standard for job hunting, job jumping certifications of terminology & simplistic theory. After completing this a person is qualified to be junior member of the support team in order to receive additional technical training in how to actual perform security. Passing the exam involved obtaining a score of at least 64% according to the official references. Almost anyone with experience in Facility management, Lawyer/paralegal, Military, Law enforcement or System Administration can qualify under the design by citing analogous experience in security chapters (aka domains) identified by ISC2 without needing specific IT experience. There is not shortage of non-IT professionals of these titles holding CISSP. No technical skills are required to become a CISSP, only simplistic terminology. The Microsoft MCSE does NOT cover anything close to the number of security topics in the NIST 800-53, in this book or most other books on Cyber Security. In the regard of providing a starting point it has some merit. Actual job performance is about performing highly detailed tasks not covered by CISSP. But if all you need is to change jobs this book is the ticket for many already familiar with buyers guide level IT terminology of "What is it called where does it go/fit/be used". i.e. (for example) point to an automobile and the equivilant learning is "That's an automobile it's supposed to be driven by licensed driver on approved roadway and you store it in parking lot or garage, it's a violation to park on the grass in most situations except roadside maintenance. Lock the doors and take the keys to reduce theft", then switch to another topic. CISSP an awareness orientation, no more - no less. Semper fidelis, Dave

This book was the only book I purchased when it came out just a few months ago for the CISSP. I studied from only this book. I had a very minimal background in networking.. but substantial knowledge of programming and years of experience programming professionally. The test took me 4 hours and I did pass the first try. How I used this book: 1. First time I read the book I did two chapters of reading per week. The first time through reading I gathered all of the high level concepts from the book. I was not reading for extreme detail because my brain could not possibly remember so much. I also avoided all practice questions. (I find that if you do questions right after reading naturally you will do well... you just read it!) 2. The second time I went through the book I took a notebook and wrote down every "Exam Essential" item from the end of each chapter onto a piece of paper along with the chapter it was from. Exam Essentials is the special section where the author has taken the time to highlight all of the things he thinks you MUST know to take the test. He wrote one for each chapter and this is where this book is awesome. If I didn't understand one of the Exam Essential items I went to that chapter and read in extreme detail about the concept and took notes so I would not have to look it up again. 3. So I had my notebook with about 30 pages of notes, (there are about 21 chapters so each chapter was a page or so) using long term memory tricks I memorized every single page of my notes. The trick I used was walking around my apartment (in my mind) and visually associating things with the test. (Each step of my staircase became a layer in the OSI model and I envisioned the technology for that layer sitting on the step as an example. Memory professionals who memorize decks of cards use association all the time. Please take some time on Google and learn how to do this kind of memory work. It will benefit you greatly in school and life in general if you learn to do this.) The author already told me what I had to know.. so I made sure I memorized it. 4. During the last phase I simply did all the practice questions the author provided both in the book and on their website. If I didn't know something I made a note. At the end of all the thousands of test questions I had another 2 or 3 pages of notes to add to my memory. On another note I did one practice exam a day to be sure I could not remember questions because of the sheer volume of them. Then I waited 10 days and did all the practice exam questions again... guess what? I could not remember the questions and it felt like all new tests again. Great way to reinforce the concepts by doing the exams more than once. I took the test in January 2016. I marked the questions I was not sure on and did all the questions I was fairly certain on first. This took two hours. Then I went through and did all the questions I was not so sure on for two more hours. The feeling I had during the exam was one of dread. The questions felt like they were written by a lawyer and required an intense concentration to even understand what they were asking. At one point I told myself I can always try again and read another book if I failed. The practice questions were tricky in this book but they are not written the same strange way as the real exam in my opinion. Anyways I did pass the test. I was quite happy! So do I recommend the book? Absolutely! It was enough for me to pass first try in 4 hours.

As many have said here, this book is an excellent primary resource for the CISSP exam. I also passed the exam on the first try, but I must add that I have many years of experience as a technology manager, which also helped me in my preparation. Still, the exam is very difficult, and you need to have a mastery of the subject matter in order to answer the questions. Here is how I prepared: 1. I read this book cover-to-cover. I took my time and only covered two chapters per day. At the end of each chapter, I took the included exam, checking the answers in the back of the book. This was merely to reinforce the content I just covered. 2. Next, I read the book again, this time taking notes. Even for areas that hit my strengths (i.e., infrastructure, networking, planning), I wrote down notes as I reviewed the chapters. 3. Then I made use of the free Cybrary online course by Kelly Handerhan. She was excellent and provided reinforcement as well as other information that was extremely helpful for the exam. I took notes here as well. 4. Once I completed those steps, I set out to review the 46 pages of notes (front and back, so 92 pages of notes) that I had generated throughout my studies. I did this until I had mastered that content. 5. Then I finally started taking practice exams. Sybex includes several with the purchase of this book, and there are others online that are free (e.g., McGraw-Hill - even though this is an older resource referencing when the CISSP was broken down into 10 domains, the questions were still relevant and helpful). As many have said, the practice questions are extremely critical through your studies. Take as many as you can. In my estimation, I answered about 2,500 questions during my preparation. 6. Last, and certainly not least, the test. I took my time during the test. I flagged each and every question that was especially difficult or that proved to be confusing. Trust me, just a few questions in, I thought I was going to fail. The exam did not use the same terms and verbiage from the study materials and practice tests, so everything looked foreign to me. Still, the content was there, and it was essentially the same. I flagged well more than half the questions. Then, I went back and reviewed those questions very carefully. Finally, I reviewed each and every question on the exam before submitting it. Even after taking this much time, I completed the exam in only four hours. And, as I reviewed the questions one at a time in the end, I had a level of clarity on several of the ones I thought I had answered correctly, but changed them at the last minute once I read them a second, third, or even fourth time. Best of luck to all of you. This purchase is an excellent start to your preparation!

I passed the CISSP exam on my first attempt on 7/10/2017. It took me approximately 4 to 5 hours to complete the exam. I just want to give you an update on what I think about the (ISC)2 CISSP official study guide book. First let me give you a little background information on me first. I am an active IT professional who has worked in the IT field for about 8 years worth of experience in various departments within IT. I also hold an active security+ certification and a bachelors in computer science. This book is an all-in-one book that has a lot of information that will help any individual successfully pass the CISSP exam. This book also comes with over 1,400 sybex test bank questions and answers that I found very helpful. This was the only book that I used to study for the exam to pass along with a few Cybrary videos that I watched on the CISSP. when studying for the exam I did not read the entire book from front to back. What I did was go straight to the sybex test bank questions to identify areas of weakness. Once I identified areas of weakness I went to those specific areas within the book. I continued to go through at least 500 questions from the test bank at least 5 days a week and read specific areas within the book that I tested poorly on in the sybex test bank. I continued this method for approximately 3 weeks until my scores for each test I were over 95 percent. This method allowed me to retain information at a much faster rate than it would have if I just read the entire book from cover to cover. When going through each question in the sybex test bank if there were possibilities listed that I was not familiar with I went back to the book to look those up so that I could understand either why the answer was correct or incorrect. Every question that I answered in the sybex test bank if I could not explain why each selection was correct and incorrect then I went back to the book. Advice that I would give anyone pursing this exam is to take your time and read through every question and answer thoroughly before making a selection. Unfortunately I cannot tell you all the score received as this exam only tells you if you passed when passing the exam. great book overall. -good luck to all future CISSP exam takers

This book is just too dense to go through. The writing is very inconsistent, as if the chapter was written isolation and independent styling so the ready was very difficult. Some chapters were too details and key points (or factoids) are not well defined. If I was studying for a technical version of CISSP (such as CASP), this book would be better choice. I abandoned the book about 3/4 of the way to go with Eric Conrad's 3rd Edition of CISSP Study Guide. While the book provides significant details, they are just too overwhelming for the exam. I believe the authors miss the point that the CISSP exam is wide in topics BUT not so deep and focus on SECURITY. At times, while reading this book, I feel that the authors just want to create a reference book. The authors need to do a better job at condensing information into key facts that matter to the CISSP. For example, If I need to how the specific CFB works, I will research that out -- more importantly, how are that details needed for the exam? Perhaps one just need to know that ECB does not use IV so it has issue with patterns in ciphertext and the rest use IV and therefore better choice. If the authors work more on condensing information down to address the specific needs (managerial and security oriented) of CISSP, then this book would be a good choice.

This book is a great companion to the other more popular ones from Shon Harris and Eric Conrad. Truth to be told, I prefer this book to the rest as I find it better structured, easier to read and understand as well as being more relevant to the latest exam. I bought the Kindle version, which took some getting used to especially since the book did not come with an index and the search function was quite slow. There was repetitive material, but it served as a good reminder and also portrayed how certain topics are related or linked which I found worth reading. The written lab and 20 questions at the end of each chapter together with the 4 practice exams that come electronically (with the URL at the back of the book) were crafted in simpler terms than the actual exam but useful. When I sat the actual CISSP exam, I thought the persons who set the questions had also read the questions from the book, for some exam questions were crafted in similar fashion, but the correct answer was different ... which was tricky. So read the questions and answers carefully so as not to pick the wrong answers. I am unsure, but since I am not living in the States, I also did not encounter any questions pertaining to the country. Lastly, one improvement I would suggest to the authors is to include more material related to the Cloud, for e.g. security challenges in eDiscovery. I passed the exam first time, thanks to this book. So I highly recommend it. Cheers!