Authors: Eric Conrad, Seth Misenar and Joshua Feldman
The title of the book is self-explanatory – this is a study guide for all of you out there who aspire to become a Certified Information Systems Security Professional.
Mixing facts, knowledge and experience, the authors aimed at relaying to you every detail they think important when tackling the colossal task of studying for this demanding exam.
About the authors
Eric Conrad is a SANS Certified Instructor and is the president of Backshore Communications, a company focusing on intrusion detection, incident handling, information warfare, and penetration testing.
Seth Misenar is also a SANS Certified Instructor and serves as lead consultant for and founder of Context Security. He teaches a variety of courses for the SANS institute, including the CISSP course.
Joshua Feldman is a contractor working for the DoD’s Information Systems Agency. Before that, he spent time as an IT Sec engineer working for the Department of State – he travelled around the world and conducted security assessments of U.S. embassies.
All three are CISSPs.
Inside the book
The book begins with an introductory chapter in which the authors explain that the book was born out of real-world instruction and experience, offer some good advice on how to use it to successfully, and how to prepare for and execute the exam.
The ten chapters that come next cover the following subjects: information security governance and risk management, access control, cryptography, physical security, security architecture and design, business continuity and disaster recovery planning, telecommunication and network security, application development security, operations security, and legal regulations, investigations and compliance.
Every chapter begins with a short list of exam objectives covered in it and points out and defines the most important terms and definitions. After a short introduction, cornerstone information security concepts are introduced, and the authors make sure that you understand that without being completely familiar with them, you will not be able to pass the exam.
Throughout the chapters, text boxes containing real-world examples and exam warnings with hints about what things you really need to remember, what information you must not mix up, and what the exam questions are really aiming for in particular cases.
There will also be some notes that will provide you with links to texts that are not covered in the book, but must be learned nonetheless, or things to think about. Every chapter finishes with a short summary of exam objectives, and a self test consisting of 15 questions that could come up in the exam.
Perhaps you will look at the number of pages this book has and think that this amount is nothing when compared with some other books designed to teach you all you need to know to become a CISSP, but don’t be fooled.
The authors have made it their business to gather all the needed knowledge and to present it in an extremely concise, straightforward manner, and to give you practical hints that could really help you jog your mind when you sit down to take the test.