These
books will not help you study for or write the CISSP
(Certified
Information Systems Security Professional) exam.
These
books may, in fact, make your study more difficult,
and your
chances of passing the exam more remote.
At
the very best, the time you spend studying these books
will be
wasted, when you could have been reviewing other, more
useful
material.
If
I went back through the files I might be able to find
one, but, off
the top of my head, I cannot recall a technical book
with a poorer
structure, organization, or grasp of the titular material.
Many
authors fail to do full research. A large number present
the content
in a disorganized manner, forcing the reader to do more
work. Some
have their own idiosyncratic definition of the topic,
and may be
slightly misleading in what they deliver. Seldom do the
confluences
of those aspects reach the depths of uselessness seen
in these
volumes.
While
the (ISC)2 (International Information Systems Security
Certification Consortium) CBK (Common Body of Knowledge)
domain
structure can be problematic, the "Theory" volume
does not seem to
follow either the (ISC)2 study guide nor the CBK course
outline.
Point or section numbering is inconsistent, making it
difficult even
to follow the material. Tables and illustrations are
unclear, and
either baldly repeat surrounding text, or have no relation
to it.
(Tables are often carelessly broken between pages, making
reading of
the charts and also surrrounding text extremely difficult.)
There are
endless mistakes in spelling, grammar, and sentence or
paragraph
structure. Non-standard terms are used, and not defined.
Occasionally small variations in phraseology seem to
imply different
topics that further (and pointless) study reveals to
be identical.
Major heading are sometimes simply printed, and are not
explained or
introduced. Certain topics and phrases are heavily emphasized,
although not defined, and many of these are the most
minor of issues
in terms both of security and of the CISSP exam. Much
of the
technical material is confused, such as an analysis of
the
correspondence between "ISDN and OSI networks," which
is something
like comparing apples and juice extractors. The text
contradicts
itself frequently: a simple list of firewalls on one
page does not
relate to another three pages later. Some technologies
have only one
aspect explained, others are touched on without mentioning
inherent
dangers, others are so confused that closely related
topics end up
being set in opposition to each other. (The malware definitions,
needless to say, are appalling.)
The "Practice" volume
is a set of multiple choice questions supposedly
similar to those you would encounter on the CISSP exam
itself. Only
those on the exam committee would be able to say, for
certain, how
close these questions come to the real thing, but I can
say that, in
terms of information security, a great many of these
questions simply
make no sense. The quality of the second volume seems
to approximate
that of the first.
I
must say that, while the books and the Web site do
carry a
disclaimer that the tomes are not endorsed by (ISC)2,
I am slightly
appalled that (ISC)2 has not objected to the use of this
particular
name. In fact, these books appear on the (ISC)2 resource
list.
Which, itself, carries a disclaimer that such a listing
does not imply
any endorsement. Even so, the simple association gives
the work a
cachet that is wholly undeserved, and probably misleading.
At the risk of repeating myself, if you are studying
for the CISSP:
Do not buy these books.
If you have bought these books, do not read them.
(If
you have passed the CISSP, you can, of course, do whatever
you
wish.)
copyright Robert M. Slade, 2001 BKCISPET.RVW 20011122
|
