« Good Quote to Ponder | Main | Oppose Merit-Based Pay for Teachers »

Review: CISSP in 21 Days

Cissp_80.jpgFollowing is my review of the recent release CISSP in 21 Days. A sample chapter can be retrieved from here.

Summary:
CISSP in 21 Days by M. L. Srinivasan is a CISSP exam prep book. By its own admission, it is not a comprehensive, end-all-be-all book for preparing for the CISSP. What it does claim is the ability to take you through a well-reasoned progression over the course of 21 days to hit on the key concepts and topics of the CISSP, with the last day focused on taking a 250-question sample test. Overall, I think the book accomplishes its goal and could be a useful study guide.

There is no shortage of CISSP prep books today. Shon Harris alone accounts for a lion's share of the market, and one should also not overlook the Tipton and Krause anthology Information Security Management Handbook. In the face of these books, one might wonder why Srinivasan would even bother with an attempt. However, if there's one thing that is clear from most CISSP prep books, it's that they've taken the "quantity over quality" approach, oftentimes burying the reader in hundreds of pages of oftentimes duplicated and sometimes error-ridden work.

In this instance, the book covers all major topics in 225 pages, broken up into 20 days of study, where each of the 10 CBK topics is covered at 2 days each. The layout is clean, lightweight, and concise, hitting the important points. One should not feel overwhelmed by the amount of materials presented, though one might also be left wondering if this is really all there is (it isn't - there's more). However, the book never claims to be a complete, comprehensive training guide - merely a guide for reviewing topics. Specially, the book points out that it "assumes that the candidate already has sufficient knowledge in all 10 domains of the CISSP CBK..."

Strengths:
   * Concise: The book is very brief and to the point. It does not waste ink or pages on unnecessary explanations.
   * Logical: A reasonably logical approach is taken to the topics, starting with security and risk management and expanding from there.
   * Straightforward: The explanations provided are very straightforward and clear.
   * Clean Layout: The book is laid out in a manner that is easily read and followed. Ample room is left in the margins for notes.

Weaknesses:
   * Thin: This is not a comprehensive prep guide, but rather a review guide. The book is not aimed at beginners.
   * Few References: In the "Introduction" the book mentions that there will be a reference section at the end. It turns out this Reference section has 9 entries, including Wikipedia. Not complete or particularly useful. One of the links is for the ISO organization, but it incorrectly uses a TLD of .ch instead of .org.
   * Rigid Language: The language is fairly rigid in its construct. This is fine, but it can be off-putting for some readers.
   * Some Grammar Issues: The author is an Indian National, and thus there are the occasional grammar flubs. The errors are not terribly serious, but they may be distracting or off-putting to some readers, particularly speakers of American English.
   * Slightly Pricey: The eBook (PDF) lists for $22.39 and the print+eBook lists for $40.79. Given that this is just a review guide and not a comprehensive prep guide, I feel that anything over $20 is asking too much.

Recommendation:
So, the magic question: Would I recommend this book? My answer is a qualified "yes", though perhaps not at the current listed price point. This book could be useful for an experienced IT professional who already understands security, but has never looked at taking the CISSP before. From this standpoint, it would be very useful to quickly bone-up on what the requirements and expectations are.

That being said, this book will only be once piece in the overall puzzle, and it's lack of useful references means that the aspiring student will still need to go research other references.

This book is definitely not for the inexperienced IT professional. If you cannot speak knowledgeably to risk and security management, network security, system security, or physical security, then you will not find this book to be very useful. On the other hand, if you know these topics inside-out, then you may think this book isn't terribly useful.

If you're not familiar with the CISSP, but have the skills, this book can provide a useful starting point. If you don't have the skills, then don't start here.

TrackBack

TrackBack URL for this entry:
http://www.secureconsulting.net/MT/mt-tb.cgi/854

Comments (2)

KG:

Hi Ben,

I read your review on this new book & found them elaborate & constructive. Thanks.

However, while going through your post, I came across the following statement made by you:

* Some Grammar Issues: The author is an Indian National, and thus there are the occasional grammar flubs.

Could you clarify how being an 'Indian' or any specific nationality, for that matter, is directly related to making 'occasional grammar flubs'?

Anyone, independent of its nationality or originality, can make an error / errors & this must not be construed as a general fact by any educated, humble professional.

Any reason why your comment should not be considered racist?

Best Regards,
Karn Ganeshen

Ben:

Hi KG,

You're right, this could sound racist. "Flubs" is probably too harsh a word. I've found experientially that non-native speakers of English - particularly the American perversion of English - occasionally phrase ideas in ways that aren't generally proper or understood. In other cases, certain participles get dropped (-ed or -ing) as well as definite articles (like "the"). While this does not confuse the reader, per se, it isn't full proper English grammar, and amounts to something I would expect a decent editor to catch.

In this case, the comment about the author being an Indian National was meant to imply that they were not necessarily a native English speaker, and nothing more. I would have made a similar statement if the author had been French, Czech, Russian, or Chinese. If the author had been British or American, my comments would have been focused more on the failure of the editor(s) to correct these deficiencies.

Apologies if you, or anyone else, was offended by the wording in the review.

-ben

Post a comment

About

This page contains a single entry from the blog posted on March 9, 2009 8:44 PM.

The previous post in this blog was Good Quote to Ponder.

The next post in this blog is Oppose Merit-Based Pay for Teachers.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.