Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Glitch: The Hidden Impact of Faulty Software Review

Posted by Toni Kelley on 3/06/2013 / Labels: , , , , , , / Comments: (0)
Glitch: The Hidden Impact of Faulty Software
Average Reviews:

(More customer reviews)Are you looking to buy Glitch: The Hidden Impact of Faulty Software? Here is the right place to find the great deals. we can offer discounts of up to 90% on Glitch: The Hidden Impact of Faulty Software. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Glitch: The Hidden Impact of Faulty Software ReviewGiven my (and many others') increasing frustration with consequences of buggy software, I was really hoping for this book to be useful at identifying the issues and proposing some solutions. Not only did the book come up short on both of these, but much of the book has nothing to with glitches. Further there were numerous errors in much of the material, and most of the "solutions" proposed amounted to suggesting increased regulation, as if the government can demand bug-free software (when that isn't even defined) or "certified" software engineers, again not showing what kind of certification (or even training) can reduce bugs.
Some examples of wrong, if not downright dangerous, advice:
He points to Bernie Madoff as an example of the need for more government regulation (in general), ignoring the fact that preventing situations like Bernie Madoff was EXACTLY what the SEC was set up to, and even after 75 years was unable to do so.
He also aims to expand government's consumption of technology - "without ... Web 2.0 capabilities on government websites, e-government initiatives will deliver diminishing returns. ... when ... [Web 2.0 capabilities are] unavailable on government sites, citizens will not return." This completely misses several major points - most notably, that government does not have competitors (for true government functions), and that as long as an electronic solution is easier than the alternative, it will succeed. Will anyone really choose to go in to the DMV for a renewal that can be done on the web, just because the website doesn't offer flashy graphics or collaboration features?
In suggesting not to understand, much less upgrade mission-critical systems- "Know when to leave well enough alone. Given fluctuations in staffing and long-term investments in technology, the reality is that you simply won't fully understand certain applications. ... you will not always know exactly what makes them tick ...If it's a business-critical application, ... you may not need to know every line of code ... In this case, the risk of compromising the infrastructure by opening the application far outweighs the need to sate curiosity." One would think that if a system were business-critical, understanding every line would be business-critical. Or else one glitch could bring down the company, because no one will understand enough to repair it in a timely manner. Also, even the most green developer knows that "opening the application" (i.e. reviewing source code) does not entail ANY risk. Ignorance, however, that's risk.
In proposing more attention being paid to cloud applications - "Should faulty software practices make their way into a cloud, they might impact a wider audience than a more traditional on-premises model of software ownership. Therefore we need to be that much more diligent when it comes to developing [cloud applications]" This is particularly disturbing as he earlier pointed out software bugs that killed people in a (not widely used) radiology application. "Diligence" should be a function of potential impact, not where an application is hosted, or even how many users it has.
Even his definition of a software problem is questionable - "When I buy a flat-panel TV and it takes me four hours to make it work with the components, that's a software lifecycle problem. When I wait for three hours for what was supposed to be a one-hour brake pad replacement, that's a software life cycle failure."
Speaking of definitions, he continually talks about "transparency" and "governance" without ever clearly defining those terms.
In summary, while the author may have been CEO of Lotus Development Corp, it sounds like he was never actually a developer or even a tester, and hence appears to be a PHB (pointy haired boss) right out of Dilbert, spouting off dictates with no understanding of the real problems, much less solutions. What a shame.
Glitch: The Hidden Impact of Faulty Software OverviewDon't Let Software Failures Destroy Your BusinessThe growing impact of software failures on brands, customers, and business performance

Want to learn more information about Glitch: The Hidden Impact of Faulty Software?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy) Review

Posted by Toni Kelley on 1/18/2013 / Labels: , , , , , , , , / Comments: (0)
Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy)
Average Reviews:

(More customer reviews)Are you looking to buy Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy)? Here is the right place to find the great deals. we can offer discounts of up to 90% on Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy). Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy) ReviewThe introduction to this book mentions its broken up history, being picked up and abandoned a couple times. It definitely shows in the writing, which is unfocused, choppy, and repetitive. Most of the first half is taken up with repetitive descriptions of the general software testing process. The second half contains a summary of one author's thesis on using evolutionary algorithms for fuzzing and the final author's use of various fuzzing tools to try to find hand-inserted vulnerabilities. While the latter half is better than the first, each topic is worthy of a single blog post. Given this book's price and the authors' reputations, I expected more.
At the same time, I read "Gray Hat Python" and it was enjoyable. Even though it had a much broader focus on other topics, it contained more hands-on info on fuzzing tools. I'm also interested in "Fuzzing: Brute Force Vulnerability Discovery", although I have not read it yet.
Don't waste your time on this book. Download the Sulley manual, read the slides from a few Blackhat talks, and you'll be at the state of the art for current fuzzing knowledge.Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy) Overview"Fuzzing for Software Security Testing and Quality Assurance" gives software developers a powerful new tool to build secure, high-quality software, and takes a weapon from the malicious hackers' arsenal. This practical resource helps developers think like a software cracker, so they can find and patch flaws in software before harmful viruses, worms, and Trojans can use these vulnerabilities to rampage systems. Traditional software programmers and testers learn how to make fuzzing a standard practice that integrates seamlessly with all development activities. The book progresses through each phase of software development and points out where testing and auditing can tighten security. It surveys all popular commercial fuzzing tools and explains how to select the right one for a software development project. The book also covers those cases where commercial tools fall short and developers need to build their own custom fuzzing tools.

Want to learn more information about Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy)?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

The CISSP Prep Guide: Gold Edition Review

Posted by Toni Kelley on 10/07/2012 / Labels: , / Comments: (0)
The CISSP Prep Guide: Gold Edition
Average Reviews:

(More customer reviews)Are you looking to buy The CISSP Prep Guide: Gold Edition? Here is the right place to find the great deals. we can offer discounts of up to 90% on The CISSP Prep Guide: Gold Edition. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

The CISSP Prep Guide: Gold Edition ReviewI Passed CISSP Test by Using This Book and Boson Practice Test 3.
I had spent 4 weeks studying them while working full time.
I had not attended any CISSP training course.
I had not even looked at the ISC2 study guide.
The "Advanced Sample Questions" at the end of each chapter are very useful too.
Some questions are not covered in the textbook, but they are explained in detail in the "Answers to Advanced Sample Questions". This is one way to extend one's insight into new areanas quickly and systematically. If one does not study these questions and answers, one will end up having to go somewhere else to find something else to cover the same topics in longer time and from MULTIPLE sources, withOUT knowing the questions and answers.
Boson CISSP Practice Test 3 will also extend one's knowledge further by referring to related WEB sites. Be aware that Boson CISSP Practice Test 1 is based on Information Security Management Handbook, Fourth Edition by Harold F. Tipton, Micki Krause. Boson CISSP Practice Tests 2 and 3 are not based on any particular prep/text books.
Wish that the above review would help and encourage you somewhat.The CISSP Prep Guide: Gold Edition Overview
The Gold Edition has been updated to include CISSP bonus questions never before published and advanced question and answer tutorial.
The CD-ROM contains 660 questions of which 360 have never before been available electronically.
All questions have been designed with Boson, the premier interactive test engine for technical books in the industry.
Authors are experts in the security certification field and have particular expertise in the CISSP Exam.


Want to learn more information about The CISSP Prep Guide: Gold Edition?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

Software Fault Injection with CDROM Review

Posted by Toni Kelley on 8/31/2012 / Labels: , , , , , , , , / Comments: (0)
Software Fault Injection with CDROM
Average Reviews:

(More customer reviews)Are you looking to buy Software Fault Injection with CDROM? Here is the right place to find the great deals. we can offer discounts of up to 90% on Software Fault Injection with CDROM. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Software Fault Injection with CDROM ReviewVoas and McGraw make the case that, to produce reliable software, validation (usually applied as dynamic - or run-time -- testing), is more effective than process. That alone is nothing new -- many software development organizations invest much more in testing than in process improvement. But Software Fault Injection goes further: instead of more and more testing which always seems to miss the failures that the end user seems to find so easily, create those failures. Even (temporarily) create the defects that will cause those failures to happen. Sound strange? It is, but no stranger than what this book explains how to do -- as in the subtitle -- Inoculating Programs Against Errors. The idea is to produce modified, selectively defective copies of the software under test and see how the rest of the system handles the failures that now happen "in the lab" rather than in the field. It works with medical research and produces vaccines. If you're tired of the cycle of code, test, launch, surprise crash in the field, consider whether software failure injection might help.
--
Full disclosure: I only had time to read the first 10% of the book before I had to move on to other topics. But if and when I come back to software reliability improvement, this is a book I'll pick up again.Software Fault Injection with CDROM OverviewThe benefits and challenges associated with fault injection methods are described in this book. The authors seek to explain injection methodology by extensive use of applications data and real-world case studies. The book covers: how to predict where faults are most likely to hide; how failures in the software environment should impact software performance; how to use normal beta testing to uncover potential security problems; what fault injection reveals about maintenance and reuse; and how to introduce fault injection methods into your organization.

Want to learn more information about Software Fault Injection with CDROM?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

Security Engineering: A Guide to Building Dependable Distributed Systems Review

Posted by Toni Kelley on 5/06/2012 / Labels: , , , , , , , / Comments: (0)
Security Engineering: A Guide to Building Dependable Distributed Systems
Average Reviews:

(More customer reviews)Are you looking to buy Security Engineering: A Guide to Building Dependable Distributed Systems? Here is the right place to find the great deals. we can offer discounts of up to 90% on Security Engineering: A Guide to Building Dependable Distributed Systems. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Security Engineering: A Guide to Building Dependable Distributed Systems ReviewFor the typical busy security professional, reading a 900-page tome cover to cover represents an investment of time that may be difficult to justify. Frankly, security books that are worth the effort are few and far between. Security Engineering is one such book, for several reasons.
First, Ross Anderson's vast knowledge, experience and insight on the subject are well known, and his reputation as one of the top security experts in the world is well deserved. No doubt a reflection of this, his book covers a very broad range of security topics, the discussions ranging from high-level policy issues, all the way down to details of smartcard hacking and the mathematics of cryptography. The topics are well researched and described at a level of detail useful to the non-specialist. Concise summaries and occasional nuggets of insight indicate an in-depth understanding of the subject matter. The book is well written, easy to follow, and devoid of the vagueness and platitudes so typical of much of the security literature.
Second, the book exposes the sheer difficulty of engineering secure systems in the face of the many forces at play in a typical product development lifecycle. Through many case studies of success and failure, the author illustrates the numerous pitfalls that may befall even a well-intentioned design. Lessons learned from deploying products in the real world include the negative impact of perverse economic incentives, the importance of designing security features for maximum usability, and the need to look at a security problem from many different angles in a holistic manner. The book is a treasure trove of wisdom for the aspiring security engineer.
Lastly, the book brings together insight from many diverse areas of research. Disciplines ranging from economics, psychology, sociology, criminology, banking and bookkeeping, safety research, electronic warfare, to politics are all mined for ideas and results that could yield a better understanding of - and novel approaches to - difficult security problems. It is perhaps in this aspect that the book will prove to be most influential. Since the first edition was published in 2001, security economics, security usability, and security psychology have emerged as fertile areas of research.
Security Engineering: A Guide to Building Dependable Distributed Systems OverviewThe world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here?s straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.

Want to learn more information about Security Engineering: A Guide to Building Dependable Distributed Systems?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

CISSP Certification All-in-One Exam Guide, Fourth Edition (Cissp All-In-One Exam Guide) Review

Posted by Toni Kelley on 5/05/2012 / Labels: , , , , , , , , , / Comments: (0)
CISSP Certification All-in-One Exam Guide, Fourth Edition (Cissp All-In-One Exam Guide)
Average Reviews:

(More customer reviews)Are you looking to buy CISSP Certification All-in-One Exam Guide, Fourth Edition (Cissp All-In-One Exam Guide)? Here is the right place to find the great deals. we can offer discounts of up to 90% on CISSP Certification All-in-One Exam Guide, Fourth Edition (Cissp All-In-One Exam Guide). Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

CISSP Certification All-in-One Exam Guide, Fourth Edition (Cissp All-In-One Exam Guide) ReviewNot sure why this book is so highly rated. Having taken (and passed) the CISSP several years ago, I need to retake this exam and bought three books for review and study purposes. I have a previous version of the Harris book and it is ~900 pages. This new version is 1100+ pages, but seems to be filled more with fluff and some of the actually useful knowledge has been removed! One example which stands out is the removal of the effectiveness and acceptance charts for biometrics methods. This is an important concept and it is entirely ignored in this version. Other things have been changed to no real benefit. The CIA triad (as is the de-facto acronym, even in her previous book) has been renamed to the ICA triad. There is no reason for this.
Finally, the entire book is written in a dumbed-down, cutesy fashion in an attempt (I believe) to make the book more approachable. All it has done, IMO, has increased the number of pages, possibly forcing out relevant materials.
I will pass this test, but it won't be because of this book. Buy the ISC book and the Krutz book (and/or a previous version of the Harris book) - you will not be disappointed.
UPDATE: ok, took the test in Sept and passed. I won't turn this into a test review as this is about the book, but when you buy a certification book, your primary requirement is that the book will be timely and relevant to the test material. The 4th Edition Harris book does just that. ISC has made significant changes to both the content and nature of the test (in large part to keep its test current on security trends and to satisfy a larger target audience) and Shon has captured those changes very well. So, having said all that, it is my revised opinion that this book is more than adequate for passing the test (although it is still filled with fluff.) If I could change the review, I would probably give it 4 stars at this point. The ISC book and the Krutz book are both excellent references to actually apply the knowledge in a meaningful way, however if you just want to pass the test, the Harris book will serve you well.CISSP Certification All-in-One Exam Guide, Fourth Edition (Cissp All-In-One Exam Guide) Overview
All-in-One is All You Need

Fully revised for the latest exam release, this authoritative volume offers thorough coverage of all the material on the Certified Information Systems Security Professional (CISSP) exam. Written by a renowned security expert and CISSP, this guide features complete details on all 10 exam domains developed by the International Information Systems Security Certification Consortium (ISC²). Inside, you'll find learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations. CISSP All-in-One Exam Guide, Fourth Edition will not only help you pass the test, but also be your essential on-the-job reference.

Covers all 10 subject areas on the exam:

Access control
Application security
Business continuity and disaster recovery planning
Cryptography
Information security and risk management
Legal, regulations, compliance, and investigations
Operations security
Physical (environmental) security
Security architecture and design
Telecommunications and network security

The CD-ROM features:

Simulated exam with practice questions and answers
Video training from the author
Complete electronic book


Want to learn more information about CISSP Certification All-in-One Exam Guide, Fourth Edition (Cissp All-In-One Exam Guide)?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

Security for Web Services and Service-Oriented Architectures Review

Posted by Toni Kelley on 4/24/2012 / Labels: , , , / Comments: (0)
Security for Web Services and Service-Oriented Architectures
Average Reviews:

(More customer reviews)Are you looking to buy Security for Web Services and Service-Oriented Architectures? Here is the right place to find the great deals. we can offer discounts of up to 90% on Security for Web Services and Service-Oriented Architectures. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Security for Web Services and Service-Oriented Architectures ReviewThe review is based only on the first three chapters that I have managed to read so far.
1. The premise of the book is pretty valuable. There is need for updated literature that takes web services security out of the standards world and makes it more approachable. On that count, I laud the initiative.
2. The book, however, suffers from several significant issues:
a. The proof-reading, for a book that purports to be a reference on the topic, is abysmal. Consider this snippet on page 35 related to threat modeling: "even though the security functions provided by the middleware are becoming more and more reach and complete,...". Any technical editor should have picked up the multiple mistakes in this sentence. Unfortunately, such mistakes abound in the book.
b. In trying to emphasize theory, the book often comes across as dry and irrelevant. For example, table 3.2 related to STRIDE Categories and the surrounding explanation on page 32, while being factually complete, seem like they belong to a Microsoft Press book. At the level the book aims for, what's important is not an explanation of STRIDE (why wouldn't I read Howard's or Swiderski's books for that?) but how that relates to Web services. Explaining the STRIDE concepts as related to a fictional Web Service might have been much more useful.
c.Some of the technical terms used in the book are downright incorrect. For example, on page 35, in the same paragraph as #2(a), the authors talk of "RBAC-based authorization mechanisms". RBAC itself stands for Role Based Access Control. What does it mean for an authorization mechanism to be RBAC-based?
d. If this book is to be useful at all, the figures need to be seriously improved. They are miniature, complex and hardly span a quarter of a page. In short, they are barely decipherable and there's a lot of text referring to such figures that becomes disconnected.
With all this said, I still give the book 3 stars because there is at least some method to the approach and it's much better than reading a bunch of W3C or OASIS standards. Not to mention the fact that chapter 3 refers to CAPEC that I had, in part, contributed attack patterns to :-)
I would definitely wish for the editors at Springer to take a serious look at the language and technical terminology and make figures more understandable. The book has a lot of promise and it would be a shame if such matters were to obscure that.Security for Web Services and Service-Oriented Architectures OverviewWeb services based on the eXtensible Markup Language (XML), the Simple Object Access Protocol (SOAP), and related standards, and deployed in Service-Oriented Architectures (SOA), are the key to Web-based interoperability for applications within and across organizations. It is crucial that the security of services and their interactions with users is ensured if Web services technology is to live up to its promise. However, the very features that make it attractive - such as greater and ubiquitous access to data and other resources, dynamic application configuration and reconfiguration through workflows, and relative autonomy - conflict with conventional security models and mechanisms.Elisa Bertino and her coauthors provide a comprehensive guide to security for Web services and SOA. They cover in detail all recent standards that address Web service security, including XML Encryption, XML Signature, WS-Security, and WS-SecureConversation, as well as recent research on access control for simple and conversation-based Web services, advanced digital identity management techniques, and access control for Web-based workflows. They explain how these implement means for identification, authentication, and authorization with respect to security aspects such as integrity, confidentiality, and availability.This book will serve practitioners as a comprehensive critical reference on Web service standards, with illustrative examples and analyses of critical issues; researchers will use it as a state-of-the-art overview of ongoing research and innovative new directions; and graduate students will use it as a textbook on advanced topics in computer and system security.

Want to learn more information about Security for Web Services and Service-Oriented Architectures?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

Elementary Cryptanalysis 2nd edition (Anneli Lax New Mathematical Library) Review

Posted by Toni Kelley on 3/30/2012 / Labels: , , , , , , , , , / Comments: (0)
Elementary Cryptanalysis 2nd edition (Anneli Lax New Mathematical Library)
Average Reviews:

(More customer reviews)Are you looking to buy Elementary Cryptanalysis 2nd edition (Anneli Lax New Mathematical Library)? Here is the right place to find the great deals. we can offer discounts of up to 90% on Elementary Cryptanalysis 2nd edition (Anneli Lax New Mathematical Library). Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Elementary Cryptanalysis 2nd edition (Anneli Lax New Mathematical Library) ReviewThis book would be an excellent text for courses in cryptology where some of the students are in computer science. The mathematics behind the encryption/decryption is completely explained at a level where people with a weaker mathematical background can understand it. Basic number theory concepts such as congruences, simple linear algebra and frequency statistics are all the mathematics that is needed. The coverage is introductory, yet the reader is given a sufficiently deep exposure so that they can appreciate the significance and value of encryption in the modern world. The worked examples also impart the sense of intellectual challenge and stimulation that working in encryption can give.
The areas examined are:
*) Monoalphabetic ciphers using additive alphabets
*) General monoalphabetic substitution
*) Polyalphabetic substitution
*) Polygraphic systems
*) Transposition
*) RSA encryption
*) Perfect security - one-time pads
Many exercises with solutions are also included, which would allow a reader to use the book for self study as well.
Of all the areas of mathematics that I have taught, I had the most fun teaching a course in encryption and compression. Furthermore, given the feedback that I received from the students, they enjoyed it as well. This is one of the very best books on the basic tactics of encryption that has ever been published; I would not hesitate to use it as a text.
Published in Journal of Recreational Mathematics, reprinted with permission.Elementary Cryptanalysis 2nd edition (Anneli Lax New Mathematical Library) OverviewOriginally published in the New Mathematical Library almost half a century ago, this charming book explains how to solve cryptograms based on elementary mathematical principles, starting with the Caesar cipher and building up to progressively more sophisticated substitution methods. Todd Feil has updated the book for the technological age by adding two new chapters covering RSA public-key cryptography, one-time pads, and pseudo-random-number generators.Exercises are given throughout the text that will help the reader understand the concepts and practice the techniques presented. Software to ease the drudgery of making the necessary calculations is made available. The book assumes minimal mathematical prerequisites and therefore explains from scratch such concepts as summation notation, matrix multiplication, and modular arithmetic. Even the mathematically sophisticated reader, however, will find some of the exercises challenging. (Answers to the exercises appear in an appendix.)

Want to learn more information about Elementary Cryptanalysis 2nd edition (Anneli Lax New Mathematical Library)?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

The CISSP and CAP Prep Guide: Platinum Edition Review

Posted by Toni Kelley on 3/24/2012 / Labels: , , , , , , , , , / Comments: (0)
The CISSP and CAP Prep Guide: Platinum Edition
Average Reviews:

(More customer reviews)Are you looking to buy The CISSP and CAP Prep Guide: Platinum Edition? Here is the right place to find the great deals. we can offer discounts of up to 90% on The CISSP and CAP Prep Guide: Platinum Edition. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

The CISSP and CAP Prep Guide: Platinum Edition ReviewI have just passed my CISSP exam, taken on Aug 2008. This guide was my sole reference book that I used and I also DID NOT attend the review seminar for CISSP. Having said that, I would not recommend it as your only source of CISSP reading material as it slightly outdated by now, as compared to some of the questions that I have encountered on the exam.
The quizzes listed on the book are also way too easy and nowhere near the trickery shown on the actual exam questions. For giggles and laughter, I actually visited the bookshop to review the 'Official ISC2 Guide to CISSP CBK' a couple days after taking the exam, and found out that the quiz questions listed in the book are worded similarly to the exam. I did not read through the chapters for that guide, so I could not make a sound comparison between the 2 books.
However, I could safely say that you should not just rely on one book and read the usual suspects of 'The All-In-One..', 'The Official Guide to CISSP CBK' and this book in your CISSP exam preparations.
Good luck!The CISSP and CAP Prep Guide: Platinum Edition OverviewThis follow-on edition to The CISSP Prep Guide: Mastering CISSP and ISSEP offers value-add coverage not featured anywhere else! You'll prepare for passing CISSP with a revised review of each of the ten CISSP domains, updated to reflect current thinking/technology, especially in the areas of cyber-terrorism prevention and disaster recovery. You'll also cover CAP, a major section of the ISSEP that has been elevated from its status as part of an advanced concentration to its own certification. The accompanying CD-ROM contains revised test questions to make your preparation complete. Order your copy today and make your exam preparation complete!

Want to learn more information about The CISSP and CAP Prep Guide: Platinum Edition?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

CISSP All-in-One Exam Guide, Fifth Edition Review

Posted by Toni Kelley on 12/27/2011 / Labels: , , , , , , , , , / Comments: (0)
CISSP All-in-One Exam Guide, Fifth Edition
Average Reviews:

(More customer reviews)Are you looking to buy CISSP All-in-One Exam Guide, Fifth Edition? Here is the right place to find the great deals. we can offer discounts of up to 90% on CISSP All-in-One Exam Guide, Fifth Edition. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

CISSP All-in-One Exam Guide, Fifth Edition ReviewThere is no simple formula to prepare for the CISSP certification, and no single resource which can guarantee success on the certification exam since every applicant's background is unique. However, this book (fifth edition) was my only resource in preparing for the exam and I passed on my first attempt (April 24, 2010).
I spent 60+ hours in preparation for the exam... that's 60+ hours of DEDICATED individual study using this book and CD, not 60+ hours spent web surfing during lunch hours or commercial breaks. My recent background is in middle management, with 20 years experience in network architecture and data security, so I already had a firm technical foundation for the test areas dealing with protocols and encryption variations. I also have an MS in Computer Science. Nonetheless, the exam was so broad, with topics covering general principles and concepts, that I could have prepared twice as long and still left the exam with questions about the outcome.
My personal opinion is that formal classroom instruction, through one of the many organizations offering CISSP preparation courses, is a worthwhile companion to Shon Harris' book. A study group is also a good idea. You will not obtain CISSP certification if you take the exam without preparation. This book (fifth edition) was sufficient, but not 100% comprehensive, to prepare me for passing the CISSP test.
Note: Some reviewers do not appreciate Shon's frequent analogies and humor. Most of her analogies helped me internalize the complex topics, but that's my personal learning style. The efforts at humor were generally awful, but every once in a while she was subtle and brilliant enough to make me laugh out loud. Working through Shon's unique writing style was not a problem for me... I actually found it refreshing.CISSP All-in-One Exam Guide, Fifth Edition OverviewGet complete coverage of the latest release of the Certified Information Systems Security Professional (CISSP) exam inside this comprehensive, fully updated resource. Written by the leading expert in IT security certification and training, this authoritative guide covers all 10 CISSP exam domains developed by the International Information Systems Security Certification Consortium (ISC2). You'll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the CISSP exam with ease, this definitive volume also serves as an essential on-the-job reference.
COVERS ALL 10 CISSP DOMAINS:
Information security and risk management
Access control
Security architecture and design
Physical and environmental security
Telecommunications and network security
Cryptography
Business continuity and disaster recovery planning
Legal regulations, compliance, and investigations
Application security
Operations security

THE CD-ROM FEATURES:
Hundreds of practice exam questions
Video training excerpt from the author
E-book

Shon Harris, CISSP, is a security consultant, a former member of the Information Warfare unit in the Air Force, and a contributing writer to Information Security Magazine and Windows 2000 Magazine. She is the author of the previous editions of this book.

Want to learn more information about CISSP All-in-One Exam Guide, Fifth Edition?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...