lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060222194110.C60845@ubzr.zsa.bet>
Date: Thu Feb 23 01:58:36 2006
From: measl at mfn.org (J.A. Terranson)
Subject: ISC2 vs Rob Slade



I've been reading Slade for a LOoooongggg  time now, and I've come to
appreciate his reviews. Generally, they are spot on, concise, and to the
point.

Take this one for example. ;-)

-- 
Yours,

J.A. Terranson
sysadmin@....org
0xBD4A95BF


------------------------------

Date: Fri, 30 Jul 2004 07:54:11 -0800
From: Rob Slade <rsl...@...int.ca>
Subject: REVIEW: "Official [ISC]^2 Guide to the CISSP Exam", Hansche et
al.

BKOIGTCE.RVW   20040618

"Official (ISC)^2 Guide to the CISSP Exam", Susan Hansche/John
Berti/Chris Hare, 2004, 0-8493-1707-X, U$69.95/C$101.50
%A   Susan Hansche susan.hans...@....com
%A   John Berti jbe...@...oitte.ca
%A   Chris Hare c...@...is-hare.com, c...@...telnetworks.com
%C   920 Mercer Street, Windsor, ON   N9A 7C2
%D   2004
%G   0-8493-1707-X
%I   Auerbach Publications
%O   U$69.95/C$101.50 800-950-1216 ord...@...press.com
%O  http://www.amazon.com/exec/obidos/ASIN/084931707X/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/084931707X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/084931707X/robsladesin03-20
%P   910 p. + CD-ROM
%T   "Official (ISC)^2 Guide to the CISSP Exam"

Once again I have to state a bias in regard to this book.  I've known
about this book since its inception, I've known and advised the authors, I
provided bits of the material, and even contributed one appendix.  (The
annotated bibliography and references--surprise, surprise.)

I was asked to review the chapters while the book was in production.  The
reason was, of course, that I had reviewed all the other CISSP (Certified
Information Systems Security Professional) guides.  Specifically, the
intent was to ensure that this manual, prepared and supported by (ISC)^2
(International Information Systems Security Certification Consortium) was
"head and shoulders" above all the other published works.  This volume is
not perfect, by any means, but it is the best of the current bunch.

Taking material from one source is copying, taking material from two
sources is plagiarism, and taking material from many sources is research.
This volume has not only research but direct input from a great many
sources. Some are mentioned in the acknowledgements, a number of others
are to be found on the title page, since sections of major articles from
the venerable "Information Security Management Handbook" (cf.
BKINSCMH.RVW) were included or used as the basis for parts of the guide.
Even this doesn't exhaust the contributions, since much of the work is
informed by the material in the (ISC)^2 CBK (Common Body of Knowledge)
Review Seminar, and over a hundred individuals have had the chance to
augment that content.  The result is a breadth and currency of information
that exceeds any other guide on the market.

Sample questions and exams are eagerly sought by candidates for the CISSP
exam.  This guide has a significant advantage in this regard: not only do
a number of the contributors produce questions for the exam itself
(therefore being more than passingly familiar with the style and level of
difficulty required), but the CISSP exam committee was also approached for
advice and input.  No source is able to provide "actual" CISSP exam
questions, but the examples provided in this volume are very close in
form, mix, degree of difficulty, and concept.

The book is not without its faults.  The sheer volume of the contributors
ensured that topics were covered multiple times, and not all duplicated
areas have been amalgamated.  In addition, the variety of writing styles
can make the text disjointed in places, as it moves from section to
section and subject to subject.  These factors can make the work difficult
and demanding to read and follow.

The CISSP exam, as the security field itself, is a changing target, and no
book can expect to provide the "best" coverage of the topic indefinitely.
As well, security is an immense discipline, and touches on an inordinate
number of other areas.  This work, however, has come closest to spanning
the range of subject matter necessary to challenge the CISSP exam, and is
currently the best of the guides.

copyright Robert M. Slade, 2004   BKOIGTCE.RVW   20040618
rsl...@....bc.ca      s...@...toria.tc.ca      rsl...@....soci.niu.edu
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ