Education & Development
IT & Security Boot Camps
Security Awareness Training
Shon Harris's 2nd edition and 3rd edition?
I am starting to study for the CISSP and I have Shon's second edition book. Am I missing much by not having the 3rd edition? Would you consider it important to get the 3rd editon book rather than use the second editon for studying? Thanks.
I have read several people (including in some older topics here) mentioning that if you already have the 2nd edition, you're better off buying another book (ie. official ISC2 guide) than the 3rd edition. That's 'hearsay evidence' though.
Hopefully others here can fill you in on the differences.
The third edition is a little more concise and it's an even easier read than the second edition (which is a pretty easy read too). There will obviously be some advantages to having the third edition, there are a few things in it that are made clearer in comparison to the 2nd edition. But if you already have the 2nd edition, I don't think it's worth it to buy the 3rd edition as far as passing the exam. Instead, go ahead and get the ISC2 official guide and maybe one other book to help. Now this is the most important thing; Identify the domains you have no experience in or the domains you are weak in, then go ahead and start reading other reference material concerning those domains. For example, I read three books on just cryptography, and 2 books on Law and Ethics, then another two books on application security. The Harris book and others are really only designed to give you a good over view of the domains you must have a solid understanding of to pass the exam. If you've been dealing with networks and network/telecom security, then probably the Harris book and the ISC2 official guide will be plenty. However, if you've never dealt with physical security, or law, or cryptopgraphy, then you will definantly need to read outside of these exam prep guides. Good luck, you can do it.
I happen to have both versions and find the 3rd to be more comprehensive and up to date. Plus it comes with the complete version on CD, which is a HUGE plus to me. The 2nd contains some older material that I have heard (though cannot confirm) that is not relevent to the current exam like HIPPA, which by the way, only has a half of a page dedicated to it in the 3rd edition, but has several questions on the exams on the CD, which is a little puzzling.
I didn't use the 2nd at all for study, but used the 3rd extensively and I found it to be an excelent guide. Though I did supplement it with other books, study guides, practice tests and the NIST site.
If I were you, I would want an updated source for sure The idea of using the Official guide in addition to your Harris 2nd, is as good an idea as buying the Harris 3rd. But even then, you will still want supplemental references for any unfamiliar domains.
Good luck and please keep us posted.
Lack of will power has caused more failure than lack of intelligence or ability.