Best Resource for Risk management and BCP

I have Shon's AIO, Sybex's 7th edition, Conrad's Third Edition Study guide, and the ISC2 official guide and would like to know which offers the best information in order to master the Risk Management and BCP portions of the test?

Feel free to rank them, or provide me the one or two that if read thoroughly would best prepare someone for the Risk MGT and BCP portions on the test. If there is another source that is also great, by all means please share:)

-Harry

Find more posts tagged with

Comments

leppikallio

Hi,

've been lurking around for a moment every now and then and "tested" my recipe today in the exam (successfully I might add).

A simple answer would be "all of them" and next best answer perhaps being any of them. Personally I would probably rank AIO to be best, Sybex's being very close. Conrad's being just a little less "deep" which of course is intentional. Perhaps the point I'm trying to make they all cover, very well, these topics but depth varies. I think the important difference is which of these you find easiest to read? These books have very different style and persons behind them shows of course through. Ultimately they seems to use pretty much same sources (if I recall right). Some good pointers worth of reading could be

http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf
https://www.sans.org/reading-room/whitepapers/recovery/introduction-business-continuity-planning-559

NIST documents have references to other relevant NIST documents. The Reading Room paper has some good info itself and again pointers to the "original" information.

If I were forced to pick just one source I would pick AIO.

Sirkassad

leppikallio wrote: »

Hi,

've been lurking around for a moment every now and then and "tested" my recipe today in the exam (successfully I might add).

A simple answer would be "all of them" and next best answer perhaps being any of them. Personally I would probably rank AIO to be best, Sybex's being very close. Conrad's being just a little less "deep" which of course is intentional. Perhaps the point I'm trying to make they all cover, very well, these topics but depth varies. I think the important difference is which of these you find easiest to read? These books have very different style and persons behind them shows of course through. Ultimately they seems to use pretty much same sources (if I recall right). Some good pointers worth of reading could be

http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf
https://www.sans.org/reading-room/whitepapers/recovery/introduction-business-continuity-planning-559

NIST documents have references to other relevant NIST documents. The Reading Room paper has some good info itself and again pointers to the "original" information.

If I were forced to pick just one source I would pick AIO.

I had a feeling you would say Shon's. Of course I suspect that if the test were open book and someone had the 7th edition Shon's AIO they would do very well. However, sometimes a book can provide so much information that it can be difficult to parse out what is 'testable' from what isn't. I do enjoy reading the Shon's book, but there is no way I can commit to memory the 236 pages that comprise Domain 1 in the AIO guide. I mean, wow.. 236 pages for one domain. That is above and beyond what someone needs to know for that 16% of the test, but I bought the book not only to help study for the test, but to use as an excellent reference going forward, so no regrets with the purchase.
So far my main source has been Sybex; I absolutely cannot stand the ISC2 Study guide so hopefully that won't come back to bit me.

leppikallio

Sirkassad wrote: »

I absolutely cannot stand the ISC2 Study guide so hopefully that won't come back to bit me.

I do understand that feeling. That was one of the most painful book I have ever read so far. However there were some topics covered perhaps better than rest of the 'gang'. Worst thing is that there has been far too many cooks around the soup this time. Style changes far too often making this one very tough book. But again valuable source.

I had (/ still have) little bit different perspective perhaps. The exam itself of course were an important thing on the road but not the eventual target in itself. I really wanted to get the information and amazingly enough already found myself reading more already today. Next 'goal' on the distant horizon but more importantly I know the areas I have to (and want to) study more. . . Sure makes it easier to read little less prosaic sources as well