Best companion book to study

mog27mog27 Member Posts: 302
Whats the better secondary resource to prepare for the CISSP (with Shon Harris' All in One being the primary book): Is it the CISSP for Dummies or the ExamCram 2? The Examcram 2 was published in 2005 so I'm worried it may be a little outdated. Thoughts?
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Ben Franklin

"The internet is a great way to get on the net." --Bob Dole

Comments

  • dynamikdynamik Banned Posts: 12,314 ■■■■■■■■□□
    I wouldn't spend my time with either of those. Dummies might be a nice quick overview, but there's no way it's going to fill in any gaps from the AIO.

    You should definitely pick up the official guide: http://www.amazon.com/Official-ISC-Guide-CISSP-Press/dp/0849382319/ref=pd_bbs_sr_2?ie=UTF8&s=books&qid=1215114620&sr=1-2

    And I see this one highly recommended as well: http://www.amazon.com/Information-Security-Management-Handbook-Sixth/dp/0849374952/ref=wl_it_dp?ie=UTF8&coliid=I1N3F05FGL5MCY&colid=BQRJ4R1QKAS2
  • RTmarcRTmarc Member Posts: 1,082 ■■■□□□□□□□
    I'm going to be completely honest, the only thing I used in preparation for the CISSP exam was the AIO 4th Edition, the MP3s and DVDs for the book, and the Free Practice Exam site.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,953 Admin
    For the CISSP exam, I'm pretty much sticking with the AIO 3rd ed, (ISC)2 CISSP Gold Book, selected readings from the InfoSec manual 6th ed., and freepracticetests.org. The study material you use will also depend on how much InfoSec knowledge and experience you already have. If not a lot, there's several relevant NIST Special Publications (SP 800-12, SP 800-14, SP 800-30, SP 800-34, etc.) and ISO 27001 you should read through as well.

    Correction: It's ISO 27002--not 27001--that's significant to the CISSP exam.
  • LarryDaManLarryDaMan Member Posts: 797
    JD, have you set a target date for the CISSP?

    I enjoyed reading about your SSCP experience, but I was suprised to learn that there are only around 500 SSCPs in the U.S in comparison to 38,000 CISSPs. Do you think that gap will shrink as the SSCP becomes better known?

    Although I am 3 months from taking the CISSP ( CISSP on 10/19..I sit for Security+ on Monday 7/7), I am developing an unhealthy obesession with everything CISSP. I think I have more study materials than I will ever have time to read/watch.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,953 Admin
    LarryDaMan wrote:
    JD, have you set a target date for the CISSP?
    I haven't signed up yet, but I'm looking seriously at November at a testing center very near to me. You have to pay when you sign up for the exam, and I need to scrape up a little more loose cash first.
    LarryDaMan wrote:
    I enjoyed reading about your SSCP experience, but I was suprised to learn that there are only around 500 SSCPs in the U.S in comparison to 38,000 CISSPs. Do you think that gap will shrink as the SSCP becomes better known?
    I think that 500-some-odd number is a couple of years old. I'd really like to see the offical count for the end of 2007. And I know the SSCP is already getting more attention from organizations looking for a respected, mid-level security cert for their employees.
    LarryDaMan wrote:
    Although I am 3 months from taking the CISSP ( CISSP on 10/19..I sit for Security+ on Monday 7/7), I am developing an unhealthy obesession with everything CISSP. I think I have more study materials than I will ever have time to read/watch.
    That's what you have to do. This weekend I'm reading through ISO IEC 17799 at the library. Afterwards, it's back to the AIO and then on to the CISSP Gold book. In September, I'll start hitting the online practice exams to see where I am in my knowledge. In October, I'll start getting up an hour early to read more from other materials. For some of us, it takes a monk-like obsession to prep for big exams (and prep for giving big presentations, and to write big papers, etc.).
  • LarryDaManLarryDaMan Member Posts: 797
    I saw this credential headcount link from ISC2, its says it is accurate as of June 2008, but it may be old...

    https://www.isc2.org/cgi-bin/content.cgi?page=11399
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,953 Admin
    LarryDaMan wrote:
    I saw this credential headcount link from ISC2, its says it is accurate as of June 2008, but it may be old...

    https://www.isc2.org/cgi-bin/content.cgi?page=11399
    Assuming the numbers are accurate as of June 2008, there are roughly only 750 SSCP holders. I assume that includes SSCP Associates of the (ISC)2 too. It'll be interesting to see if that number doubles over the next year.
  • RTmarcRTmarc Member Posts: 1,082 ■■■□□□□□□□
    JDMurray wrote:
    For the CISSP exam, I'm pretty much sticking with the AIO 3rd ed, (ISC)2 CISSP Gold Book, selected readings from the InfoSec manual 6th ed., and freepracticetests.org. The study material you use will also depend on how much InfoSec knowledge and experience you already have. If not a lot, there's several relevant NIST Special Publications (SP 800-12, SP 800-14, SP 800-30, SP 800-34, etc.) and ISO 27001 you should read through as well.

    Correction: It's ISO 27002--not 27001--that's significant to the CISSP exam.
    27001:2005 is still important to know and is what people will probably be tested on. ISO 27002 has not yet made it into this version of the CISSP exam.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,953 Admin
    RTmarc wrote:
    27001:2005 is still important to know and is what people will probably be tested on. ISO 27002 has not yet made it into this version of the CISSP exam.
    Yes, you are correct. I thought 17799 had been changed to 27002, but it's 27001. My only paper copy is of 17799:2005. It's quite a lengthy summary of the "best practices" embodied by the (ISC)2.
  • RTmarcRTmarc Member Posts: 1,082 ■■■□□□□□□□
    JDMurray wrote:
    RTmarc wrote:
    27001:2005 is still important to know and is what people will probably be tested on. ISO 27002 has not yet made it into this version of the CISSP exam.
    Yes, you are correct. I thought 17799 had been changed to 27002, but it's 27001. My only paper copy is of 17799:2005. It's quite a lengthy summary of the "best practices" embodied by the (ISC)2.
    17799 has been renamed 27001. You are correct in everything you have said. I was just making the comment that the changes have not been made in the CISSP material as of yet. Most likely, this will change with the next revision.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,953 Admin
    RTmarc wrote:
    17799 has been renamed 27001. You are correct in everything you have said. I was just making the comment that the changes have not been made in the CISSP material as of yet. Most likely, this will change with the next revision.
    Oh? Do you have any inside info on when "the next revision" will be released? I'm taking the CISSP exam in November; I hope it's not until after then.
  • RTmarcRTmarc Member Posts: 1,082 ■■■□□□□□□□
    I've heard nothing as of yet, but when-if I do, I'll let you know.
Sign In or Register to comment.