REVIEW: "Secured Computing", Carl F. Endorf

[InfoSec News <isn () c4i org>]

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>

BKSCDCMP.RVW   20020905

"Secured Computing", Carl F. Endorf, 2002, 1-55212-889-X,
U$44.95/C$64.00
%A   Carl F. Endorf etresearch () hotmail com
%C   Suite 6E, 2333 Government Street, Victoria, BC   V8T 4P4
%D   2002
%G   1-55212-889-X
%I   Trafford Publishing
%O   U$44.95/C$64.00 888-232-4444 FAX 250-383-6804 sales () trafford Com
%O  http://www.amazon.com/exec/obidos/ASIN/155212889X/robsladesinterne
%P   538 p.
%T   "Secured Computing: CISSP Study Guide, Second Edition"

Like Mandy Andress' book (cf. BKCISPEC.RVW), this concentrates on
terminology, rather than the concepts that the CISSP exam actually
tests for.  Like Krutz and Vines' book (cf. BKCISPPG.RVW), this
obviously and slavishly follows the (ISC)^2 syllabus.  Unlike Shon
Harris' book (cf. BKCISPA1.RVW), it doesn't provide much added value
or explanation.

It does offer a money back guarantee.  If, within six months of buying
the book, you take the CISSP exam twice (at U$450 a pop) and fail both
times, you get the price of the book back.  Less shipping and
handling.  (Also, you might need to be careful when ordering the book. 
The ISBN is identical for both the first and second editions.)

Some of the errors in the first edition of the book have been
corrected, but a few remain, such as the addition of a "strong star"
property to the Bell-LaPadula security model.

Since the work concentrates on jargon, there are glaring gaps in the
coverage.  For example, the Law, Investigation, and Ethics domain has
almost nothing to say about incident response, investigation,
preservation of evidence, computer forensics, or interviewing.

Added to the book in this second edition is a practice CISSP exam. 
Although the structure of the questions appears to be similar to those
you would see on a real exam, the answers, oddly enough, rely on non-
standard terminology.

Approximately one third of the total material in the second edition is
a reprint of the "Standard of Good Practice" document available from
the Information Security Forum (www.securityforum.org).  While there
is nothing wrong with the document, and it could be a useful aid to
the practitioner, it isn't much of a help in studying for the CISSP.

While this book might provide some assistance in exam prep, it is
probably not a sufficient guide by itself.

copyright Robert M. Slade, 2002   BKSCDCMP.RVW   20020905

-- 
======================
rslade () vcn bc ca  rslade () sprint ca  slade () victoria tc ca p1 () canada com
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
    December 16, 2002   December 20, 2002   San Francisco, CA
    February 10, 2003   February 14, 2003   St. Louis, MO
    March 31, 2003      April 4, 2003       Indianapolis, IN



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.