• The Gold Edition has been updated to include CISSP bonus questions never before published and advanced question and answer tutorial.
• The CD-ROM contains 660 questions of which 360 have never before been available electronically.
• All questions have been designed with Boson, the premier interactive test engine for technical books in the industry.
• Authors are experts in the security certification field and have particular expertise in the CISSP Exam.

Average Customer Review: ( 27 customer reviews )
Write an online review and share your thoughts with other customers.

The "Advanced Sample Questions" at the end of each chapter are very useful too.
Some questions are not covered in the textbook, but they are explained in detail in the "Answers to Advanced Sample Questions". This is one way to extend one's insight into new areanas quickly and systematically. If one does not study these questions and answers, one will end up having to go somewhere else to find something else to cover the same topics in longer time and from MULTIPLE sources, withOUT knowing the questions and answers.

Boson CISSP Practice Test 3 will also extend one's knowledge further by referring to related WEB sites. Be aware that Boson CISSP Practice Test 1 is based on Information Security Management Handbook, Fourth Edition by Harold F. Tipton, Micki Krause. Boson CISSP Practice Tests 2 and 3 are not based on any particular prep/text books.

Wish that the above review would help and encourage you somewhat.

20 of 21 found the following review helpful:

Great book - read warning belowDec 11, 2002

I concur with the other reviews on this book that's a great book and perfect for the CISSP exam. However, I do have a warning for Amazon buyers. I purchased this book along with the Advanced Prep Quide Q&A by the same publisher as recommended by Amazon. As it turns out, the Advanced Guide is really a supplement to older editions or non-Gold editions. The Gold Edition includes all the material in the Advanced book - SO DON'T BUY BOTH. I wrote Amazon and asked them to correct this. They can feel free to edit/delete this if they have.

21 of 23 found the following review helpful:

Good information but not necessarily on-targetJun 02, 2004
By MessageVector "messagevector"
I studied for the CISSP exam using this book, parts of other books, and some online resources. I also took the seminar offered by ISC^2. A month after completing the seminar, I took the exam. And about a week or so after that, I was relieved to find out that I had passed. Based on my experience, here are some words to the wise about this book in reference to the actual exam.

A review of any preparatory book has to be done in comparison with other books that attempt to do the same. It is no use criticizing a particular book only to find out that no better resource exists. However, it is important to highlight how a particular book compares with the actual goal of preparing the student for the particular exam that has to be taken. With that in mind, I will state up front that IMHO this book is probably one of the better books out there when preparing for the CISSP exam. (I have not read the Shon Harris book so I can not comment on it. However, from what I've heard, it is better in its coverage of the not-so-technical domains of the CISSP exam like Security Models and Law/Ethics. Perhaps a combination of these two books would be most effective in terms of preparing for the exam -- along with other resources of course.)

Coverage of some of the technical topics in this book seems very good. I was particularly impressed with their coverage of the Cryptography chapter -- it is a difficult topic and the book seems to do a decent job of covering it. However, be aware that the coverage of this topic in the book is above and beyond the level required for CISSP. The authors go into significant details on certain algorithms etc. which is absolutely unnecessary for CISSP. On the other hand, the authors don't seem to explain (in a clear, comprehensive manner) how symmetric and asymmetric cryptography ties in together when carrying out a typical secure session over the internet -- including the exchange of asymmetric keys for securely exchanging symmetric keys which then can be used for data transfer as well as the authentication process using digital signatures. Another example of an area where the book seems to dwell too deep into topics which are only required at an inch-deep level for CISSP purposes is the section on Kerberos. However, one should keep in mind that a little extra knowlege never hurt anyone. (The only problem is that when studying for the exam, one may get the impression that a particular topic will indeed be covered in such detail -- which obviously is a false impression). In other areas, I found that the section on Security Models was not very well done and seemed disparate at times in its coverage. This was certainly one area where I found other sources to significantly add to my understanding of the topic.

Some people have stated that a number of questions presented in the Advanced Questions section of the book are not covered in the chapter reading and that this is a problem with the book. However, if one views these questions as further study/information material and not necessarily a test of one's understanding of the chapter, this problem goes away. The fact is that the authors provide independent, detailed explanation in answer to each question presented in the Advanced Questions section and these explanations serve to provide further information that was not present in the chapter reading. As such, I found this quite useful since it added to my knowledge rather than just testing on what I had read. For those who wish to test their understanding of the material, there is a good "testing" resource online at www.cccure.org.

Overall, the authors seem very knowledgeable about all of the domains and present the material in a clear manner. In fact, given the breadth of the material in CISSP domains, their depth in certain areas is quite impressive.

I have often heard people say that the CISSP exam tests your experience in the security field, and that is not something you can gain from a book. Don't take this statement lightly! Books such as this one can only give you the theory behind "common sense" decisions that a security personnel would make during his/her daily work. They provide a good foundation. When it comes to the exam, use many resources (including this book of course), don't get caught in the details, and think common sense -- but with a security perspective!

13 of 13 found the following review helpful:

Too much informationJul 02, 2003
By Thane Williams
I just took the CISSP exam after three weeks of studying, with The CISSP Prep Guide: Gold Edition as my main study guide. Unfortunately, Krutz & Vines have included a wealth of information that I didn't need to know, meaning I spent hours memorizing superfluous information. For example, they delve into the gory details of the various cryptographic algorithms. I was careful to learn that information, only to have another exam guide point out that "the CISSP exam does not cover the specific details of how cryptographic algorithms work, so if you are confused by this information, feel free to move on."
While it is true that you can do well on the CISSP test by studying this book, you don't need much of the information presented here, and most of it is presented more concisely in other study guides. Furthermore, other study guides I used contained valuable information that was not in this book, information that did appear in test questions.
As goofy and badly-written as it may seem, Shon Harris's study guide will serve you better in the end.

12 of 12 found the following review helpful:

Excellent CISSP Book and CDROM - Highly Recommended.Nov 17, 2005
By T. Bass "Tim Bass"
Dear All, I recently completed my CISSP review studies, passed the exam, and completed the CISSP endorsement process. This is a very worth while endeavor and, as someone with many years of Internet security and risk management experience, I highly recommend the CISSP certification process for everyone. Reviewing the 10 common bodies of knowledge (CBK) has value for everyone in the IT business and I am very pleased to have taken the time to review the material and complete the exam. For my self-study review, I purchased four books via Amazon: (1) The CISSP Pre Guide - Gold Edition by Ronald L. Krutz and Russell Dean Vines, (2) All-In-One CISSP Exam Guide, Third Edition by Shon Harris, (3) Official (ISC)2 Guide to the CISSP Exam by Susan Hansche, John Berti and Chris Hare, and (4) CISSP Certified Information Security Professional Training Guide by Roberta Bragg. Each of these texts came with a CDROM for practicing test questions on a Windows PC and covered the 10 CISSP CBKs. I found the first three CISSP books in my list to be helpful. Of those three, the most helpful was The CISSP Prep Guide - Gold Edition by Krutz and Vines. This book is concise, well written, and easy to read. The CDROM is excellent and nearly error free. The text is well thought out and informative. I also recommend Shon Harris' book, with reservation. I found it hard to get to the required CISSP information, at times, due to the attempts at humor in the book. The CDROM of sample test questions were also very good, albeit not as rich in features as the book by Krutz and Vines. The Official (ISC)2 Guide to the CISSP Exam by Susan Hansche, John Berti and Chris Hare was a disappointment. This book read just like a cut-and-paste from the Internet and other documents; and the companion CDROM was full of errors and omissions. After a while I stopped using this text book and focused on the first two. I am sorry to say that CISSP Certified Information Security Professional Training Guide by Roberta Bragg was a complete disappointment from every perspective. The CDROM example tests were riddled with errors and omissions. For those interested in my self-study technique, I took each book and studied one (sometimes two) of each of the CBK chapters each day. Then, I repeated the same process for each of the other books, except for the book by Bragg, which was dropped for reasons mentioned. I took all the sample tests repeatedly, before and after and then again. I must have practiced between 4000-5000 sample questions. It was challenging and enjoyable. In summary, I highly recommend Krutz and Vines and also recommend, with reservation, the book by Shon Harris. No single book can cover the entire CBK of the CISSP. The more you study, the better. Best of luck on your CISSP studies. The CISSP is certainly an experience that will improve your knowledge of the field of IT security and benefit the profession at-large.

See all 27 customer reviews on Amazon.com