cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CraginS
Defender I

Security Engineering - An Essential Prep Reference

Across several threads in several parts of the Community you will see discussions on what to use in preparing for the CISSP exam. One book you should definitely use is the Common Body of Knowledge, Official (ISC)² CISSP CBK Reference, Fifth Edition. Even if you use one of the many other 3rd party CBK study guides, you really need to have the official CBK at your elbow for cross check.

 

Many Community members have pointed out that the exam is not a rote memory fact check The questions are designed to test your ability to think like a senior manager in the security function. The absolutely essential reference for preparing yourself for such a perspective is Ross Anderson's Security Engineering. I used the 2001 1st edition to prepare for my 2002 exam. I bought the 2008 2nd edition as soon as it was available as an invaluable update to my work in the field. I also used several chapters of the 2nd edition as the textbook for a graduate level course I taught.

 

Anderson is on the verge of releasing the 3rd edition in November 2020. All three versions are available FREE at the above link, each chapter a separate PDF file.

Still, if you are serious about work in our field I strongly recommend getting the full dead-tree version for your desk (not your bookshelf).

 

Craig

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
3 Replies
Steve-Wilme
Advocate II

There's little substitute for getting the dead tree versions of reference materials.  This may seem odd in an age of online resources and downloadable PDFs, but there just something about being able to flick through a book and annotate it, plus if you have the shelf space I find books easier to find and easier to read without interruption from email and IM.

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
rslade
Influencer II

> Steve-Wilme (Advocate I) posted a new reply in Exam Preparation on 09-25-2020

> There's little substitute for getting the dead tree versions of reference
> materials.

When I was doing book reviews in a big way, I eventually started to get Kindle and
PDF copies of some of them. While I find Kindle handy for having something to
read in an emergency, trying to use digital versions for reference is a royal pain.
(I do have a PDF copy of my own dictionary for reference, but that's because,
while creating it, I took great care to put in tens-of-thousands of cross-
references.) Trying to find something in a digital reference is almost always
slower than flipping through pages. Even with a search function, it's seldom that
you remember the exact wording, and, of course, exact wording is an absolute
necessity. Plus typing in the exact wording is time consuming. Gimme dead trees
any day.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
My opinions may have changed, but not the fact that I am right.
- Ashleigh Brilliant
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Court
Newcomer I

Security Engineering lesson provides you with in-depth tutorial online as a part of CISSP® course. Security architects can rely on reference architectures, international  ISO/IEC 27002 Code of Practice for Information Security Management. It is essential to remember the ultimate goal addressed by the model and how Security engineering is the process of incorporating security controls into the  cycle, an idea that is sometimes easier to accept in principle than to put into practice. and general sources of secure engineering guidance makes it essential for  all 8 domains, and questions will not overtly reference their domain of origin.

 

 

 

 

 

official website