What do you think?
Rate this book
CISSP All-in-One Exam Guide
The Third Edition of this proven All-in-One exam guide provides total coverage of the CISSP certification exam, which has again been voted one of the Top 10 IT certifications in 2005 by CertCities. Revised and updated using feedback from Instructors and students, learn security operations in the areas of telecommunications, cryptography, management practices, and more. Plan for continuity and disaster recovery. Update your knowledge of laws, investigations, and ethics. Plus, run the CD-ROM and practice with more than 500 all new simulated exam questions. Browse the all new electronic book for studying on the go. Let security consultant and author Shon Harris lead you to successful completion of the CISSP.
1001 pages, Hardcover
First published December 26, 2001
406 people are currently reading
753 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 30 of 62 reviews
August 30, 2018
I just passed the CISSP exam yesterday. This book was by far the better of the three that I purchased. I found its explanations more detailed and didn't assume a baseline of knowledge (I do not have a background in ISMS or anything technology related). I took off one star because the test prep questions were on a CD-ROM (my work computer doesn't have a drive and the CD is not compatible with Macs) and the questions on the CD seemed MUCH easier than the questions at the end of each chapter.
What I liked : The organization of the book is consistent with ISC2 8 topical areas, the Exam Tips were very useful, the end of chapter summaries were very comprehensive, and the book is hard cover which helps with keeping it open when you read it cover to cover.
If you were going to buy one book for the CISSP I would make it this one.
What I liked : The organization of the book is consistent with ISC2 8 topical areas, the Exam Tips were very useful, the end of chapter summaries were very comprehensive, and the book is hard cover which helps with keeping it open when you read it cover to cover.
If you were going to buy one book for the CISSP I would make it this one.
March 7, 2010
Shon Harris has some funny Techie wit in this very long guide. She does a great job of explaining all the material and I really appreciate that it is written from a woman's point of view. She uses females in all her examples which I have never encountered in technical novels before. I only gave it four stars because it is a technical novel and well they are not the most interesting things to read but she does a great job and covers it all. A must read for CISSP candidates. ;-)
March 15, 2018
In a word "comprehensive". Full of interesting facts and theories. Let's see if it gets me though the exam.
November 13, 2021
This 1400-page monster assumes absolutely zero previous knowledge of information security, cyber security, information management, risk management, information assurance, identity management, practical cryptography (types of ciphers and modes of operation: no formal proofs of security, no math nor theory: just read the NIST Special Publication 800-series docs, like 800-90 on CSPRNG, and for the math Goldreich's Foundations of Cryptography in 2 vols.), or any sort of development or engineering and only a basic familiarity with technology.
This means that anyone who is in a position to pass the exam after reading this book could have done with 600 fewer pages of introductory exposition. The book is, like many technical works that aren't mathematical, both too long and too short. It's too long for someone with experience in engineering, but too short to descend into the weeds past generic applications of the abstract principles of the '8 domains of the CISSP Common Body of Knowledge'.
The 8-volume, outdated Information Security Management Handbook of 7,000 pages goes into great detail of every application of every domain. CyBoK, the European work, is more practical and engineering-oriented, but of no relevance to the credential. Thanks to the influence of the credential, the practice of security in real life is often divided along the same lines as the exam. The CISSP CBK [Common Body of Knowledge] Reference is more detailed and shorter, nondidactic but sufficient for anyone who can solve a leetcode easy to learn the jargon and style of (ISC)2's CISSP.
It's said the CISSP is a management credential and also useful for government work. I wouldn't know, but it's pretty universal on the security side of the house at tier-2 corps for engineers, architects, security officers, and so forth, and common at tier-1s among middle management and GRC people. It's certainly not an engineering credential because it will teach you little of secure development or secure architecture but much of security tradeoffs.
I got one of these back when the exam had 10 domains and was on paper, but here's the only advice you'll ever need: The exam is nothing like the book. It is less technical and much more ambiguous, with few right or wrong answers, and full of convoluted phrasing and 'gotchas' in the same class as double negatives.
Consider it practice for email threads with non-technical people when you become an engineering manager. The cert is worth it for middle engineers (not junior, not senior) with an interest in systems security, anyone who has a job that pays for it, and for people who want to become managers without getting an MBA.
Vagabond of Letters, CISSP-ISSAP/ISSMP
This means that anyone who is in a position to pass the exam after reading this book could have done with 600 fewer pages of introductory exposition. The book is, like many technical works that aren't mathematical, both too long and too short. It's too long for someone with experience in engineering, but too short to descend into the weeds past generic applications of the abstract principles of the '8 domains of the CISSP Common Body of Knowledge'.
The 8-volume, outdated Information Security Management Handbook of 7,000 pages goes into great detail of every application of every domain. CyBoK, the European work, is more practical and engineering-oriented, but of no relevance to the credential. Thanks to the influence of the credential, the practice of security in real life is often divided along the same lines as the exam. The CISSP CBK [Common Body of Knowledge] Reference is more detailed and shorter, nondidactic but sufficient for anyone who can solve a leetcode easy to learn the jargon and style of (ISC)2's CISSP.
It's said the CISSP is a management credential and also useful for government work. I wouldn't know, but it's pretty universal on the security side of the house at tier-2 corps for engineers, architects, security officers, and so forth, and common at tier-1s among middle management and GRC people. It's certainly not an engineering credential because it will teach you little of secure development or secure architecture but much of security tradeoffs.
I got one of these back when the exam had 10 domains and was on paper, but here's the only advice you'll ever need: The exam is nothing like the book. It is less technical and much more ambiguous, with few right or wrong answers, and full of convoluted phrasing and 'gotchas' in the same class as double negatives.
Consider it practice for email threads with non-technical people when you become an engineering manager. The cert is worth it for middle engineers (not junior, not senior) with an interest in systems security, anyone who has a job that pays for it, and for people who want to become managers without getting an MBA.
Vagabond of Letters, CISSP-ISSAP/ISSMP
August 5, 2010
Nice and detailed review of all CISSP domains.
If you have previous knowledge in a certain area and you're familiar with the concepts you can get easily bored with the elaborate examples and probably will skip them.
I liked the overall presentation style.
The only annoying thing were the 'funny' remarks at the beginning of each topic.
If you have previous knowledge in a certain area and you're familiar with the concepts you can get easily bored with the elaborate examples and probably will skip them.
I liked the overall presentation style.
The only annoying thing were the 'funny' remarks at the beginning of each topic.
July 10, 2019
I just read this book for clearing my CISSP exam. Only thing you need to clear CISSP
April 2, 2019
The Certified Information Systems Security Professional (CISSP) is the most popular information security certification today. Those in the security field often find that the CISSP certification is a prerequisite for hiring. Human resources departments often use it as a filter to determine qualified candidates, and information assurance personnel in the U.S. military are required to be certified. Because the certification is so important, a wide array of authors and publishers have written study guides.
The framework of the certification is the (ISC)2 Common Body of Knowledge, which underwent a major update a few years ago. The biggest change was that it went from 10 domains to eight. The eighth edition of CISSP All-in-One Exam Guide goes into significant detail for all preparatory areas and more. It is a solid, albeit potentially overwhelming, study guide for the serious CISSP candidate.
Previous editions of the book included a CD-ROM with the additional study material and test questions. For this edition, the study material and questions have moved online.
The CISSP test has been called an inch deep and a mile wide. That may be an exaggeration, but it is clear that the test requires knowledge of a lot of information. This reviewer believes that the recent update of the CISSP All-in-One Exam Guide will help candidates prepare for and pass the CISSP certification exam.
The framework of the certification is the (ISC)2 Common Body of Knowledge, which underwent a major update a few years ago. The biggest change was that it went from 10 domains to eight. The eighth edition of CISSP All-in-One Exam Guide goes into significant detail for all preparatory areas and more. It is a solid, albeit potentially overwhelming, study guide for the serious CISSP candidate.
Previous editions of the book included a CD-ROM with the additional study material and test questions. For this edition, the study material and questions have moved online.
The CISSP test has been called an inch deep and a mile wide. That may be an exaggeration, but it is clear that the test requires knowledge of a lot of information. This reviewer believes that the recent update of the CISSP All-in-One Exam Guide will help candidates prepare for and pass the CISSP certification exam.
September 4, 2020
This book provides detailed explanation on topics of CISSP and doesn’t assume any background knowledge on reader. The basics and background knowledge explained in this book might not be directly tested in CISSP Exam but they help readers revise the foundations that form the basis of the testable areas. I read this book concurrently with the Sybex official guide and find myself coming back to this book when I need to reaffirm my understanding on certain topics. I also like the how the examples given are relatable and humorous at times.
December 25, 2018
Anyone who is not just preparing for the CISSP but in any way is related to the Information Security profession should read this book at least once. I remember my manager recommending me this book in Aug 2011, when I just started my first job, but I disregarded his recommendation. I wish I had read the book then.
July 23, 2019
Exhaustive and exhausting, this book uses so many words to explain the concepts for the CISSP exam, that it is hard to find the essence of what you really need to know. Fortunately, I had another book so I could do overlap analysis, which made it easier to go quickly through sections on this one that were redundant.
May 13, 2020
while I read this book, i ended up reading the Gibson CISSP official study guide as well and was so much much more relevant and consise. This book seems to be rather dated and while they keep revising it, they are not truly updating the overall content - it really needs an overhaul. I passed the test on the Gibson book, not on this book.
November 23, 2018
Better preparation
This book provides a lot of detail which may not be necessary for the exam but is certainly helpful in fully understanding the domains . It’s easy to read and is a great preparation tool.
This book provides a lot of detail which may not be necessary for the exam but is certainly helpful in fully understanding the domains . It’s easy to read and is a great preparation tool.
March 2, 2021
Very interesting book. It goes beyond (ISC)2’s training and gives more details and explanations. Though neither this book nor the training got me through the exam as it is more experience oriented (which I haven’t).
May 25, 2021
Used this book and a few others years ago to pass my CISSP exam. Never attended a class just previous experience and hours studying book like this. The sample questions are very helpful. Passing the CISSP is as much about getting familiar with how questions are asked as knowing the material
September 21, 2017
Excelente material
excelente libro de estudio para los profesionales en seguridad de la información. Ganen el CISSP con este libro, yo ya lo estoy estudiando.
excelente libro de estudio para los profesionales en seguridad de la información. Ganen el CISSP con este libro, yo ya lo estoy estudiando.
December 7, 2018
By far the most readable and useful of all the CISSP training material. Without it, I doubt I would have got as far as taking the exam - let alone passing it!
Read
January 4, 2020Used this and passed...
February 13, 2020
The One book you need to read for the CISSP
November 11, 2020
I prefer the official guide but this is a good reference.
March 8, 2021
It has been well known for years now, if you want to pass the CISSP exam (properly) the book by Shon Harris is what you need to read. Know it from cover to cover and the exam is straight forward.
July 5, 2021
Definitely a tough read.
There are some mistakes here and there and a bunch of recommendations I would not agree with.
But overall - it's a good start, if you're interested in CISSP.
There are some mistakes here and there and a bunch of recommendations I would not agree with.
But overall - it's a good start, if you're interested in CISSP.
October 2, 2022
I uses this over the IC2 books. This is the better book.
January 22, 2023
Very good book, thoroughly covered the subject. Is a great help if you are planning to give CISSP exam.
August 21, 2008
Okay, not everyone's favorite subject. I'm reading this to help get a security certification - but it's surprising how the author makes this stuff interesting. 1200 pages....oy.
After finally finishing the book I have to say that I don't regret the read at all. It was very well done, but it did have some problems. I think the diagrams provided in the book really needed some help. At times I sat there staring at them for several minutes trying to understand how it related to the text that referenced it. I see diagrams like this every day at work, so I'm no slouch in this arena. I think the author could use some help in this area in her next release. I also found some chapters to be a bit off-topic in the way she covered them. If it's true that the CISSP exam asks questions on some of this material, then I really have to question whether their focus is 100% on security. It seems to me that much of it strayed into excrutiating technical detail about the way things worked rather than focusing specifically on security.
This is, of course, necessary to a degree because you need to understand the basics of a system in order to understand how it can be exploited, but firmly believe that she went way to far in some cases.
On the other hand, big kudos to her depth of knowledge.
After finally finishing the book I have to say that I don't regret the read at all. It was very well done, but it did have some problems. I think the diagrams provided in the book really needed some help. At times I sat there staring at them for several minutes trying to understand how it related to the text that referenced it. I see diagrams like this every day at work, so I'm no slouch in this arena. I think the author could use some help in this area in her next release. I also found some chapters to be a bit off-topic in the way she covered them. If it's true that the CISSP exam asks questions on some of this material, then I really have to question whether their focus is 100% on security. It seems to me that much of it strayed into excrutiating technical detail about the way things worked rather than focusing specifically on security.
This is, of course, necessary to a degree because you need to understand the basics of a system in order to understand how it can be exploited, but firmly believe that she went way to far in some cases.
On the other hand, big kudos to her depth of knowledge.
May 17, 2013
With regard to content, Harris' CISSP Guide is, in a word, outstanding. CISSP material is on the dry side so the book breaks the monotony by interspersing the content with amusing anecdotes. Note: If you are one of those people who just cannot accept that a technical book can be anything other than *dry* & boring, then go buy Krutz & Vines CISSP Prep Guide. While I found that title informative it was *extremely* challenging to stay awake to read it.
In all matters of practicality, reading both Harris' & Krutz & Vine's CISSP books were largely informative exercises for me because I don't plan on dropping the $400 bucks to take the exam. The economy simply doesn't warrant the expense. There *are* no jobs in security because all the good paying highly skilled positions are being outsourced & offshored to 3rd world scab nations at the fastest rate Congre$$ enables them to be.
Furthermore, what's the point of putting your all into studying and securing professional certifications if the best you can do is flipping burgers at $6.00/hr. Don't kid yourself - that's what the United States is depreciating to. It's a race to the bottom where the multibillion dollar transnational corporations have carte blanche to shop the planet for the *cheapest* labor and couldn't care less about American jobs.
In all matters of practicality, reading both Harris' & Krutz & Vine's CISSP books were largely informative exercises for me because I don't plan on dropping the $400 bucks to take the exam. The economy simply doesn't warrant the expense. There *are* no jobs in security because all the good paying highly skilled positions are being outsourced & offshored to 3rd world scab nations at the fastest rate Congre$$ enables them to be.
Furthermore, what's the point of putting your all into studying and securing professional certifications if the best you can do is flipping burgers at $6.00/hr. Don't kid yourself - that's what the United States is depreciating to. It's a race to the bottom where the multibillion dollar transnational corporations have carte blanche to shop the planet for the *cheapest* labor and couldn't care less about American jobs.
April 9, 2020
I was waiting until I passed the CISSP before I wrote this review for this book.
One my main study sources for passing the exam. I know this book has a lot of infamy for being so long in length and in drawn out content on the topics within, but I for one actually enjoyed it. I "want to know" and I am not looking for an easy solution or a way to cut corners. While the book certainly does cover a lot, it warns the reader at various stages with a message along the lines of: "The following content goes beyond the CISSP exam, however, I felt it was so important I wanted to include it anyways." ... Absolutely giving the reader the opportunity to skip that portion and reduce their over read time.
I would say that this book is a must read for passing the CISSP exam. The last 72 hours before I took the live exam, I skimmed through the chapters and stopped and read paragraphs that caught my eye that I identified I needed a little refresher knowledge on.
Yes, it's a long book. But, actually take the time to read and absorb the material. It will pay off in the end when you see "Congratulations!" on your end of exam print off at the testing center.
One my main study sources for passing the exam. I know this book has a lot of infamy for being so long in length and in drawn out content on the topics within, but I for one actually enjoyed it. I "want to know" and I am not looking for an easy solution or a way to cut corners. While the book certainly does cover a lot, it warns the reader at various stages with a message along the lines of: "The following content goes beyond the CISSP exam, however, I felt it was so important I wanted to include it anyways." ... Absolutely giving the reader the opportunity to skip that portion and reduce their over read time.
I would say that this book is a must read for passing the CISSP exam. The last 72 hours before I took the live exam, I skimmed through the chapters and stopped and read paragraphs that caught my eye that I identified I needed a little refresher knowledge on.
Yes, it's a long book. But, actually take the time to read and absorb the material. It will pay off in the end when you see "Congratulations!" on your end of exam print off at the testing center.
June 11, 2015
As this is a professional exam prepatory book, my experience is pretty much guaranteed to be unique and the following review is based on the utility of the guide rather than the information provided within.
This book is the end-all, be-all of professional security knowledge. In its exhaustive coverage of the CBK, you will find wonderful anecdotes, derails, and diversions written in by Shon and the other contributors over the past editions. The cover says that the book is to be used to prepare for the exam, but the true utility of this book comes after the passing grade.
To me, this book is designed to live on your desk and be referred to whenever an audit point or design issue arises. As a piece of living reference material, it is second to none and is immediately searchable and accessible in any situation.
Get it after you pass the CISSP, or if you're a student wanting to learn about InfoSec. Use Conrad's test prep to get the real edge
This book is the end-all, be-all of professional security knowledge. In its exhaustive coverage of the CBK, you will find wonderful anecdotes, derails, and diversions written in by Shon and the other contributors over the past editions. The cover says that the book is to be used to prepare for the exam, but the true utility of this book comes after the passing grade.
To me, this book is designed to live on your desk and be referred to whenever an audit point or design issue arises. As a piece of living reference material, it is second to none and is immediately searchable and accessible in any situation.
Get it after you pass the CISSP, or if you're a student wanting to learn about InfoSec. Use Conrad's test prep to get the real edge
July 18, 2009
What a great and comprehensive book for the CISSP. I also loved the accompanying test CD. If you are studying for the CISSP this is a must have. I must admit, it's a bit overwhelming at over 1000 pages, but the practice tests help identify what you need to focus on.
I would highly recommend this book.
I would highly recommend this book.
February 27, 2012
1200 pages of pure joy. The author is good. Made it less tedious. The subject is IT security. Not the novel you curl up in front of fire with. Nor with a glass of wine. Alcohol and textbooks don't mix. Although if I don't pass the exam that this is for then there will definitely be a mix of textbook, alcohol and fire.
September 11, 2016
A lot of information in this book for CISSP. Maybe became I'm a computer geek, is the reason why I read it ALL and found it all very informative (and exciting…yup proud computer geek here). Thanks to the Navy for already teaching me some of the stuff that was in this book.
Looking forward to taking this certification exam, hopefully soon. =)
Looking forward to taking this certification exam, hopefully soon. =)
Displaying 1 - 30 of 62 reviews