Wonderfully quick response and shipping time. Nice to have a request for any comments.

This book is presented in novel format where huge paragraphs dominate.
People don't mentally store information in paragraph format; they store it in bullets or chunks of data so you first have to read the paragraph, then deduce the bullets for mental storage. It's weird but I think most books are written like this.

There are endless stories about security using sometimes inappropriate metaphors for security which don't always equate to the technology at hand.

Also, the chapters aren't laid out in the 10 Domains covered by the CISSP exam so you have to jump around to go through the domains.

By comparison, the Sybex CISSP book does a worse job because the chapters aren't even named in relation to what the ten CISSP domains are so you have to guess which chapter goes to which domain.

There is good use of graphics but there is a lot of extra information not on the exam so if you're looking for a concise technical review of CISSP exam material, look elsewhere.

PS the Shon Harris videos are as long and drawn out.

I can honestly say that if it weren't for this book I probably would not have passed my CISSP exam. Unlike other prep-guides, Shon engages the reader and keeps their attention. Also, this book doesn't read like a "read this book and pass an exam" book. It reads like a security book which just so happens to teach you the contents of the CISSP CBK. Good work and congrats on the 4th edition.

I just passed the CISSP exam using, almost exclusively, the Shon Harris, 4th ed., 'All in ONE, CISSP Exam Guide' - supplementing Harris with some additional materials on networking and encryption. It took me about 7 weeks to study the materials before taking the exam despite a busy work schedule (my background is operations). The book is an excellent resource for most of the 10 knowledge domains with special mention to LAW, and Physical Security. However, the Networking and Encryption Domains were not nearly adequate - not enough information and presented at a level below that of the actual exam. Use the questions at the end of each chapter as review but be WARNED, most of the chapter review questions are much to simple. Seek out other text books for more representative exam questions(combining knowledge with logic and practical scenarios). Also, do not waste your time on the questions found on the CD - way, way to simple. I found the book a little verbose for my taste but the many tables, diagrams, summary areas, and the quite excellent Quick Tips section at the end of each chapter more than made up for this minor flaw.

Not sure why this book is so highly rated. Having taken (and passed) the CISSP several years ago, I need to retake this exam and bought three books for review and study purposes. I have a previous version of the Harris book and it is ~900 pages. This new version is 1100+ pages, but seems to be filled more with fluff and some of the actually useful knowledge has been removed! One example which stands out is the removal of the effectiveness and acceptance charts for biometrics methods. This is an important concept and it is entirely ignored in this version. Other things have been changed to no real benefit. The CIA triad (as is the de-facto acronym, even in her previous book) has been renamed to the ICA triad. There is no reason for this.
Finally, the entire book is written in a dumbed-down, cutesy fashion in an attempt (I believe) to make the book more approachable. All it has done, IMO, has increased the number of pages, possibly forcing out relevant materials.
I will pass this test, but it won't be because of this book. Buy the ISC book and the Krutz book (and/or a previous version of the Harris book) - you will not be disappointed.

If youre going for your CISSP, then this book should be looked at as your first and last line of study!
Shon truly is the best instructor I know of for CISSP!

Yes this book is the one stop shop. If your looking at this book hopefully you have a month or more to study. I had three weeks and was reading 50 - 75 pages a day(and yes I passed). The book covers all the material that you need to pass. Shon tries to keep it a little lively and adds real life examples. Her style is for you to UNDERSTAND the reasoning. This not a book that helps you break the test. You learn the material and UNDERSTAND the answer.

What an excellent book. Shon Harris has done a fantastic job in breaking it all down for the CISSP. The All in One Guide is exactly that, it's all you need. I was surprised at how well everything is covered and explained. It should be a mandatory read for all Security Professionals.

Just wish her new CISA book was available now. Let's hope she finds the time to tackle CISM.

Thanks...

I passed the test using this book. I did not use any other methods for the preparation. This book explains all of the aspect of the CISSP exam in detail explanations. It took me about 2 months to finish the whole contents. This is the only easy to understand IT book I've ever used.

I did not do much research for this book, it was advised to me by a colleague. He was the one who had to research the books on CISSP and this is the best one he came up with.

It is an excellent book. Very easy to read, handles very well the non-technical audience and drives the point right through!

the quick tips at the end of each chapter summerize most of what you need from that chapter (you might want to add a few more notes to ensure that you cover what you need). The CD also has around 950 questions which should help you through the preparation for the CISSP examination.

Additionally, it is a good reference book to keep.

good luck to you all.

I took the CISSP exam and passed the first time. I read the exam cram book and the ISC official review book, in addition to this book. Everyone I talked to said this was the book to get.

This was by far the easiest to read. The others were horrible reads, so it was hard to take away much from them. But I still felt like there was a lot of info in the book that was not on the exam. Also I think the exam is switching to a more story problem, situation based type question rather than the wrote memorization.

This is the most complete book for CISSP study. It is deep in each of the 10 CBK domains. Also, it serves as an useful reference for security-related work.

Reading this book cover to cover was a daunting task.

I've read many technical books throughout the years and I can honestly say this had to be in the top three most painful. 1100+ pages of inane comments, repetitive text, and poor topic transitions. That doesn't even cover the technical, typographic and other errors that should have been caught during the editing and technical review phases.

The authors attempt at injecting humor into the text falls flat. Starting most topics with an annoying quip just makes reading the book that much more difficult. For example, from Chapter 7: Telecommunications and Network Security, page 542, 'Layer 3 and 4 Switches' begins with, 'I want my switch to do everything, even make muffins.'

By the fourth chapter I had gotten used to skipping over any italicized text after a section break. This flaw carries over into the main text as well but it is near impossible to tune that out as you might miss something actually relevant to the topic.

Many of the examples used throughout the book are childish and overly simplistic. As a book touting "professionalism" it should be updated appropriately.

This being the fourth edition you would expect many of these issues would have already been addressed.

All that being said there is a lot of useful information in the book if you can overlook the issues. I have yet to try out the included testing materials so I can't comment on them at this point.

Although very drawn out, this is a very comprehensive guide. I can see why Shon Harris continues to be a respected contributor to the CISSP community. I passed the CISSP, the first time around.

Although a green horn in the information security field, I was amazed at the ease of comprehension portrayed by this book. At first, I imagined it'll be a remix of the previous edition with a little bit extra info here and there; I found out that the information content was as fresh as ever; Currently using it for an introductory course at Walsh College and I must say, in comparism to the 3rd ed. this is a lot better.

I am still in the midst of reading the CISSP All-in-one guide, and so far, I am very impressed with the content, and my ease of understanding subject matter presented. This is a much easier read than the "Official ISC2 Guide to the CISSP Exam". I also purchased "CISSP for Dummies". Of the three...CISSP all-in-one has the best of both worlds...in-depth content, similar to "Official ISC2 Guide", but also, ease of read, similar to the "For dummies" book. If I had to do it all over again...and just by one text, the CISSP All in one guide would be the one I'd choose, hands down.

I have exchanged email with the author and we have had a few phone calls, but I cannot say that I know Shon Harris well. However, after reading the 4th edition of her very successful book, I feel I know her better. I love the humor in the italics at the beginning of sections and - warning - sometimes in line with the technical material. I appreciate the plain, clear, as simple as possible, way the information is presented. It would be easy to make these concepts sound hard, Shon does not do that, not ever; thank you! The charts and graphics on the main do a fantastic job of making the information clear. She does an extraordinary job of moving between well written prose and bullet points in a style reminiscent of Dorothy Denning. At three inches thick and running over 1100 pages, one certainly cannot fault her for leaving critical information out. This is on par with the Matt Bishop book of being the Information Security Tome. I can't say that I learned that much reading the book since I do security all day, every day and have done so for years, but I never got bored and I went cover to cover ( not counting the detailed index in the back and the "so you want to be a CISSP in the front) and I was astounded by the author's craft, she tells the story of security as well as anyone ever has.

You do not need me to vouchsafe the value of this book ( and the CD) to prepare for the CISSP exam. If Shon is not the best known author, she is certainly in the top two or three in this category. But, I believe this book has another equally important role. It is perfect for the CxO that wants to understand what security is, what they need to know about it. I understand the knee jerk response to that is, "you cannot ask a CEO to read 1100 pages". Actually, the successful senior executives in the world are generally quite good at reading a LOT of information in a SHORT period of time. Shon is accurate, the writing is excellent, the diagrams help with "knowledge compression", a CFO interested in security can zip through this like a zero turn mower on a two acre MacMansion.

Nitpicks, sigh, I wish ISC2 had settled on the standard approach to incident handling instead of creating their own broken one. The Quantum Cryptography section is actually Quantum Key Exchange, but hey! That is a nitpick, no reader of this book actually needs to know the difference. And critics will be overjoyed because Shon seems to have threat, risk, and vulnerability in the right pidgeon holes. The most serious flaw in the book is in chapter 12, Hack and Attack Methods, some of that stuff I know cold and I got a bit confused reading that section, but it is the end of the book and my guess is that folks were getting tired. A few network traces would go a long way towards bringing that section to life. And you know what? The book remains 5 stars. Even if that section was spot on, even if the thirty weak pages out of the 1070 strong pages were perfect, the book is not designed to prepare the reader to be an IPS analyst. The overall message is clear and compelling, the bad guys do evil things with packets; I get the message so will the reader, let's move on.

The bottom line, if you think you know security and want to test your knowledge, buy the book, fire up the CD, install the test software and give yourself a run. Shon is a great author, but she has also compiled an awesome set of questions. Yes, they will prepare you for the CISSP exam, but they will also help you test your knowledge of security and your ability to think critically. If you have further questions about the book, or you disagree with my review, drop me a line and let's talk about it, stephen@sans.edu.

If you're like me and annoyed by morons that can't keep their mouths shut about politics (ya know, the kind of people that think everyone wants to hear their liberal ranting and complaining "I hate all men", feminist whining) you may NOT want to venture into this book.

If you read quite a few of the following reviews, you'll find MANY others that tried to warn me about this FEMINIST author NOT being able to keep her mouth shut about politics and hatred of men while YOU "attempt" to learn and/or prepare to take the CISSP, this liberal femy is sounding off throughout the book.

This is why I can't stand liberals (especially liberal feminist women). I picture the author with very short hair, wearing all black, sitting at a Mac, typing her feminist book while sipping Starbucks she picked up in her VW.

The world would be such a better place if these types could CONTROL themselves enough to leave their politics at home, especially when the subject at hand is IT Security.

I took the CISSP exam on August 12, 2007 and just received word on yesterday that I've passed. I can't express enough how important this book was in helping me prepare for the exam. This book was my primary resource for studying for the exam along with www.cccure.org. I also took a week long class which kind of helped. The reason I say 'kind of' is because I had pretty much read the book and the class was more of a review for me. I think that between this book and www.cccure.org the exam can be passed. Great resource for the exam.