Nutshell review - A hard book to read but very extensive and covers all the official (ISC)2 CISSP exam material. If you are serious about the CISSP exam you should read this book.

If you want to get book to prepare your for the CISSP, this is a good one. Since it is from ISC2, you know it will give you everything you need and it maps to the new sections of the test (Tip: Be careful when looking at other study guides out there. The exam changed in 2007 and there aren't too many guides on the market based on the new test! If you buy something written before 2007, it is mapping to the old exam and you won't get the latest info on some of the technologies that you are expected to know for the exam). On the bad side it is not as easy to read as some of the other study guides. Since there is a seperate author for each chapter, the writing styles vary a bit. I also didn't like the questions at the end of the chapter, though the CD questions are better. On the good side, the actual reading material is straight to the point and only about 700 pages. The remaining pages of the book (approx 300) is a comprehensive glossary of terms (very useful).

If you like something that is easier to read, the Shon Harris All-in-One Study Guide puts things in a simpler fashion but it is over 1000 pages (a lot more reading). (4th edition maps to the new sections CISSP Certification All-in-One Exam Guide, 4th Ed. (All-in-One))

It boils down to what is your reading style. If you don't mind reading something that reads like a college text book, this is the book for you. If you think that reading a text book is a cure for your insomnia or you want to have someone explain certain concepts in a simpler fashion then try Shon Harris. Just be ready to dedicate some more time to her book. It is much longer and she can get repetative.

I attended a 6 day boot camp that provided this book as pre-study prep tool. NO ONE in the class even cracked it open, and all (including the instructor) far preferred the Shon Harris book(s).
The material doesn't have to be this dry. But boot camps feel obliged to provide this one because its by ISC2, and perceived as 'more official'.
BTW, always keep in mind... the purpose of the books and classes you may take is to get you through the exam. You HAVE to squash the frequent "but that's not the way it is in real life" thoughts.
When in doubt, put on your 'management' cap and answer from that POV, not as a techie.
One last thing... stay away from on-line test quizes... they'll destroy your self-confidence, which you can't afford. They're more often than not exercise in "hey, dig how smart I am and how obscure a question I can write." Stick to questions in this or Harris' books.
BTW, I passed. :)

I found the Shon Harris book easier to read, but I used this extensively as a reference when trying to strengthen my weaker areas.

If you are thinking about taking the CISSP exam, I would highly recomend this book (and others as well). Think about it, why not read the book that is published by the ones who created & manage the test itself ? No brainer right ? This book is roughly 715 pages of reading and it is well put together. However, I stongly recomend that you also read the All-In-One CISSP by Shon Harris. You must keep in mind that the ISC CBK is written by multiple authors (each chapter is a different auther), so the melody of the book changes throughout. However, it is a great reference and should be included as your CISSP study guide.

Highly recomended !!

Also Read:

All-In-One CISSP
CISSP Passport
CISSP for Dummies
Take PLENTY of practice tests !!!!!!

This book was no better than the first version. Don't waste your money you're not missing anything.

I identified that the book isn't as comprehensive as I thought. The book consists of the following major sections

Pages 1-714 Test Material (10 CBKs)
Pages 715-755 Answers to end of chapter quizzes
Pages 757-773 A reprint of the FREE CISSP candidate bulletin (Yes, the free guide you get from ISC2 when you register)
Pages 775-1021 Glossary of really 'hard' words
Pages 1023-1065 Index

You really get 714 pages of material plus a glossary. If you consider that the authors write passively which adds to the word count and makes the book a more difficult read, then you really aren't getting what you paid for.

I have read 4 books in my preparation for the CISSP. The All-in-One, Official CISSP CBK, CISSP Prep Guide, and the CISSP Exam Cram. This along with numerous study guides and several online courses. My overall comment is that I expected more from this book. It is extremely verbose and does not seem to "flow" like some of the other books. (Probably because it is written by numerous authors). The test questions at the end of each chapter are poorly written. It also seemed to lack some of the critical details I found in other books. The best overall guide I have found so far is the All-in-One (no big surprise). The official CISSP CBK did not provide any significant details you cannot find the All-in-one and it lacked details in several key areas.

This is a great overview of the CBK, presented by experts in each domain. The quality is good overall, but some of the chapters are a little choppy and contain typo and consistency errors (these are few and far between, though). The material is presented as a scholarly writing (as it should be) and isn't really appropriate for someone brand-new to the security field. This serves as a great reference guide for a CISSP (especially for the wealth of references in Law and Ethics domain).

I'm very sorry, but I cannot recommend this book. It is, overall, very poor. I'm sorry I can't recommend it because some of the contributing authors are friends of mine... I wish I could recommend the book for their benefit, but I can't.

First and foremost, the book suffers greatly from the "Too Much Information" syndrome that most CISSP books fall prey to... at 1065 total pages (717 of which are pre-glossary/index) it tries (and fails) to cover every possible security topic but gives little regard to what the CISSP candidate really needs to know.

Each chapter is contributed by a different author or authors. This becomes painfully clear as you work your way through the book.

Chapter 1 is excellent... one of the best discussions of Information Security and Risk Management I've come across.

But chapter 2 is absolutely terrible. It is over 100 pages of the worst technical text I've ever seen. As such, it is extremely difficult to read and even harder to glean information from. As just one example, would anyone like to explain "One of the less discussed aspects of administrative oversight is operations management of the controls environment and how it should be managed within the broader scope of enterprise architecture" (page 113). I could give many other painful examples from that chapter, but won't here. Another big problem with this chapter is that it is titled "Access Controls", but tries to cover topics from almost every other domain. Maybe half of the chapter at most actually deals with access controls.

Chapter 3 on Cryptography is well written, but suffers from the too much information phenomenon. For example, do we really need to understand asymmetric keys as "(n) = (p-1)(q-1):(n)=(17-1)(11-1)=16 * 10=160"? Or do we just need to understand how they work together so we can implement them? Also, the chapter suffers from some very significant accuracy errors (which I have reported to the author of the chapter for fixes in a future release).

The chapter on BCP is well written (done by one of those friends of mine) and probably the best one chapter explanation I've ever seen on how to do BCP, but I wonder how much of that information will be useful to the CISSP candidate. Again, it is simply too much information for the CISSP candidate to possibly glean the information they need to pass the test.

I'm afraid I can't comment on the other chapters since I have not read them and don't plan to... this book is of no value to me.

I guess the final straw was when I realized that, according to the index, the term "compartmented security mode" (or any variation) never shows up in the book (though you may very well see it on the CISSP exam). This led me to the realization that:

In over 1000 pages, the book doesn't talk about things you do care about, talks about a LOT of things you don't care about, and gets many of the things it does talk about wrong. I think that describes "bad book" as well as anything can.

I cannot recommend this book. Each chapter is written by a different author or authors. Some of those chapters are extremely good. Others are very poor. In fact, portions of the book are the most difficult to read technical text I have ever seen. In those areas, gleaning the information needed for the CISSP exam (or any other purpose) is difficult at best. Also, there are some significant accuracy errors in some places. I really believe your money is better spent on the Shon Harris CISSP All-in-One Exam Guide, Third Edition.

First, I am an Authorized (ISC)2 instructor, but my comments are my own, not endorsed by (ISC)2.

This book is a major rewrite and improvement over the prior version. The examples are clear, the information is up to date (at least up to the printing date; things are sure to change). It makes a great supplement to the official course and would also be useful to those trying to do it on their own.

For those that don't know, the CBK (Common Body of Knowledge) on which the book, the course and the test are all based, is updated each year. This is, to date, the only book that matches the latest CBK revision.

It lists the 13 contributors and their credentials; all are well known experts in their fields. By comparision, the competitive titles are written by one or two people who have the impossible job of knowing everything.

If you only get one book, get this one.