Goodreads helps you keep track of books you want to read. Want to Read saving…. Want to Read Currently Reading Read. Other editions.
|Published (Last):||4 November 2015|
|PDF File Size:||8.55 Mb|
|ePub File Size:||14.52 Mb|
|Price:||Free* [*Free Regsitration Required]|
Information security is a massive body of knowledge that is as big as any ocean on Earth. It is also as deep as any ocean when you start to drill down into the complexities of any single topic. Merkow and Jim Breithaupt is much more like a map of a small inland stream. I mean that in the best way. As an avid reader on cyber security, I was able to read this page book in two days. In fact, I had already read everything in the book several times before but never in such a condensed format.
My trouble with this manual is where to place such a novice-centric book. There are basically ten domains of knowledge in the CBK and this book tries to cover some of those basic ideas in each domain.
It is as if the purpose of the book is to get the reader interested in the wonderful and fast paced careers offered once you get a certification.
I was disappointed that all of the book minus one paragraph talks about learning through certification and on the job experience. As if there isn't any other possible way to enter this career path, you must prepare to get a certification. That one paragraph does happen to mention this thing called academics, otherwise know as accredited education.
I call it getting a degree in the profession. Here is my tip of the day: if you want to be taken seriously in any specialized field like engineering, medicine, education or science, you need to have an advanced degree. Would you go see a doctor if he only had a certification or buy a house designed by a person who only took a question test to pass their qualification requirements?
So why would you trust all of your data to anyone who doesn't have an advanced degree in that field? The authors set the book up as a prelearning platform for the reader. They tell you how great the jobs are in Information Security, how to get your foot in the door by getting a certification , how to answer basic test questions sort of and how to research to get a better understanding of the ocean of knowledge you can expect to see when you close this book.
It reminds me of a drivers learning manual. In each product, they cover the textbook answers but completely miss the real world application of what comes next. I can imagine the meeting between the two authors and the publisher before the book was written. I want a fast paced book that encourages readers to take certifications. We could do a great job of using our experience in the field to write an updated and comprehensive book on best practices.
Now leave my office before I have your cars towed. Yes, I have a strange imagination but at least it's not boring. The book tries to balance an impossible task: write about the CBK, educate readers on what they need to read up on, and challenge the reader to get certified.
The reason why this is an impossible task is easily seen when you take a look at some of the questions in the book. Answer : Who cares, unless you happen to have a cereal box secret decoder ring. Nobody uses transposition except on the comic pages of certain newspapers. Answer : Who cares, we stopped using the color coded books years ago. The Rainbow tables are only used for hash comparisons in brute force attacks. A-C are all mathematical models anyways used for differing types of security methodologies usually government.
Somebody had to design a baseline for appliance and application testing just to make sure those slick marketing sales folks were telling the trust about their security abilities.
I admit my answers weren't the textbook correct ones but again, let's look at a drivers manual verses actually driving. The book is filled with plenty of great questions and exercises even though they are miles beyond the scope of the book.
The authors ask the readers to interview a sys admin and talk to them about their job. There is plenty of links to research spots but some of those links are in the upper limits of job knowledge for a CISO.
In my scale of rating technical books I would place this as 3rd grade level but written with some Spanish, Latin and calculus thrown in to please the publisher. Many of the questions are CBK difficult stupid and outdated but still difficult.
If the authors could have written a book to get more people to get certified and into this profession, they could have tossed out many of those upper level questions. This site uses Akismet to reduce spam.
Information Security: Principles and Practices, 2nd Edition
View larger. Preview this title online. Request a copy. Download instructor resources. Additional order info.
Information Security: Principles and Practices, Second Edition
Fully updated for the newest technologies and best practices, Information Security: Principles and Practices , Second Edition thoroughly covers all 10 domains of today's Information Security Common Body of Knowledge. Two highly experienced security practitioners have brought together all the foundational knowledge you need to succeed in today's IT and business environments. They offer easy-to-understand, practical coverage of topics ranging from security management and physical security to cryptography and application development security. Throughout, you'll find updated case studies, review questions, and exercises—all designed to reveal today's real-world IT security challenges and help you overcome them. I found this book to be a refresher