Book Reviews: Information Security Books and Product Reviews – Official (ISC)2® Guide to the ISSMP® CBK®

Book Title: Official (ISC)2® Guide to the ISSMP® CBK®

Editor: Harold F. Tipton

Contributor(s): James Litchko, Craig Steven Wright, Cheryl Hennell, Maura van der Linden and Keith D. Willett

Publisher: Auerbach Publications

Date of Publishing: 28 April 2011

ISBN(13): 9781420094435

Price (UK&US price – full price, not discounted price): £49.99,   $69.95

URL of Amazon UK web page:  Official (ISC)2® Guide to the ISSMP® CBK® ((ISC)2 Press)

URL of Amazon UK (Kindle) web page: Official (ISC)2® Guide to the ISSMP® CBK® ((ISC)2 Press)

URL of Amazon US web page:  Official (ISC)2® Guide to the ISSMP® CBK® ((ISC)2 Press)

URL of Amazon US (Kindle) web page:  Official (ISC)2® Guide to the ISSMP® CBK® ((ISC)2 Press)  

This book comprises five chapters, one covering each topic in the ISSMP CBK. In order, these are: Enterprise Security Management Practices, Enterprise Wide Systems Development Security, Overseeing Compliance of Security Operations, Understanding Business Continuity Planning (BCP), Disaster Recovery Planning (DRP) and Continuity Of Operations Planning (COOP), and Law Investigation, Forensics and Ethics. Each chapter has a different author.At 452 pages there is plenty of detailed content, some of it very well written. The book did not explicitly state that a CISSP qualification is a prerequisite, though this is implied in Chapter 4, and it was not until I had nearly completed the book that I was able to positively confirm this. I am not CISSP, but do have 22 years of Information Assurance experience. I have experience covering the first three chapters, but little practical knowledge in the last two. I found the first two chapters to be well written and presented in an easy-to-read format. Much of the content of Chapter 3 was also very useful, however, it stretched to over 120 pages and I found it difficult to follow in places. I found Chapter 4 also hard to follow in places and found the content was mainly focused on DRP, despite the chapter’s title. Chapter 4 contains lots of useful information but it is not structured in an easily comprehensible way and would ideally be condensed into fewer pages, focusing on key points to aid with clarity. This whole section on law in Chapter 5 was very detailed and I wondered whether an ISSMP would need to understand such nuances of law as are discussed in the examples. Some other thoughts on this book: firstly, it has a US bias, so some of the content is less useful to readers outside the US. Secondly, some of the chapters are very long, which makes it easy to lose context within the chapter. Thirdly, there was no apparent attempt to integrate, cross-reference and usefully index chapter content. On the last point, as a reference book, I would expect to be able to find all useful keywords listed in the index, yet I found the index to be of limited use. Examples include UK Acts relevant to IA, “whitelisting”, “blacklisting”, “chain of custody” and “tort” which are not listed and BCP, DRP and COOP, which point to each other and the first page of Chapter 4.

Overall, the book contains some very good content but the presentation is lacking in some areas.

The Official (ISC)2® Guide to the ISSMP® CBK® undoubtedly contains a lot of useful guidance to an IA professional studying to become ISSMP. The book aims to address an international audience, but does have a US bias in terms of policy, legislation and legal content.

Marks: 3 out of 5