• CISSP: 3 in 1

  • Beginner's Guide + Guide to learn CISSP Principles + The Fundamentals of Information Security Systems for CISSP Exam
  • By: Daniel Jones
  • Narrated by: William Bahl
  • Length: 13 hrs and 21 mins
  • 4.7 out of 5 stars (39 ratings)

1 title per month from Audible’s entire catalog of best sellers, and new releases.
Access a growing selection of included Audible Originals, audiobooks and podcasts.
You will get an email reminder before your trial ends.
Your Premium Plus plan is $14.95 a month after 30 day trial. Cancel anytime.
Buy for $24.95

Buy for $24.95

Pay using card ending in
By confirming your purchase, you agree to Audible's Conditions of Use and Amazon's Privacy Notice. Taxes where applicable.

Publisher's Summary

The Certified Information System Security Practitioner (CISSP) is the most dominant, most mature and vendor-neutral information security certification.

The CISSP: A Comprehensive Beginners Guide to Learn and Understand the Realms of CISSP from A-Z is aligned to provide a simplified, easy-to-understand, and concise learning pack to get started and prepared for the examination. This book covers A-Z on CISSP, in other words, all the eight domains and nothing less. The content included in the book provides the latest information according to the most recent CISSP exam curriculum.  

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering 
  • Communication and Network Security 
  • Identity and Access Management (IAM) 
  • Security Assessment and Testing 
  • Security Operations 
  • Software Development Security  

The book includes additional information for difficult topics, including tables, and graphics. The topics also include references to resources, including the links to governing bodies, compliance requirements, issues and official websites and their references. Such information helps the reader to obtain more information and get him/herself organized as both a student, as well as a security practitioner.  

Each chapter covers a complete CISSP domain in a clear and concise manner with information that guides you to the next domain. The book also includes all of the information required to register and to prepare for the CISSP examination, including tips and references to the required websites and courseware.  

Certified Information System Security Practitioner (CISSP) is one of the leading information security certification and accreditation awarded by the (ISC)2. As of 2019, there are 136,000+ CISSP members worldwide in 171 countries. 

CISSP: A Comprehensive Beginner's Guide to learn the Realms of Security and Risk Management from A-Z using CISSP Principles is a comprehensive guide for students and professionals who are willing to follow or already following the CISSP studies. 

The book covers the first domain of the CISSP realm and is written with carefully structured content providing a step-by-step learning process so you go through a well-structured learning path with scenarios and real-world examples. It includes the latest information and statistics and follows the most recent syllabus released by (ISC)2. Let's look at the content at a glance. 

  • Information about CISSP and the examination, everything you want to know.
  • Information security risks, threats, and vulnerabilities.
  • Information security concepts, confidentially, integrity, security.
  • Cryptography basics.
  • Security and governance principles in an organization. 
  • Security policies, standards, procedures, guidelines, baselines, and more.
  • Organizations and information security laws, regulations, compliance, and standards. 
  • Information security, compliance, and risk management. 
  • Risk Management methodologies, frameworks, Business continuity. 
  • Professional ethics. 
  • Personal security policies and procedures. 
  • Privacy and its role in customers, employees, and organizations. 
  • Risk management in the supply chain. 
  • Security awareness training and education. 
  • And more...

The book includes additional information on difficult topics as the beginners should have a proper foundation. CISSP is a challenging topic, and therefore, the foundation topics must be well-understood; hence the reader can learn the rest of the domains with confidence. It includes extensive information on risk management, security, and global frameworks.

©2020 Daniel Jones (P)2020 Daniel Jones

What listeners say about CISSP: 3 in 1

Average Customer Ratings
Overall
  • 4.5 out of 5 stars
  • 5 Stars
    33
  • 4 Stars
    3
  • 3 Stars
    1
  • 2 Stars
    1
  • 1 Stars
    1
Performance
  • 4.5 out of 5 stars
  • 5 Stars
    33
  • 4 Stars
    3
  • 3 Stars
    0
  • 2 Stars
    0
  • 1 Stars
    2
Story
  • 5 out of 5 stars
  • 5 Stars
    33
  • 4 Stars
    4
  • 3 Stars
    0
  • 2 Stars
    0
  • 1 Stars
    1

Reviews - Please select the tabs below to change the source of reviews.

Sort by:
Filter by:
  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars

It establishes the topics for review

Data availability means you are able to access the data or information you need when you need it without any delays or long wait times. There are lots of threats to the availability of data. There can be many disasters, such as natural disasters causing major loss of data. There can also be human-initiated threats, like Distributed Denial Of Service attacks (DDoS) or even simple mistakes or configuration faults, internet failures or bandwidth limitations.

To provide continuous access, it is important to deploy the relevant options. The routine maintenance of hardware, operating systems, servers, applications through fault tolerance, redundancy, load balancing and disaster recovery measure must be in place. These will ensure high availability and resiliency.

There are technological deployments (hardware/software), such as fail-over clustering, load balancers, redundant hardware/systems and network support to fight availability issues.

24 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars

Get it

Due Diligence is the understanding of governance principles and risks your organization has to face. This process involves the gathering of information, assessment of risks, establishing written policies and documentation, and distributing this information to the organization.

Due care is about the responsibilities. In other words, it is about your responsibility within the organization and the legal responsibilities to establish proper controls, and follow the security policies to take reasonable actions and make better choices.

These two concepts can be confusing. For the ease of understanding, you can think due diligence as the practice by which the due care can be set forth.

21 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars

What you need to study

In 2003, The USA Department of Defense (NSA) adopted the CISSP as a baseline in order to form the ISSEP (Information System Security Engineer Professional) program. Today it is considered one of the CISSP concentrations. CISSP also stands as the most required security certification in LinkedIn. The most significant win it reached is to become the first information security credential to meet the conditions of ISO/IEC Standard 17024. According to (ISC)2, CISSP works in more than 160 nations globally. More than 129,000 professionals currently hold the certification and this implies how popular and global this certification is. Information security as a carrier is not a new trend and the requirements, opportunities and salary has grown continuously. To become an information security (Infosec) professional takes dedication, commitment, learning, experimentation and hands on experience. To become a professional with applied knowledge takes experience, which is a critical factor. There are lots of Infosec programs and certifications worldwide. Among all the certificates, such as CISA, CISM etc., CISSP is known as the elite certification, as well as one of the most challenging, yet rewarding.

19 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars

CISSP Killer

Rsk is or can be defined as a step toward evolution. In day to day life, taking a risk to obtain a goal (i.e. a reward) is crucial. When it comes to information technology, the risk is something that comes along with the territory. There are many industries that integrate information technology into their daily operations. Take for example, the healthcare industry or the banking, information technology operates within the core levels. This comes with a huge risk in terms of information exposure, theft, and corruption. The calculation of assessing the associated risk, implementing and testing measures, mitigating the risks become a core responsibility of the security and management. In the current information technology atmosphere, there are many risks associated with the components of a system. This can range from a simple display panel to complex machinery in a nuclear power plant. Risk management involves the process of understanding, assessing (analysis) and mitigating the risks to ensure the security objectives are met. Every decision-making process inherits the risks and the risk management process ensures the effectiveness of these decisions without having to go through the security failures.

18 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars

IMHO best explanation

Certified Information Systems Security Professional is the world’s premier cyber security certification (ISC)2. The world’s leading and the largest IT security organization was formed in 1989 as a non-profit organization. The requirement for standardization and maintaining vendor-neutrality while providing a global competency lead to the formation of the “International Information Systems Security Certification Consortium” or in short (ISC)2. In 1994, with the launch of the CISSP credential, a door was opened to a world class information security education and certification. CISSP is a fantastic journey through the world of information security. To build a strong, robust and competitive information security strategy and the practical implementation is a crucial task, yet a challenge that is entirely beneficial to an entire organization. CISSP focuses on an in-depth understanding of the components of critical areas in the information security. This certification stands out as proof of the advanced skills, and knowledge one possesses in terms of designing, implementing, developing, managing and maintaining a secure atmosphere in an organization.

15 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars

One of the best options to study if you want to be

One of the best options to study if you want to become a CISSP

Personal Identifiable Information are sensitive to customers, employees, vendors, consultants and other parties. Therefore, such information must be kept safe. Only the indented party must be able to obtain and use the information. This process must also be audited to ensure trustworthiness. There must be a documented privacy policy to describe what types of information are covered and to who it is applied.

Risk management is the process of determining the threats, and vulnerabilities, assessment of the risks, and risk response. The reports resulting after this process are sent to management to make educated and intelligent decisions. The team involved is also responsible for budget controls. A real-world scenario is that the organization management is spending less money and time to reduce the risks to a certain level.

A vulnerability is an exploitable problem. When a vulnerability is present, a threat is a possibility. These two are linked, as you understand now. There are known and unknown vulnerabilities. As an example, a computer may have a bug if it is unpatched. If this already has a patch, but not applied, it is a known threat. If no one except a malicious user knows it, it is an unknown threat. Identifying these is not easy in real-life situations.

13 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars

Here is the Highest complement I can give ........

Here is the Highest complement I can give the Study ...

When it comes to establishing an information security strategy, the decision must come from the top of the organization’s hierarchy. The organization’s governance or the governing body must initiate the security governance processes and policies to direct the next level management (executive management). Which means the strategy itself, the objectives and the risks are defined and executed in a top-down approach. The strategy must be in compliance with the existing regulations as well. The executive management must be fully aware/informed of the strategies (visibility) and have control over the security policies and the overall operation. In the process, the teams must meet and review the existing strategy, incidents, introduce new changes when as required and approve the changes accordingly. This strengthens the effectiveness, and ensures that the security activities are continuing while mitigating risks, while the investment on security is worth the cost. Many organizations must satisfy one or more compliance requirements. There can be one or more applicable laws, regulations, and industry standards. The consequence of non-compliance can be severe, as the act directly violate regulations, which include state laws and regulations. The worst-case scenario is the end of business followed by a considerable fine. Therefore, compliance is a very important topic to discuss and understand.

9 people found this helpful

  • Overall
    4 out of 5 stars
  • Performance
    4 out of 5 stars
  • Story
    4 out of 5 stars

Outstanding!

I passed the CISSP exam preparing with this course (just hearing it 2 times and answering the questions).

7 people found this helpful

  • Overall
    3 out of 5 stars
  • Performance
    1 out of 5 stars
  • Story
    4 out of 5 stars

Good book, terrible narration.

I'm about 3 hours in, and the book feels good and informative in the right places, but the narration is awful. The narrator pauses in weird places (prepare yourself for repeated "C...ISSP" and mid-sentence pauses that sound like end-of-sentence pauses, making it difficult listen and actually glean the information correctly). The important thing for the written book is that it touches on all of the domains and provides adequate coverage. This may not quite rise to that level... it's a good beginning look but doesn't seem to go quite in-depth far enough in some places (like cryptography). But in an audio presentation, it's important that the thoughts (sentences) flow together so you can pick up the information, and that's where this one falls short.

6 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars

A needed book for the Cybersecurity professional

The instructor does a great job of explaining the information. I like that the information is organized and flows, allowing me to understand the connection of each subject.

3 people found this helpful

Sort by:
Filter by:
  • Overall
    4 out of 5 stars
  • Performance
    4 out of 5 stars
  • Story
    4 out of 5 stars
Profile Image for Sylvia  Livingston
  • Sylvia Livingston
  • 07-28-20

Must have for the CISSP exam

Must have for the CISSP exam

Awesome Awesome & amazing course. Thank you very much for making things simple.

1 person found this helpful

  • Overall
    2 out of 5 stars
  • Performance
    1 out of 5 stars
  • Story
    2 out of 5 stars
Profile Image for Wojciech Basalaj
  • Wojciech Basalaj
  • 05-12-22

Awful audiobook, material OK

i am very annoyed that I bought this audiobook guided by positive reviews, and I don't understand how can anybody find it a good audiobook. The material is OK*, but the person reading it is performing so, so badly!

1. The most annoying part: he cannot be a voice artist, because he invents his own punctuation - making pauses in the middle of a sentence, wirhout any reason, and on the other hand, rushing with more sentences when he should pause to emphasize something, like the beginning of a new section. This alone makes this book unbearable to listen to.

*) I'm not even sure if the material is "OK", because often this bad punctuation is so distracting that it is difficult to focus on the meaning.

2. He clearly doesn't understand the material even on a basic level, and because of that all he reads come across as a bunch of words that carry little meaning.

3. Just a little thing: he clutches his throat at the end of most words (there are pauses in the middle of sentences, remember?) which is unpleasant to hear.

Overall, I regret buying the audiobook, and advise to avoid it. And to maybe get a better voice artist to re-read this book.