adbl_ms_membershipImage_includedwith_altText_B076FLV3HT
adbl_ms_membershipImage_includedwith_altText_B076FLV3HT

1 audiobook of your choice.
Stream or download thousands of included titles.
$14.95 a month after 30 day trial. Cancel anytime.
Buy for $24.95

Buy for $24.95

Pay using card ending in
By confirming your purchase, you agree to Audible's Conditions of Use and Amazon's Privacy Notice. Taxes where applicable.

Publisher's Summary

The Certified Information System Security Practitioner (CISSP) is the most dominant, most mature and vendor-neutral information security certification.

The CISSP: A Comprehensive Beginners Guide to Learn and Understand the Realms of CISSP from A-Z is aligned to provide a simplified, easy-to-understand, and concise learning pack to get started and prepared for the examination. This book covers A-Z on CISSP, in other words, all the eight domains and nothing less. The content included in the book provides the latest information according to the most recent CISSP exam curriculum.  

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering 
  • Communication and Network Security 
  • Identity and Access Management (IAM) 
  • Security Assessment and Testing 
  • Security Operations 
  • Software Development Security  

The book includes additional information for difficult topics, including tables, and graphics. The topics also include references to resources, including the links to governing bodies, compliance requirements, issues and official websites and their references. Such information helps the reader to obtain more information and get him/herself organized as both a student, as well as a security practitioner.  

Each chapter covers a complete CISSP domain in a clear and concise manner with information that guides you to the next domain. The book also includes all of the information required to register and to prepare for the CISSP examination, including tips and references to the required websites and courseware.  

Certified Information System Security Practitioner (CISSP) is one of the leading information security certification and accreditation awarded by the (ISC)2. As of 2019, there are 136,000+ CISSP members worldwide in 171 countries. 

CISSP: A Comprehensive Beginner's Guide to learn the Realms of Security and Risk Management from A-Z using CISSP Principles is a comprehensive guide for students and professionals who are willing to follow or already following the CISSP studies. 

The book covers the first domain of the CISSP realm and is written with carefully structured content providing a step-by-step learning process so you go through a well-structured learning path with scenarios and real-world examples. It includes the latest information and statistics and follows the most recent syllabus released by (ISC)2. Let's look at the content at a glance. 

  • Information about CISSP and the examination, everything you want to know.
  • Information security risks, threats, and vulnerabilities.
  • Information security concepts, confidentially, integrity, security.
  • Cryptography basics.
  • Security and governance principles in an organization. 
  • Security policies, standards, procedures, guidelines, baselines, and more.
  • Organizations and information security laws, regulations, compliance, and standards. 
  • Information security, compliance, and risk management. 
  • Risk Management methodologies, frameworks, Business continuity. 
  • Professional ethics. 
  • Personal security policies and procedures. 
  • Privacy and its role in customers, employees, and organizations. 
  • Risk management in the supply chain. 
  • Security awareness training and education. 
  • And more...

The book includes additional information on difficult topics as the beginners should have a proper foundation. CISSP is a challenging topic, and therefore, the foundation topics must be well-understood; hence the reader can learn the rest of the domains with confidence. It includes extensive information on risk management, security, and global frameworks.

©2020 Daniel Jones (P)2020 Daniel Jones

What listeners say about CISSP: 3 in 1

Average Customer Ratings
Overall
  • 5 out of 5 stars
  • 5 Stars
    29
  • 4 Stars
    2
  • 3 Stars
    1
  • 2 Stars
    0
  • 1 Stars
    0
Performance
  • 5 out of 5 stars
  • 5 Stars
    29
  • 4 Stars
    2
  • 3 Stars
    0
  • 2 Stars
    0
  • 1 Stars
    1
Story
  • 5 out of 5 stars
  • 5 Stars
    29
  • 4 Stars
    3
  • 3 Stars
    0
  • 2 Stars
    0
  • 1 Stars
    0

Reviews - Please select the tabs below to change the source of reviews.

Sort by:
Filter by:
  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars

It establishes the topics for review

Data availability means you are able to access the data or information you need when you need it without any delays or long wait times. There are lots of threats to the availability of data. There can be many disasters, such as natural disasters causing major loss of data. There can also be human-initiated threats, like Distributed Denial Of Service attacks (DDoS) or even simple mistakes or configuration faults, internet failures or bandwidth limitations.

To provide continuous access, it is important to deploy the relevant options. The routine maintenance of hardware, operating systems, servers, applications through fault tolerance, redundancy, load balancing and disaster recovery measure must be in place. These will ensure high availability and resiliency.

There are technological deployments (hardware/software), such as fail-over clustering, load balancers, redundant hardware/systems and network support to fight availability issues.

24 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars

Get it

Due Diligence is the understanding of governance principles and risks your organization has to face. This process involves the gathering of information, assessment of risks, establishing written policies and documentation, and distributing this information to the organization.

Due care is about the responsibilities. In other words, it is about your responsibility within the organization and the legal responsibilities to establish proper controls, and follow the security policies to take reasonable actions and make better choices.

These two concepts can be confusing. For the ease of understanding, you can think due diligence as the practice by which the due care can be set forth.

21 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars

What you need to study

In 2003, The USA Department of Defense (NSA) adopted the CISSP as a baseline in order to form the ISSEP (Information System Security Engineer Professional) program. Today it is considered one of the CISSP concentrations. CISSP also stands as the most required security certification in LinkedIn. The most significant win it reached is to become the first information security credential to meet the conditions of ISO/IEC Standard 17024. According to (ISC)2, CISSP works in more than 160 nations globally. More than 129,000 professionals currently hold the certification and this implies how popular and global this certification is. Information security as a carrier is not a new trend and the requirements, opportunities and salary has grown continuously. To become an information security (Infosec) professional takes dedication, commitment, learning, experimentation and hands on experience. To become a professional with applied knowledge takes experience, which is a critical factor. There are lots of Infosec programs and certifications worldwide. Among all the certificates, such as CISA, CISM etc., CISSP is known as the elite certification, as well as one of the most challenging, yet rewarding.

19 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars

CISSP Killer

Rsk is or can be defined as a step toward evolution. In day to day life, taking a risk to obtain a goal (i.e. a reward) is crucial. When it comes to information technology, the risk is something that comes along with the territory. There are many industries that integrate information technology into their daily operations. Take for example, the healthcare industry or the banking, information technology operates within the core levels. This comes with a huge risk in terms of information exposure, theft, and corruption. The calculation of assessing the associated risk, implementing and testing measures, mitigating the risks become a core responsibility of the security and management. In the current information technology atmosphere, there are many risks associated with the components of a system. This can range from a simple display panel to complex machinery in a nuclear power plant. Risk management involves the process of understanding, assessing (analysis) and mitigating the risks to ensure the security objectives are met. Every decision-making process inherits the risks and the risk management process ensures the effectiveness of these decisions without having to go through the security failures.

18 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars

IMHO best explanation

Certified Information Systems Security Professional is the world’s premier cyber security certification (ISC)2. The world’s leading and the largest IT security organization was formed in 1989 as a non-profit organization. The requirement for standardization and maintaining vendor-neutrality while providing a global competency lead to the formation of the “International Information Systems Security Certification Consortium” or in short (ISC)2. In 1994, with the launch of the CISSP credential, a door was opened to a world class information security education and certification. CISSP is a fantastic journey through the world of information security. To build a strong, robust and competitive information security strategy and the practical implementation is a crucial task, yet a challenge that is entirely beneficial to an entire organization. CISSP focuses on an in-depth understanding of the components of critical areas in the information security. This certification stands out as proof of the advanced skills, and knowledge one possesses in terms of designing, implementing, developing, managing and maintaining a secure atmosphere in an organization.

15 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars

One of the best options to study if you want to be

One of the best options to study if you want to become a CISSP

Personal Identifiable Information are sensitive to customers, employees, vendors, consultants and other parties. Therefore, such information must be kept safe. Only the indented party must be able to obtain and use the information. This process must also be audited to ensure trustworthiness. There must be a documented privacy policy to describe what types of information are covered and to who it is applied.

Risk management is the process of determining the threats, and vulnerabilities, assessment of the risks, and risk response. The reports resulting after this process are sent to management to make educated and intelligent decisions. The team involved is also responsible for budget controls. A real-world scenario is that the organization management is spending less money and time to reduce the risks to a certain level.

A vulnerability is an exploitable problem. When a vulnerability is present, a threat is a possibility. These two are linked, as you understand now. There are known and unknown vulnerabilities. As an example, a computer may have a bug if it is unpatched. If this already has a patch, but not applied, it is a known threat. If no one except a malicious user knows it, it is an unknown threat. Identifying these is not easy in real-life situations.

13 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars

Here is the Highest complement I can give ........

Here is the Highest complement I can give the Study ...

When it comes to establishing an information security strategy, the decision must come from the top of the organization’s hierarchy. The organization’s governance or the governing body must initiate the security governance processes and policies to direct the next level management (executive management). Which means the strategy itself, the objectives and the risks are defined and executed in a top-down approach. The strategy must be in compliance with the existing regulations as well. The executive management must be fully aware/informed of the strategies (visibility) and have control over the security policies and the overall operation. In the process, the teams must meet and review the existing strategy, incidents, introduce new changes when as required and approve the changes accordingly. This strengthens the effectiveness, and ensures that the security activities are continuing while mitigating risks, while the investment on security is worth the cost. Many organizations must satisfy one or more compliance requirements. There can be one or more applicable laws, regulations, and industry standards. The consequence of non-compliance can be severe, as the act directly violate regulations, which include state laws and regulations. The worst-case scenario is the end of business followed by a considerable fine. Therefore, compliance is a very important topic to discuss and understand.

9 people found this helpful

  • Overall
    4 out of 5 stars
  • Performance
    4 out of 5 stars
  • Story
    4 out of 5 stars

Outstanding!

I passed the CISSP exam preparing with this course (just hearing it 2 times and answering the questions).

5 people found this helpful

  • Overall
    3 out of 5 stars
  • Performance
    1 out of 5 stars
  • Story
    4 out of 5 stars

Good book, terrible narration.

I'm about 3 hours in, and the book feels good and informative in the right places, but the narration is awful. The narrator pauses in weird places (prepare yourself for repeated "C...ISSP" and mid-sentence pauses that sound like end-of-sentence pauses, making it difficult listen and actually glean the information correctly). The important thing for the written book is that it touches on all of the domains and provides adequate coverage. This may not quite rise to that level... it's a good beginning look but doesn't seem to go quite in-depth far enough in some places (like cryptography). But in an audio presentation, it's important that the thoughts (sentences) flow together so you can pick up the information, and that's where this one falls short.

4 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars

A needed book for the Cybersecurity professional

The instructor does a great job of explaining the information. I like that the information is organized and flows, allowing me to understand the connection of each subject.

2 people found this helpful

Sort by:
Filter by:
  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars
Profile Image for  Derek
  • Derek
  • 07-18-20

Just a heads up

Onboarding is the welcoming phase in recruitment. It comprises of all the activities the person must go through. If the process is structured, logical, and easier to grasp, the risk is reduced greatly. To obtain the maximum results from all the of newbies, there must be a standard, documented process.

On the other hand, termination is a crucial part of the job of a manager. It is acceptable when a person retires after completing the required years. The other case is when the management is about to terminate an employee. This can be a high-stressed situation, especially if the termination is raised by cost reduction. In any case, the organization must revoke all the access to the systems.

Therefore, keeping policies and procedures documented can streamline this process.

24 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars
Profile Image for Nicole  Dunigan
  • Nicole Dunigan
  • 07-20-20

Complete review for the CISSP test.

The importance of being responsible as well as accountable must be an important issue to understand. The definition of roles has to be tied to the responsibilities. It also ensures the boundaries and accountability. When implementing a security policy, the responsibilities delegated to the parties involved must be defined in the policy and what roles are able to enforce and control the activities. These roles and responsibilities must be able to be applied to all the parties involved from the lowest level employee to the suppliers, stakeholders, consultants, and all the other parties. As we discussed in earlier paragraphs, executive level management is responsible for and must demonstrate a strong allegiance with the security program in place. He/she is responsible for multiple functions and eve wears multiple hats at certain times. As a manager, the responsibilities include implementing a proper information security strategy with the top-down approach and mandate. The person should also lead the entire organization when it comes to security by utilizing the skills, expertise, and leadership. There should be room for education, recognition, rewarding, and proper penalties. On the other hand, as employees, they should honor the security framework. The compliance, gaining awareness of the policies, procedures, baselines and guidelines, legislations, through proper training programs are essential. By learning, understanding, and complying with the security program one can preventcompromization through due care. This has to become the organization’s security culture.

21 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars
Profile Image for  Andrew Miura
  • Andrew Miura
  • 07-21-20

Get this! It will help you pass!

The learning process and gaining experience are the two main parts of the CISSP path. It is definitely a joyful journey, yet one of the most challenging, without a proper education and guidelines. The intention of this book is to prepare you for the adventure by providing you a summary of the CISSP certification, how it is achieved and a comprehensive A-Z guide on the domains covered in the certification. This is going to help you get started and become familiar with the CISSP itself. With a bit of a history, benefits, requirements to become certified, the prospects, and a guide through all the domains, topics, sub-topics that are tested in the exam. After you read this you will have a solid understanding of the topics and will be ready for the next level in the CISSP path. f you are looking for corporate training for an organization or an enterprise, (ISC)² provides on-site training. The training is similar to the classroom lead training. There will also be a dedicated exam schedule assistance.

17 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars
Profile Image for Tegan
  • Tegan
  • 07-26-20

Studying for the CISSP in the bathtub!

The online learning option is one of the most popular and cost-effective choices nowadays, as it eliminates travel cost. For the people with a busy schedule, this is the best option. The courseware in (ISC)² is available for 60 days of access. An authorized instructor will be available. There are weekday, weekend and other options to select to for the requirements. If someone wants to self-learn CISSP in their convenience, this option is also available. This may be the most popular options available for many students who are geographically dispersed. Also, the best option to cut costs and time. There is instructor-created HD content and the materials are equivalent to the class-room content. Interactive games, Flash cards, exam simulations, all of these at a single place for 120 days if you select (ISC)². There are many other training providers to select from. This is also suitable for an organization. Finally, if you want to register for an exam, review the exam availability by credential first. This is available at (ISC)² website. Then visit the Pearson VUE website, create an account, select the venue and time, make the payment and wait for the confirmation email. Once you receive the details, do some more quick studies, simulation practice tests (i.e. online) and go for it.

16 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars
Profile Image for Cynthia Johnson
  • Cynthia Johnson
  • 07-29-20

Key to passing CISSP

During the lifecycle of a business, in order to maintain the competence, agility and focus, organizations tend to acquire other organizations or sell one of their own business units. Most of the acquisitions occur when there is a need for new technologies and innovation. Information security is a complex process when it comes to mergers, acquisitions and even divestitures.

When acquiring an existing organization, there are multiple security considerations. The existing organization also has a different hierarchy and security governance committee and executives, their strategy, policies and process, the differences between the organizations, as well as the nature, and current state of the operations. With any acquisition, there is a risk associated.

There can be many operations in an existing company in terms of information security such as threat management and monitoring, vulnerability management, operations management, incident management, and other types of surveillance involved. Some of these can be linked to third-party. The existing security framework must be flexible to integrate the new business unit with a hassle.

When an organization divides into another or even multiple units, the security architecture can be moved by splitting the units with adequate changes and flexibility to better align with the new or changed process. Some reforms may need as the concentration of the business can change (mission, strategies, and objectives). There may be new regulations to adopt. Once the alignment is complete, the units can move forward with the new initiatives.

12 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars
Profile Image for Ruth Hudson
  • Ruth Hudson
  • 08-08-20

100% Surety You’re Covering All the Topics

The role of the information security is not to stand in a corner and safeguard a set of device or information. The need arises within the business itself, while planning. In any strategic planning phase, the business concentrates on its goals, the mission to reach one or more goals and the objectives toward each goal to reach the final outcome. To prevent and mitigate the risks the information security functions must be clearly identified, aligned and streamlined with the mission, goals, business strategy and objectives. If it is properly aligned, it will ensure the business continuity by attaining risk mitigation, disaster recovery and reaching objectives within the given time frame by fitting it to the business process. In order to do so, these elements and the relationship to information security must be understood. When this is clearly understood it is easier to allocate organizational resources and budget to security initiatives. The outcome will be more efficient and effective security policies and procedures aligned with the entire business process.

4 people found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars
Profile Image for Jackson
  • Jackson
  • 08-09-20

Audible is a good format for this book

The CISSP course instructor is the best and the way he narrates the course is so easy to register on the mind. The explanations and the structure of the course is also great!!

1 person found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars
Profile Image for James
  • James
  • 08-08-20

Complete review for the CISSP test.

I have really enjoyed the experience to this point. My goal is passing the CISSP. While this format is providing the information, I don't feel that they are responsible for me passing the exam as this is has multiple factors in order for it to happen. So I would say that the information is provided in a great sequence and the information is being added to the compendium of knowledge that I have gained and I feel it adds to the probability of me passing the exam. So Jones I think you are doing a great job! As a security professional, you should practice and establish the ethical framework by honoring, training, and guiding the others through documentation and other means necessary. It is also important to review and enhance the practices and guidelines. The frameworks may be different from one organization to another. In such cases, the flexibility and adaptability have to be there to align yourself and others. The compensative or alternative control is a measure applied when the expected security measure is either too difficult or impractical to implement. These can be in the forms of physical, administrative, logical, and directive. Segregation of duties, encryption, and logging are few examples. PCI DSS is a framework where we can exhibit the compensating controls.

1 person found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars
Profile Image for Efren Bright
  • Efren Bright
  • 08-08-20

Not just for the exam

Content and material is fine. The introductory material on each domain makes it look like you haven’t finished the course.

1 person found this helpful

  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars
Profile Image for Hall
  • Hall
  • 07-31-20

Motivational for me

This is coming from somebody with a lot of practical experience and well on the exam too.
It was very motivational for me. Thanks.

1 person found this helpful