Information Security Management Handbook

Some of the reviewers are confusing 'volumes' with editions. Each edition of this book contains several volumes. Each volume contains new papers, adding them to the current edition of the ISMH. The current edition of the Information Security Management Handbook is the 5th. At present, it has only 2 volumes. This CD-ROM only contains the 1st volume of the 5th edition. There is a new CD-ROM of the ISMH with a 2005 date (ISBN 0849339422) which I *think* contains the new volume 2 of the 5th edition (ISBN 0849332109) What makes this CD-ROM valuable over the 5thED-V1 book is that it contains the contents of the 3rd and the 4th editions! I know the 4th edition contained four volumes.

This book is a collection of papers that covers the ten domains of the Common Body of Knowledge (CBK) Generally Accepted Systems Security Principles (GASSP). As a compendium of knowledge from acknowledged experts this book represents an exceptionally valuable tool for security practitioners, and because the papers are grouped by CBK domain, it is also a useful study aid for anyone who is pursuing CISSP certification.The papers, individually and collectively, contain a wealth of information. However, anyone who wants to use this book as a resource for preparing for the CISSP exam should know that this book is Volume 1 of a three volume set. Moreover, this is not a book that was written as a study guide as much as a professional reference, and it isn't the only book a CISSP candidate should read. For the practitioner this book is an excellent investment because it does cover all ten CBK domains in great detail. However, I recommend investing in the CD ROM version of this book (Information Security Management Handbook on CD-ROM, ISBN 0849312345), which contains this book and Volumes 2 and 3. The CD ROM is more up-to-date and is more convenient then three books that combined contain nearly 2000 pages.Regardless of whether you opt for this book or the CD ROM, you'll gain a wealth of knowledge from this book and if used in conjunction with other sources of information you will be well prepared to pass the CISSP exam.

Don't confuse this CD ROM with the book that is being sold under the same title (ISBN 0849398290) because there are some major differences besides the media on which the material is provided.The book is actually Volume 1 of the Information Security Handbook, Fourth Edition. This CD ROM contains Volume 1, plus Volumes 2 and 3 of the handbook, making it a more complete compilation of the material that encompasses the ten domains of the Common Body of Knowledge (CBK) of Generally Accepted Systems Security Principles (GASSP). See the product page for Volume 1 for reviews and a complete description of that subset of this CD ROM. Volumes 2 and 3, like Volume 1 are aligned to the ten domains, but have more up-to-date material and new papers addressing a wider array of topics. Moreover, CISSP candidates will find a great deal more study material, and working practitioners will find information that covers emerging trends and technologies that have surfaced since Volume 1 was published.The new or expanded material of the two additional volumes on this CD ROM are:Volume 2 - (published in 2000), goes deeper in network security, but also covers interesting topics such as single-signon (will be of particular interest to organizations implementing LDAP), centralized authentication, and related topics in addition to newer coverage in each of the ten CBKs.Volume 2 (published in 2001), is an overall update for each of the CBKs and contains a lot of fresh material that is fair game for CISSP exam questions, as well as a compendium of fresh material for practitioners.In addition to the convenience of having all of this material on a CD ROM vs. over ten pounds of paper, the contents are searchable using the built in search facility, and can be printed when hard copy is required. This is a nice feature for consultants who can bring a wealth of reference material on site for quick cross-referencing during assessments or developing action plans that are consistent with the GASSP. Of course, the fact that this collection is more complete, comprehensive and up-to-date than the book by the same title makes this an attractive choice for anyone who requires working references or wants to prepare for the CISSP examination.

This book truly is a masterpiece. Tipton has compiled all of the diverse chapters smoothly and keeps your attention with subtle humor. This book is a "must have" if you are to be responsible for the implementation of BCP/DRP in your organization.Ignore the negative responses. You have to possess a higher level of knowledge in order to comprehend books of this nature. Very enjoyable reading. Bravo Tipton and Krause.

After reading several of the reviews listed, many with low ratings, it came to my attention that the people have completely missed the point. The CISSP is supposed to be an acknowledgement of your understanding of security, not a piece of paper. You want to blow through a test? Go get Transender and get your paper MCSE. This book is meant to present the various areas of security and provide some insight arranged in the 10 domains. To cover every aspect of security would take volumes - hence the value of these editions. If you are looking for a quick fix, this book is not for you. This book continually communicates the foundation concepts of security that you will need to be a true CISSP. It concerns me that a book compiled with so much referenced security information is considered low ranking. Based on the "it doesn't help with the test" statements, I fear that the CISSP will become the flooded, worthless paper we see in other certifications. For those of us who are CISSPs and have been in the industry for sometime, this quick fix attitude will damage the certification and lead to poor practices in the industry. Read this book and learn, the story is there, clearly. When you know security - then take the test, don't learn how to take the test.