CISSP All-in-One Exam Guide, 6th Edition

Book Preface

This year marks my 39th year in the security business, with 26 of those concentrating on information security. What changes we have seen over that period: from computers the size of rooms that had to be cooled with water to phones that from a computing aspect are orders of magnitude more powerful than the computers NASA used to land man on the moon.

While we have watched in awe, the technology has evolved and our quality of life has improved. As examples, we can make payments from our phones, our cars are operated by computers that optimize performance and fuel economy, and we can check in and get our boarding passes from our hotel room.

Unfortunately there are those who see these advances as opportunities for them personally or their organization to gain politically or financially by finding vulnerabilities within these technologies and exploit them to their advantage.

To combat these adversaries the information security specialty evolved. One of the first organizations to formerly recognize this specialty was (ISC)2, which was founded in 1988. In 1994 (ISC)2 created the Certified Information Systems Security Professional (CISSP) credential and conducted the first examination. This credential gave assurance to managers and employers (and potential employers) that the holder possessed a baseline understanding of the ten domains that comprise the Common Body of Knowledge (CBK).

The CISSP All-in-One Exam Guide by Shon Harris is one of many publications designed to prepare a potential CISSP exam taker for the exam. I admittedly have probably not seen every one of these guides, but I would argue that I have seen most. The difference between Shon’s book and the others is that her book doesn’t try to teachthe exam, and as such, her book teaches the material one needs to pass the exam. This means that when the exam is over and the credential has been awarded, Shon’s book will still be on your bookshelf (or tablet) as a valuable reference guide.

I have known Shon for close to 15 years and continue to be struck by her dedication, ethics, and honor. She is the most dedicated advocate of our profession I have met. She works constantly to improve her materials so learners at all levels can better understand the topics. She has developed a learning model that helps make sure everyone in an organization from the bottom to the C-suite know what they need to know to make informed choices resulting in due diligence with the data entrusted to them.

It is a privilege to have the opportunity to help introduce this work to the perspective CISSP. I’m a huge Shon fan and I think that after learning from this book, you will be too. Enjoy your experience and know that your work in achieving this credential will be worth the effort.

Tom Madden, MPA, CISSP, CISM
Chief Information Security Officer for the Centers for Disease Control