Following is my review of the recent release CISSP in 21 Days. A sample chapter can be retrieved from here.
Summary:
CISSP in 21 Days by M. L. Srinivasan is a CISSP exam prep book. By its own admission, it is not a comprehensive, end-all-be-all book for preparing for the CISSP. What it does claim is the ability to take you through a well-reasoned progression over the course of 21 days to hit on the key concepts and topics of the CISSP, with the last day focused on taking a 250-question sample test. Overall, I think the book accomplishes its goal and could be a useful study guide.
There is no shortage of CISSP prep books today. Shon Harris alone accounts for a lion's share of the market, and one should also not overlook the Tipton and Krause anthology Information Security Management Handbook. In the face of these books, one might wonder why Srinivasan would even bother with an attempt. However, if there's one thing that is clear from most CISSP prep books, it's that they've taken the "quantity over quality" approach, oftentimes burying the reader in hundreds of pages of oftentimes duplicated and sometimes error-ridden work.
In this instance, the book covers all major topics in 225 pages, broken up into 20 days of study, where each of the 10 CBK topics is covered at 2 days each. The layout is clean, lightweight, and concise, hitting the important points. One should not feel overwhelmed by the amount of materials presented, though one might also be left wondering if this is really all there is (it isn't - there's more). However, the book never claims to be a complete, comprehensive training guide - merely a guide for reviewing topics. Specially, the book points out that it "assumes that the candidate already has sufficient knowledge in all 10 domains of the CISSP CBK..."
Strengths:
* Concise: The book is very brief and to the point. It does not waste ink or pages on unnecessary explanations.
* Logical: A reasonably logical approach is taken to the topics, starting with security and risk management and expanding from there.
* Straightforward: The explanations provided are very straightforward and clear.
* Clean Layout: The book is laid out in a manner that is easily read and followed. Ample room is left in the margins for notes.
Weaknesses:
* Thin: This is not a comprehensive prep guide, but rather a review guide. The book is not aimed at beginners.
* Few References: In the "Introduction" the book mentions that there will be a reference section at the end. It turns out this Reference section has 9 entries, including Wikipedia. Not complete or particularly useful. One of the links is for the ISO organization, but it incorrectly uses a TLD of .ch instead of .org.
* Rigid Language: The language is fairly rigid in its construct. This is fine, but it can be off-putting for some readers.
* Some Grammar Issues: The author is an Indian National, and thus there are the occasional grammar flubs. The errors are not terribly serious, but they may be distracting or off-putting to some readers, particularly speakers of American English.
* Slightly Pricey: The eBook (PDF) lists for $22.39 and the print+eBook lists for $40.79. Given that this is just a review guide and not a comprehensive prep guide, I feel that anything over $20 is asking too much.
Recommendation:
So, the magic question: Would I recommend this book? My answer is a qualified "yes", though perhaps not at the current listed price point. This book could be useful for an experienced IT professional who already understands security, but has never looked at taking the CISSP before. From this standpoint, it would be very useful to quickly bone-up on what the requirements and expectations are.
That being said, this book will only be once piece in the overall puzzle, and it's lack of useful references means that the aspiring student will still need to go research other references.
This book is definitely not for the inexperienced IT professional. If you cannot speak knowledgeably to risk and security management, network security, system security, or physical security, then you will not find this book to be very useful. On the other hand, if you know these topics inside-out, then you may think this book isn't terribly useful.
If you're not familiar with the CISSP, but have the skills, this book can provide a useful starting point. If you don't have the skills, then don't start here.