If you are looking for a formal vade mecum in your quest for CISSP certification, then The CISSP companion handbook: A collection of tales, experiences and straight up fabrications fitted into the 10 CISSP domains of information security by Javvad Malik should not be your reference guide.
But if you are looking for an entertaining and educational book to give a break to the monotonous work of CISSP preparation; this is your guide, and a very funny one at that. Even for those security gurus that have the treasured and adored CISSP certification (and all the more so for those with SANS certifications), the book is a witty look at the world of information security, and ones man’s observation of it.
What are Malik’s accomplishments? Well, he really knows information security and brings a lot of experience to the table. He won the RSA Social Security Blogger award for the most entertaining blogger, as well as the best security video blogger and most entertaining blog at the European Security Blogger Awards. The book is entertaining in the sense that he doesn’t drone on about information security abbreviations and acronyms.
When discussing TCP/IP, the book uses rock music as an analogy. Drums are TCP, an electric guitar is UDP; vocals are IP, with the band manager as ARP and the record label are RARP. While those analogies certainly won’t help you pass the test; they will definitely give you a more realistic understanding of what the protocols really do.
No CISSP guide would be complete without a reference to the Bell-LaPadula model, which the book mentions on page 107. The book doesn’t really define it, but notes that it may be used and implemented in pencil pushing governmental departments.
As an aside, I once worked with a really smart guy who once worked with Len LaPadula at Bell Labs. He couldn’t tell me what the model was either. But he did note that most people mispronounced his name as La-pa-doo-la. When Dr. LaPadula himself pronounced it as le-pad-you-lah.
In movies such as Cars, much of the humor is lost on the children, while the adults will laugh. This book is very much like that in the sense that those have been in the industry for a while will get the humor and irony Malik’s writing. In Domain 3: Information Security Governance & Risk Management, he writes that if you do things just because they are best practices, you end up becoming an auditor, and notes that nobody likes an auditor. In the footnote, he clarifies hat despite the sweeping generalization, there are some good and effective auditors in existence… a few. Only those who have been in information security for a while can appreciate the humor there.
The book is only available for the Kindle, and at 99 cents, that comes out to less than 10 cents per CBK domain. Note that in the book, he never defines what CBK stands for, which would leave a CISSP candidate grasping in horror for an acronym without a definition.
When it comes to pure CISSP guides, a best practice is to use the CISSP All-in-One Exam Guide by Shon Harris, all 1,500 pages of it.
If you want the funniest and cheapest and downright educational guide around, nothing beats The CISSP companion handbook: A collection of tales, experiences and straight up fabrications fitted into the 10 CISSP domains of information security.