This page contains links, books, & pointers to other web pages dealing with the ISC2 CISSP exam, 
While we're striving to have the best CISSP study information, please send suggestions to: wk [at]
All book sales go towards the general fund...
Heck, buy an
Apple Quad Processor G5 Desktop to help that along nicely, you will thank us later!


Mailing Lists


This group promotes information exchange among those who are self-studying for the CISSP exam. To locate a study group in your area, post a message at the forum for study groups at

HIPAA-CISSP Discussions specifically focused on HIPAA Security regulations and issues by CISSP's.

The HIPAA-CISSP discussion list is intended for discourse on the interpretation, implementation, and issues associated with compliance to the HIPAA security regulations.   It is expected that the majority of the participants on the list will be CISSP's that are primarily focused on HIPAA compliance issues.

InfoSec News

UPDATED - InfoSec News is a privately run, medium traffic list that caters to distribution of information security news articles. These articles will come from newspapers, magazines, online resources, and more.

Shop InfoSec News

UPDATED - Best Selling Security Books & More!



CISSP All-in-One Exam Guide (Third Edition)
by Shon Harris

This authoritative reference offers complete coverage of all material on the Certified Information Systems Security Practitioner (CISSP) exam. You'll find exam objectives at the beginning of each chapter, helpful exam tips, end-of-chapter practice questions, and photographs and illustrations. The bonus CD-ROM contains practice tests and hundreds of questions. This comprehensive guide not only helps you pass this challenging certification exam, but will also serve as an invaluable on-the-job reference.


Advanced CISSP Prep Guide: Exam Q&A
by Ronald L. Krutz, Russell Dean Vines

Used alone or as an in-depth supplement to the bestselling The CISSP Prep Guide, this book provides you with an even more intensive preparation for the CISSP exam. With the help of more than 300 advanced questions and detailed answers, you'll gain a better understanding of the key concepts associated with the ten domains of the common body of knowledge (CBK). Each question is designed to test you on the information you'll need to know in order to pass the exam. Along with explanations of the answers to these advanced questions, you'll find discussions on some common incorrect responses as well. 


The CISSP Prep Guide: Mastering the Ten Domains of Computer Security
by Ronald L. Krutz, Russell Dean Vines, Edward M. Stroz

The CISSP Prep Guide, one of only a handful of books on its subject, does a good job of giving readers a feel for the scope of the test and the style of its questions. It's ideal for use either as a preliminary survey of the CISSP subject areas (the test's publisher and the authors of this book call them "domains") for relative newcomers to computer security, or as a pure study guide to help more experienced professionals zero in on the weak spots in their knowledge. Don't expect to do well on the CISSP exam having only read this book. You'll want to have some practical experience and some specialized reading under your belt.


The CISSP Prep Guide: Gold Edition
by Ronald L. Krutz & Russell Dean Vines

The CISSP Prep Guide: Gold Edition has been updated to include CISSP bonus questions never before published and advanced question and answer tutorial, the CD-ROM contains 660 questions of which 360 have never before been available electronically, and all questions have been designed with Boson, the premier interactive test engine for technical books in the industry.


Information Security Management Handbook, Fifth Edition
by Harold F. Tipton (Editor) & Micki Krause (Editor)

Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a "must have" book, both for preparing for the CISSP exam and as a comprehensive, up-to-date reference.


CISSP For Dummies
by Lawrence C. Miller, Peter Gregory

It can be a long and difficult road to CISSP certification, but this book will help readers survive! It offers a blueprint to CISSP exam success, presenting numerous self-assessment tools to help readers gauge their progress. It also includes several test-taking tips and plenty of resources for further study.



The Total CISSP Exam Prep Book: Practice Questions, Answers, and Test Taking Tips and Techniques
by Thomas Peltier, Patrick D. Howard

Written by ten subject matter experts, this test prep book allows Certified Information Systems Security Professional (CISSP) candidates to test their knowledge in each of the ten security domains that make up the common body of knowledge upon which the CISSP exam is based. Each subject is briefly outlined, and sample quizes and explained answers are given for each domain. There is also material on testing strategies and exam preparation approaches. The authors are instructors for the Computer Security Institute.


CISSP Training Guide
by Roberta Bragg

This book maps to the exam objectives and offers numerous features such as exam tips, case studies, and practice exams. In addition, the CD includes PrepLogic Practice Tests, Preview Edition, making it the ultimate guide for those studying for the CISSP exam.



CISSP Exam Cram
by Mandy Andress

The CISSP Exam Cram is an exciting new study guide for the rapidly growing number of professionals seeking to pass the CISSP certification exam. Clear, concise, and highly focused content lays out core technologies covered on the exam like Access Control, Compute Operations Security, Cryptography, Application Program Security, Communications Security, and Systems and Physical Security. Candidates gain a significant advantage during the test from the book's tear-out cram sheets and memory joggers, sections on proven test-taking strategies, warnings on trick questions, and time-saving study tips.


Secured Computing: A Cissp Study Guide
by Carl F. Endorf, Chad Johnson (Editor)

This study guide is designed for the experienced Security Professional. This guide will help to supplement your studies and further your goal of acquiring the CISSP designation. The book is designed for a security professional by a security professional. The author has strived to take the information that is needed to be successful in the security arena and to condense it into one concise volume.



Official (ISC)2 Guide to the CISSP Exam
by Susan Hansche, John Berti, Chris Hare

Candidates for the CISSP exam can now go directly to the source for study materials that are indispensable in achieving certification. The Official (ISC)2 Guide to the CISSP Exam is derived from the actual CBK review course created and administered by the non-profit security consortium (ISC)2. In addition to being an invaluable study guide, this book is detailed enough to serve as an authoritative information security resource. Both of the guide's co-authors are CISSPs, and the entire text has been reviewed and approved by Hal Tipton, Co-Founder and Past President of ISSA and Co-Founder of (ISC)


Against the Gods: The Remarkable Story of Risk
by Peter L. Bernstein

Peter Bernstein has written a comprehensive history of man's efforts to understand risk and probability, beginning with early gamblers in ancient Greece, continuing through the 17th-century French mathematicians Pascal and Fermat and up to modern chaos theory.


CISSP: Certified Information Systems Security Professional Study Guide
by Ed Tittel, Mike Chapple, James Michael Stewart

Topics covered include security architecture, access control systems, cryptography, operations and physical security, law, investigation & ethics. Written by IT security experts with years of real-world security experience, this book provides in-depth coverage of all official exam domains and includes hundreds of challenging review questions, electronic flashcards, and a searchable electronic version of the entire book.



Effective Physical Security
by Lawrence J. Fennelly (Editor)

Vulnerability assessment and target hardening are two main components of the crime prevention field. Effective Physical Security, 2nd edition is written by specialists in this field and contains a wealth of practical, immediately useful information. Material for this book was selected from an earlier Butterworth-Heinemann publication, Handbook of Loss Prevention and Crime Prevention, Third Edition, and includes two completely new chapters on computer security and access control.



Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes
by Albert J. Marcella Jr, Robert S. Greenfield

The field bible for information security professionals, this book introduces you to the broad field of cyber forensics and presents the various tools and techniques designed to maintain control over your organization. You will understand how to, Identify inappropriate uses of corporate IT, Examine computing environments to identify and gather electronic evidence of wrongdoing, Secure corporate systems from further misuse, Identify individuals responsible for engaging in inappropriate acts taken with or without corporate computing systems,  & Protect and secure electronic evidence from intentional or accidental modification or destruction.



The Shellcoder's Handbook: Discovering and Exploiting Security Holes
by Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, Sinan "noir" Eren, Neel Mehta, Riley Hassell

Examines where security holes come from, how to discover them, how hackers exploit them and take control of systems on a daily basis, and most importantly, how to close these security holes so they never occur again. A unique author team-a blend of industry and underground experts- explain the techniques that readers can use to uncover security holes in any software or operating system. Shows how to pinpoint vulnerabilities in popular operating systems (including Windows, Linux, and Solaris) and applications (including MS SQL Server and Oracle databases). Details how to deal with discovered vulnerabilities, sharing some previously unpublished advanced exploits and techniques


Hacking Exposed: Network Security Secrets & Solutions, Fourth Edition
by Stuart McClure, Joel Scambray, George Kurtz

Hacking Exposed, talks about security from an offensive angle. A Jane's-like catalog of the weaponry that black-hat hackers use is laid out in full. Readers see what programs are out there, get a rundown on what the programs can do, and benefit from detailed explanations of concepts (such as wardialing and rootkits) that most system administrators kind of understand, but perhaps not in detail. The book also walks through how to use the more powerful and popular hacker software, including L0phtCrack. This new edition has been updated extensively, largely with the results of "honeypot" exercises (in which attacks on sacrificial machines are monitored) and Windows 2000 public security trials. There's a lot of new stuff on e-mail worms, distributed denial-of-service (DDoS) attacks, and attacks that involve routing protocols.


The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography
by Simon Singh

The Code Book, offers a peek into the world of cryptography and codes, from ancient texts through computer encryption. Singh's compelling history is woven through with stories of how codes and ciphers have played a vital role in warfare, politics, and royal intrigue. The major theme of The Code Book is what Singh calls "the ongoing evolutionary battle between codemakers and codebreakers," never more clear than in the chapters devoted to World War II. Cryptography came of age during that conflict, as secret communications became critical to both sides' success.


Web - Computer Security & Intelligence
Last updated 12.26.12