For the first time in seven editions, the CISSP All-in-One Exam Guide bears the names of two authors. For the first time in 15 years, Shon Harris will not be with us as we go to print on a new edition of her seminal work. Still, she remains with us in the pages of the hundreds of thousands of books sold, which have enriched the lives of security professionals worldwide. It is no exaggeration to say that Shon was one of the most influential authors in our field. Her legacy lives on in the pages of this latest edition.
Our goal in this seventh edition of Shon’s book was both to address the newly revised CISSP body of knowledge and to allow you to hear Shon’s voice as you read the words on its pages. You see, much of the content in this book was actually authored by Shon. We have reorganized, enhanced, augmented, and updated it, but the content is still largely hers. If you have read any of her multitude of other works or had the blessing of having met her, you will recognize her distinctive tone in these pages. We also hope that you will perceive her penchant for excellence in every aspect of professional development.
The goal of this book is not just to get you to pass the CISSP exam, but to provide you the bedrock of knowledge that will allow you to flourish as an information systems security professional before and after you pass the certification exam. If you strive for excellence in your own development, the CISSP certification will follow as a natural byproduct. This approach will demand that you devote time and energy to topics and issues that may seem to have no direct or immediate return on investment. That is OK. We each have our own areas of strength and weakness, and many of us tend to reinforce the former while ignoring the latter. This leads to individuals who have tremendous depth in a very specific topic, but who lack the breadth to understand context or thrive in new and unexpected conditions. What we propose is an inversion of this natural tendency, so that we devote appropriate amounts of effort to those areas in which we are weakest. What we propose is that we balance the urge to be specialists with the need to be well-rounded professionals. This is what our organizations and societies need from us.
The very definition of a profession describes a group of trusted, well-trained individuals that performs a critical service that societies cannot do for themselves. In the case of the CISSP, this professional ensures the confidentiality, integrity, and availability of our information systems. This cannot be done simply by being the best firewall administrator, or the best forensic examiner, or the best reverse engineer. Instead, our service requires a breadth of knowledge that will allow us to choose the right tool for the job. This relevant knowledge, in turn, requires a foundation of (apparently less relevant) knowledge upon which we can build our expertise. This is why, in order to be competent professionals, we all need to devote ourselves to learning topics that may not be immediately useful.
This book provides an encyclopedic treatment of both directly applicable and foundational knowledge. It is designed, as it always was, to be both a study guide and an enduring reference. Our hope is that, long after you obtain your CISSP certification, you will turn to this tome time and again to brush up on your areas of weakness as well as to guide you in a lifelong pursuit of self-learning and excellence.