1. The Effective CISSP: Security and Risk Management
Security and Risk Management (SRM) is the first book in my “The Effective CISSP (TEC)” series. I wrote this book as a supplement or complement but not a replacement to the well-known study guides, e.g., the Sybex Official Study Guide (OSG) or McGraw-Hill All-In-One (AIO).
This book helps in the preparation of CISSP, CISM, and other security certification exams. Moreover, it’s an excellent reference in practice. It introduces the following core security concepts across domains, but not all the eight domains, with a holistic and integrated approach:
- Information Security
- Based on a risk-aware approach
- With a business mindset
- Risk Management
- Based on ISO 31000 (neutral risk concept) and NIST FARM (Three-tiered)
- Comprehensive coverage of COSO, ISO 27005, and PMI RMP
- Strategic Management
- Based on the PMI OPM framework
- Concept of Projects, Programs, Portfolios, and Operations
- Business Continuity Management
- System Contingency Planning (NIST)
- Incident Response
- Disaster Recovery
- Business Continuity (ISO 22301)
- Foundational Concepts
- Management: Goals, Objectives, and PDCA
- Data Governance: Roles and Responsibilities
- Change and Configuration Management
- Risk Management Framework (NIST RMF)
- Security Assessments and Audits
- Life Cycles: User/Provisioning, Data, and System
- Security Engineering
- Access Control
The SRM is all about management; it has a sibling of technologies. I’m planning for The Effective CISSP series to make it more complete and self-contained. “The Effective CISSP: Security Architecture and Engineering” is on the way. I hope it can be available before the new CISSP exam outline takes effect.
2. The Effective CISSP: Practice Questions
This book, aka CISSP Sudoku 365, is an innovation among Kindle ebooks of practice questions. It is a compilation of questions from Wentz QOTD available for free on my blog. However, it provides a fantastic navigation experience between questions and answers, saves lots of your time, and improves learning efficiency and effectiveness.
The Paperback Version
The paperback cannot provide the same level of handy experience as the Kindle version, but it meets the requirement of book lovers or collectors. The paperback version is provisioned in the US so far and will be globally available in five days once the Amazon completes synchronizing its servers around the world.
3. The Chinese Version
I plan to publish the Chinese Kindle version of The Effective CISSP: Practice Questions in late September 2020 to meet the local demands. This book is a co-work with peer CISSPs: Ethan, Sky, and Steven.
Introduction to InfoSec Governance
My online course in Chinse, Introduction to Information Security Governance (https://bit.ly/2Yh6SOi) goes public. Students completing the course will receive PMI PDUs.