Publications

The Effective CISSP - SRM

1. The Effective CISSP: Security and Risk Management

Security and Risk Management (SRM) is the first book in my “The Effective CISSP (TEC)” series. I wrote this book as a supplement or complement but not a replacement to the well-known study guides, e.g., the Sybex Official Study Guide (OSG) or McGraw-Hill All-In-One (AIO).

This book helps in the preparation of CISSP, CISM, and other security certification exams. Moreover, it’s an excellent reference in practice. It introduces the following core security concepts across domains, but not all the eight domains, with a holistic and integrated approach:

  • Information Security
    • Based on a risk-aware approach
    • With a business mindset
  • Risk Management
    • Based on ISO 31000 (neutral risk concept) and NIST FARM (Three-tiered)
    • Comprehensive coverage of COSO, ISO 27005, and PMI RMP
  • Strategic Management
    • Based on the PMI OPM framework
    • Concept of Projects, Programs, Portfolios, and Operations
  • Business Continuity Management
    • System Contingency Planning (NIST)
    • Incident Response
    • Disaster Recovery
    • Business Continuity (ISO 22301)
  • Foundational Concepts
    • Management: Goals, Objectives, and PDCA
    • Data Governance: Roles and Responsibilities
    • Change and Configuration Management
    • Risk Management Framework (NIST RMF)
    • Security Assessments and Audits
    • Life Cycles: User/Provisioning, Data, and System
    • Security Engineering
    • Access Control

 

2. The Effective CISSP: Practice Questions

This book, aka CISSP Sudoku 365, is an innovation among Kindle ebooks of practice questions. It is a compilation of questions from Wentz QOTD available for free on my blog. However, it provides a fantastic navigation experience between questions and answers, saves lots of your time, and improves learning efficiency and effectiveness.

  • The Paperback Version

The paperback cannot provide the same level of handy experience as the Kindle version, but it meets the requirement of book lovers or collectors. The paperback version is provisioned in the US so far and will be globally available in five days once the Amazon completes synchronizing its servers around the world.

  • The Chinese Version

The Chinese Kindle version of The Effective CISSP: Practice Questions is a co-work with peer CISSPs: Ethan, Sky, and Steven.