Original price was: 9.495,00 EGP.6.048,00 EGPCurrent price is: 6.048,00 EGP.
Publisher : Auerbach Publications; 2nd edition (July 18, 2012)
Language : English
Hardcover : 462 pages
ISBN-10 : 1439820759
ISBN-13 : 978-1439820759
Item Weight : 7.1 ounces
Dimensions : 7 x 1.1 x 10 inches
Description
Price: $94.95 - $60.48
(as of Aug 22,2024 08:13:54 UTC – Details)
Publisher : Auerbach Publications; 2nd edition (July 18, 2012)
Language : English
Hardcover : 462 pages
ISBN-10 : 1439820759
ISBN-13 : 978-1439820759
Item Weight : 7.1 ounces
Dimensions : 7 x 1.1 x 10 inches
Listed as the official reference book for the ISC2 CAP exam
This book is a bit dated on the current RMF process. The Preparation step is not included. However, it is still listed as the official study guide for the ISC2 CAP certification. This is only a part however. It does break down the roles and process in an easy to understand manner. Reading this and ALL the NIST and FiPS references will get you close. Experience will get you across the line.
New Book
Bought this brand new for about $80 as the used ones were going for $50-$60. Fast shipping and recieved it in a NEW condition as advertised.
Boom Review
Book in great shape for its age!
Five Stars
Well written book! I’ve used this book with my students at the University of Alabama in Huntsville (UAH) to teach the CAP certification course. There are a few things that have changed and as such should be updated, but that is to be expected in the technology field. The idea is that you use this book as a supplement to the published NIST and FIPS guidance.
I am unable to add mac as my default device for the ebook
To better prepare for my exam I need this ebook on my mac rather than my phone. However, having issue selecting this after I have completed the order. I did not realize I will not be able to switch. Any suggestion? Thank you for your quick response.
SEVERLY OUT OF DAT
OFFICCIAL (ISC)2 GUIDE TO THE CAP CBK, Second EditionBy Patrick D. Howard, CISSP, CISMPublished 2012USBN 978-1-4398-2075Steven EddySept 1, 2017The author has done a great job given the state of the Risk Management Framework (RMF) at the time. He was involved in one of the first RMF assessments which was for the Department of Transportation. This was before the DOD requirement to transition from the DIACAP Certification and Accreditation process to the RMF Assessment and Accreditation (A&A) process. NIST Special Publication 800-37Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems a Security Life Cycle Approach is the overarching document for RMF. The problem with this book is that RMF has matured much since it was written. Assessment and Accreditation have been increasingly automated. The process has become more complicated and complex. Roll names have changed almost entirely. Practical steps required for a modern A&A process are not given. DISAâs Enterprise Mission Assurance Support Service (eMASS) application and website is essential and mandatory in prosecuting a modern A&A effort. eMASS uploads Excel test result spreadsheets and scans, creates the System Security Plan, the POAM, the Implementation Plan, the Risk Assessment Plan (RAR) and the Security Assessment Plan (SAR). Many new roles such as the Security Control Assessor â Reviewer (SCA-R) and Security Control Assessor- Verifier (SCA-V) are not mentioned, although they are two of the most critical roles. The execution of these roles are also accomplished in eMASS.An essential first element in categorizing systems is DoD information technology (IT) is broadly grouped as DoD information systems (IS), platform information technology (PIT) systems. This is not covered. Nor is one of the main advantages of RMF, reciprocity. Reciprocity is the ability to use authorizations of other similar systems to inherit compliance for security controls to a new system, avoiding redundant time and effort. Additionally, in categorization, there are also now categories of Very Low and Very High in addition to the Low, Moderate and High of the past. There is no mention of the Initial Approval to Test, which provides for testing of the system before production development takes place to prove the system concept is workable.FIPS, NIST and CNSS publications need to include titles, and brief summaries early in the book to avoid confusion and tell what subject matter they include in order to make referencing them easier. There is a glossary in the guide, but no acronym list, which is essential particularly in light of the renaming and adding of roles and processes. Inclusion of a compact disc containing a searchable soft copy of the book would be very helpful in studying the subject.Although this book was very well written for its time, it is very much out of date and needs to be updated along with the test it serves. I would not recommend reading or studying this as it will only confuse someone who is currently involved in or wishes to be involved in modern RMF program Assessments and Authorization processes. I have been told that a new test and training materials are being developed by (ISC)2 to update this certification. It is suggested that candidates wait for the new updated test and study materials before studying for the CAP certification. I hope my review will aid them in this effort. In the mean time I would wait for the new material before voyaging forward on a CAPP certification.
Useful for CAP exam preparation
I have done most of the material covered in the book as part of my job in the past. The book was somewhat helpful, but as other reviewers have noted some of the material is outdated or otherwise incorrect. Fortunately by studying with the book as well as rereading the appropriate NIST documents I was able to pass the CAP exam the first time I took it.
What I think about this book
I just completed my exam this morning and I passed.I studied for about two weeks, including reading the entire book back-to-back. Then I ran through the NIST 800-37v2, paying more attention to appendices D, E, F, & G.For the exam itself, it took me about two hours, with one hour to spare.The bottom line is you need every resource to pass, including this book.The book is old, but it gives you a good direction on what you will need. For example, it references NIST SP 800-37v1, but you actually need NIST SP 800-37v2 because version 1 is expired. So, use it as a barometer to point you to the right source.
Do not buy this book.The sentence construction is poorly built.