BKSSCPPG.RVW 2003107 "The SSCP Prep Guide", Debra S. Isaac/Michael J. Isaac, 2003, 0-471-27351-1, U$60.00/C$92.95/UK#41.95 %A Debra S. Isaac %A Michael J. Isaac %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 2003 %G 0-471-27351-1 %I John Wiley & Sons, Inc. %O U$60.00/C$92.95/UK#41.95 416-236-4433 fax: 416-236-4448 %O http://www.amazon.com/exec/obidos/ASIN/0471273511/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0471273511/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0471273511/robsladesin03-20 %P 508 p. + CD-ROM %T "The SSCP Prep Guide" Chapter one is a supposed overview of security, although it is rather vague and iconoclastic. Access control, in chapter two, provides an unstructured list of related terms. At the end of the chapter we get the expected list of sample questions, but these are either simplistic, idiosyncratic, or both. Chapter three, ostensibly about administration, is a completely mixed bag of security management, security architecture, operations security, and networking topics. The information on auditing given in chapter four concentrates primarily on networking, has way too many screenshots of Windows tools, and far too little content on forensics. A surprisingly good section on risk, advice on incident response that starts well but ends abruptly, and a short but standard piece on business continuity planning is in chapter five. Cryptography, in chapter six, has a list of terms, poor explanations of the important concepts, and an unimportant overview of the history of cryptography, padded out with annoyingly fuzzy photographs. Most of chapter seven is a list of communications terms. There is a disproportionate emphasis on penetration testing, and a very odd reiteration of material on the system development life cycle. (Possibly the authors got confused with the *other* SDLC: Synchronous Data Link Control?) The material on malware, in chapter eight, has been very carelessly put together. There are two separate descriptions of macro viruses almost adjacent to each other, and a level three header section on trojan horses immediately followed by a level four header on trojan horses, which starts out saying "Trojan horses are another threat ..." There is a recommendation to use "false data directories" to trap polymorphic viruses. (No mention is made of how this technobabble might work.) The authors should take note that a multipartite virus is *not* the same thing as a companion virus, and that worms *do* replicate. There is very little useful material in this book. copyright Robert M. Slade, 2003 BKSSCPPG.RVW 2003107