11/28/2012 -- With the holidays quickly approaching, the focus this time around is on a roundup of recommended study aids for security-related exams. If one were to create a hierarchy of certifications from entry-level up in this category, a logical approach would be to first gain Security+ certification from CompTIA, followed by CompTIA Advanced Security Practitioner, and then go after the certification currently wielding a great deal of weight: CISSP (Certified Information Systems Security Professional).

These three are far from the only security certifications available, but the content they certify allow an administrator to authenticate their additional mastery as they move from one to another.

Security+ Study Guide, Deluxe Edition
It is impossible for me not be biased about the CompTIA Security+ Study Guide, Deluxe Edition since I wrote it. I do feel, however, that it should be a candidate for one of the poorest marketing campaigns executed as it is next to impossible to tell the difference between it and the non-deluxe version (CompTIA Security+ Study Gudie, 5th Edition). The difference between the two is that Deluxe includes videos, a simulation engine, labs and more practice exams.

There is a $30 price difference in the list price (too much) and almost $21 difference at Amazon (still too much). Two of the longer videos (wireless security and registry editing) can be found here and here. With a bit of searching, you can find some of the other elements posted here and there on the web as well.  While the standard book has all you need in it to pass the exam, it is certainly much easier with the additional study tools.

CASP Study Guide
CompTIA expanded into upper-level certifications with the release of the CASP (CompTIA Advanced Security Practitioner) exam (CAS-001), and the best way to think of it in scope is as the next rank above the popular Security+ exam. The best way to think of it in implementation, though, is to note that this was the first CompTIA exam to include performance-based questions (in addition to the traditional multiple choice assortment). Because the exam is fairly new, and because the audience for it is perceived to be smaller than for the entry-level Security+ exam, the number of study products available is smaller than for most other exams.

I was thrilled to see the CASP CompTIA Advanced Security Practitioner Study Guide by Wm. Arthur Conklin, Gregory White and Dwayne Williams. Not only is this a needed title, but it is extremely well-written and perfect for exam study. The 18 chapters are divided among four parts:

• Enterprise Security
• Risk Management, Policy/Procedure, and Legal
• Research and Analysis
• Integration of Computing, Communications, and Business Disciplines

There are videos on the accompanying CD along with a PDF version of the book for reading on the road (something many publishers are shying away from more and more), as well as sample exams. All together, it makes for a great product perfectly suited for its purpose.

CISSP Practice Exams
I have said it before, and will say it again: when it comes to CISSP study, the name to know is Shon Harris. Get a copy of the All-in-One Exam Guide to fill in any and all holes you have in the content area, and then get a copy of the CISSP Practice Exams to verify that you really know your stuff before you register for the real exam. The book is divided into 10 "chapters," one for each domain, and consists only of questions that mirror the content and composition of the actual questions and very detailed answers.

The cover talks about "250+" questions, and unless my math is wrong, the actual number is 308. For a six-hour, multiple-choice exam, it is imperative that you get as much practice answering questions as possible, and that makes this book a must-have for most.