Blog Posts Tagged with "CISSP"


CISSP Reloaded Domain Three: Telecoms and Network Security

March 19, 2012 Added by:Javvad Malik

Network security is so important yet because it’s complex, a lot of companies end up doing it wrong. Not as many people properly understand the security implications of the network and most companies don’t even know what their network is comprised of...

Comments  (1)


Implementing Least Privilege

March 15, 2012 Added by:Ben Rothke

Least privilege is the notion that in a particular abstraction layer of a computing environment every module - such as a process, a user or a program depending on the subject - must be able to access only the information that is necessary for its legitimate purpose...

Comments  (1)


CISSP Reloaded - Domain Two: Access Controls

March 07, 2012 Added by:Javvad Malik

Understand who’s trying to get access and choose the control that will really protect you. Or rather, I should say, the control should protect you long enough for you to do something about it. Otherwise you might find yourself as the person holding a knife in a gunfight...

Comments  (0)


CISSP Certification, Information Security and Risk Management

February 23, 2012 Added by:Javvad Malik

The ISC2 promote it as the premier security certification in the world and have you believe that with a CISSP comes great knowledge, power, mastery of the Force and an abundance of wealth. To everyone else it’s a bunch of letters security people put after their name...

Comments  (4)


The Fundamentals of Infosec in Theory and Practice

February 14, 2012 Added by:Ben Rothke

Information security is an overwhelming body of knowledge, and for many it can indeed be a far too tremendous body of text to attempt to cover. To that effort this book is an invaluable resource as it covers the key areas without getting bogged down in the minutia...

Comments  (0)


Why Infosec Forced Me to Get an MBA

January 31, 2012 Added by:Don Turnblade

How much did restoring, repairing, reimaging, improved firewall rules, down time, legal fines, or direct fraud cost per event? Asking what it is may be too close to that great low pressure system, and you do not need to be struck by lightning. I won't ask and you won't tell...

Comments  (0)


The Nature of Infosec: A Zero Sum Game

December 08, 2011 Added by:Infosec Island Admin

Security is a “Zero Sum Game” - no matter what you do, no matter how many policies you have or blinking lights on an appliance that is alleged to keep out APT, in the end you really have not won the day. In fact, if you have not been hacked or abused that day, it was really just a fluke...

Comments  (2)


My Bid for the ISC2 Board of Directors Ballot

August 29, 2011 Added by:Wim Remes

I want to work with ISC2 leadership and membership to review the current status of the CISSP certification, how it is perceived by different audiences, and improve the exam process. With over 79,000 certification holders, it could be concluded that the certification is doing well...

Comments  (4)


Information Systems Security as a Profession

August 04, 2011 Added by:Bozidar Spirovski

If you’re considering a career in IS security, you’ll find job openings in a variety of related areas. Security specialists may be found in each of the following BLS occupational groups, and often enjoy salaries in excess of $100,000 per year...

Comments  (0)


My Canons on (ISC)² Ethics - Such as They Are

July 25, 2011 Added by:security curmudgeon

In the email thread between ISC2 general counsel Dorsey Morrow and CISSP holder Boris Sverdlik, one of the replies from Morrow was unbelievable. Not only is the email negligent and libelous, it demonstrates unprofessional behavior and a serious lack of knowledge...

Comments  (17)


I Am Certified - You Are Secured

July 18, 2011 Added by:J. Oquendo

Security? I don't care for it. Companies don't want security. They do not want assurance. They want a framework to ensure they did no wrong. My goal is simplified ten-fold, and my aim is to ensure that someone on the C-level can cross their T's dot their I's and get on with their game of golf...

Comments  (29)


Hey ISC2 - Where is the Opt Out Button?

July 15, 2011 Added by:Boris Sverdlik

I am a security researcher, and my presentation at Security Bsides was written in the same form that most “pen testing” classes are. If you are naïve enough to believe that criminals don’t use security tools in their efforts, then my friend it is finally time to hang up that hat...

Comments  (0)


What the CISSP Won't Teach You - Part Trois

July 05, 2011 Added by:Boris Sverdlik

A dedicated attacker will not scour pastebin to get your password, although “inurl: password” used to be a common attack vector. More common amongst the dedicated attacker is getting as much background information as possible as an attacker builds the dossier on their target...

Comments  (0)


What the CISSP Won't Teach You Part Deux

June 30, 2011 Added by:Boris Sverdlik

You should use a layered security model. Port Security should be enabled; IDS Response rules should trigger a port shutdown on multiple ARP responses past a certain threshold. Are you seeing yet how attackers think?? The CISSP will not teach you to think outside the box...

Comments  (0)


What the CISSP Won't Teach You

June 28, 2011 Added by:Boris Sverdlik

Information security unlike other industries does not sleep; I personally spend 3+ hours a day just learning what I can. Technology, regulations and attack methods change every day. If you don’t stay ahead of it, you will end up with pie on your face when you get hit with the latest New Thing...

Comments  (4)

Page « < 1 - 2 > »