October 19, 2009 - 6:57 pm
Tags: C&A, CISSP
Posted in CISSP Review | No Comments
A correct implementation of the Certification and Accreditation program will help the organization maintain a secure environment on the computer systems. An establish life cycle will help the organization maintain a properly revised program.
Certification and Accreditation Guidance Development Life Cycle
Phase
Task
Activity
Development
Creation
Plan for, research, and write the policy
Review
Complete an independent policy review prior to approval
Approval
Obtain management approval of [...]
Business Continuity Planning is the key essential master plan used for recovery and restore of business. This logistical plan will layout how the organization will recover from partial or complete interruption of business. Here is a quick guide that will help you determine if the business continuity plan will work.
TEST
DESCRIPTION
CHECKLIST
COPIES of the plan are sent [...]
October 16, 2009 - 11:37 am
Tags: CISA, CISM, CISSP, GIAC, GSEC, Security +, SSCP
Posted in Certifications | No Comments
Almost 2 years ago I took the CISSP. I have to admit I have no test taking abilities, and the proctor staring at me for 6 hours killed me. I failed with a 685. This was a very tragic moment on my life; knowing that the pass rate is 70%, I felt the stupidest person [...]
October 15, 2009 - 11:20 pm
Tags: Network, TCP/IP
Posted in IT Basics | No Comments
TCP/IP model, the peculiar thing about this image, is it’s layout. It is organized in such way to help you understand TCP/IP and how it works. Combining this knowledge will help you have an understanding for the CISSP exam.
October 11, 2009 - 11:34 pm
Tags: CISSP, TCSEC
Posted in CISSP Review | No Comments
Trusted Computer System Evaluation Criteria (TCSEC) is a US Gov. DoD standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify and select computer systems being considered for the processing, storage and retrieval of sensitive or classified information.
TCSEC (Trusted Computer [...]
October 10, 2009 - 8:29 pm
Tags: CISSP, Security modes
Posted in CISSP Review | No Comments
There are various modes of security operations depending of the information you are protecting and it’s classification. Here is a review of some of the modes of operation.
Security Mode
Description
Dedicated Security Mode
Proper Clearance for ALL info on system.
Formal access approval for ALL info on system.
Signed NDA for ALL info on system.
Valid need to know ALL [...]
Cryptography can be defined as the conversion of data into a scrambled code that can be deciphered and sent across a public or private network. Cryptography is far more than helping keep integrity of the communications. It has evolved into a tool used in communications in a daily bases. Here is basic introduction to Cryptography.
Period [...]
Security Architecture include models to follow to design a security oriented network infrastructure. They will depend on the need of security classification. Each model will be focus on a specific area of the security tria Confidentiality, Integrity and Availability.
MODEL
DESCRIPTION
EMPHASIS
Access Matrix
A way of describing the rules for an access control strategy; Combination of Read, [...]
August 13, 2009 - 9:46 am
Tags: 10 CBK, CISSP, Review
Posted in CISSP Review | No Comments
Applications and Systems Development Security
This domain examines the security components within operating
systems and applications and how to best develop and measure their
effectiveness. This domain looks at software life cycles, change control,
and application security. Some of the other topics covered include:
• Data warehousing and data mining
• Various development practices and their risks
• System storage and [...]