CISSP Study Group/Blog
Help Me Build a Good Reference Guide
C&A Life Cycle
Oct 19th
A correct implementation of the Certification and Accreditation program will help the organization maintain a secure environment on the computer systems. An establish life cycle will help the organization maintain a properly revised program.
5 TYPES OF BCP TESTING
Oct 17th
Business Continuity Planning is the key essential master plan used for recovery and restore of business. This logistical plan will layout how the organization will recover from partial or complete interruption of business. Here is a quick guide that will help you determine if the business continuity plan will work.
Security Certifications
Oct 16th
Almost 2 years ago I took the CISSP. I have to admit I have no test taking abilities, and the proctor staring at me for 6 hours killed me. I failed with a 685. This was a very tragic moment on my life; knowing that the pass rate is 70%, I felt the stupidest person on the world. After a couple of weeks of “in the fuck it” mode I decided to do something about it. That is when I started my Masters on Information Assurance. I work for the Federal Government; and for some reason you could have all the experience in the world, but if you do not have a Cert or Credentials to back it up you do not get the job.
So here I am again, a couple of years after at it again. The reason I did not take it again quickly was because of the 500 dollars lost. I wanted to make sure I would not fail again. Now I want to review and help other people review for the exam.
This Blog for now is about CISSP but first I want to talk about other credentials in the market and their standing from my very personal point of view.
TCP/IP Model
Oct 13th
This Model should be learned and memorized, if asked you should not have to think about them. These links will guide you to their wikis for easy study access.
Trusted Computer Security Evaluation Criteria
Oct 11th
Trusted Computer System Evaluation Criteria (TCSEC) is a US Gov. DoD standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify and select computer systems being considered for the processing, storage and retrieval of sensitive or classified information.
Security Modes of Operation
Oct 10th
There are various modes of security operations depending of the information you are protecting and it’s classification. Here is a review of some of the modes of operation.
History of CRYPTOGRAPHY
Oct 9th
Cryptography can be defined as the conversion of data into a scrambled code that can be deciphered and sent across a public or private network. Cryptography is far more than helping keep integrity of the communications. It has evolved into a tool used in communications in a daily bases. Here is basic introduction to Cryptography.
Security Architecture & Design / Security Access Control Models
Oct 9th
Security Architecture include models to follow to design a security oriented network infrastructure. They will depend on the need of security classification. Each model will be focus on a specific area of the security tria Confidentiality, Integrity and Availability.
10 Common Body of Knowledge, By Shon Harris
Aug 13th
Applications and Systems Development Security
This domain examines the security components within operating
systems and applications and how to best develop and measure their
effectiveness. This domain looks at software life cycles, change control,
and application security. Some of the other topics covered include: