Many are taking the CISSP Exam this weekend. Good luck!
Don't forget to take brain-food snacks for the duration (up to six hours). You should be able to bring a beverage with a LID and a lunch or snacks for breaks. Do take your breaks.
Relax... Stay loose. Do your best. Let us know how it goes!
SHIFT HAPPENS Video (Technology in Perspective for Information Security Professionals, Consumers)
Friday, May 22, 2009
Wednesday, March 11, 2009
Monday, December 15, 2008
AT&T, T-Mobile Fined For Voice-Mail Security
AT&T, T-Mobile Fined For Voice-Mail Security
After a string of high-profile hacks, the Los Angeles district attorney has filed an injunction against the carriers for overstating the security of their voice-mail systems.
(By Marin Perez, InformationWeek, December 12)
AT&T (NYSE: T) and T-Mobile have paid fines and agreed to stop advertising that their voice-mail systems are safe from hackers. In a permanent injunction filed in a Los Angeles court Thursday, District Attorney Steve Cooley said the wireless operators were overstating how secure their voice mails are. The settlements are the culmination of year-long investigation that was launched after multiple complaints of unauthorized voice-mail access, including some from celebrities Paris Hilton and Lindsay Lohan.
For full story, see Information Week.
After a string of high-profile hacks, the Los Angeles district attorney has filed an injunction against the carriers for overstating the security of their voice-mail systems.
(By Marin Perez, InformationWeek, December 12)
AT&T (NYSE: T) and T-Mobile have paid fines and agreed to stop advertising that their voice-mail systems are safe from hackers. In a permanent injunction filed in a Los Angeles court Thursday, District Attorney Steve Cooley said the wireless operators were overstating how secure their voice mails are. The settlements are the culmination of year-long investigation that was launched after multiple complaints of unauthorized voice-mail access, including some from celebrities Paris Hilton and Lindsay Lohan.
For full story, see Information Week.
Tuesday, September 2, 2008
Online game demons are far from virtual
See "Online game demons are far from virtual," an article in the Baltimore sun. Interesting reading.
http://www.baltimoresun.com/technology/bal-bz.ml.consuming31aug31,0,5912300.column
http://www.baltimoresun.com/technology/bal-bz.ml.consuming31aug31,0,5912300.column
Monday, August 18, 2008
Sunday, March 23, 2008
White Hat Penetration Testing, Pen Testers, InfoSec,
WhiteHat Sentinel, a non-intrusive way to pen test applications (no affiliation).
Link: http://www.whitehatsec.com
Link: http://www.whitehatsec.com
Wednesday, March 12, 2008
8 Tips To Avert ID Theft During Tax Time (MarketWatch article)
Sorry I haven't posted in a while... I've been very busy at work and I actually took a couple of fun trips to Florida. Good morning! Here are some handy tips at tax time, with a view to avoiding Identity Theft. See this article at MarketWatch (USA):
"Eight tips to avert ID theft during tax time" - MarketWatch - USA
For added security use certified mail. Permanently shred unsecured documents from your computer that contain personal information used to prepare your tax...
http://www.marketwatch.com/news/story/eight-ways-avert-id-theft/story.aspx?guid=%7BC51C7BDB-40C1-45FF-B78A-077310E44DAE%7D
"Eight tips to avert ID theft during tax time" - MarketWatch - USA
For added security use certified mail. Permanently shred unsecured documents from your computer that contain personal information used to prepare your tax...
http://www.marketwatch.com/news/story/eight-ways-avert-id-theft/story.aspx?guid=%7BC51C7BDB-40C1-45FF-B78A-077310E44DAE%7D
Thursday, January 17, 2008
Monday, January 7, 2008
InfoSec business and speaker in Phoenix... ISSA connection
If you're in Phoenix or you need an InfoSec speaker to come to your area, see this web site: Sapphire Security
The owner is the President of the ISSA Phoenix Chapter.
Protect yourself,
Cheri Sigmon
ISSA-NoVA
The owner is the President of the ISSA Phoenix Chapter.
Protect yourself,
Cheri Sigmon
ISSA-NoVA
Exploitation Kits Revealed - Mpack
Exploitation Kits Revealed - Mpack
Category: Malicious Code. SANS Information Security Reading Room -
http://www.sans.org/reading_room/
Category: Malicious Code. SANS Information Security Reading Room -
http://www.sans.org/reading_room/
Friday, January 4, 2008
Evaluating a new course on blogging from Simpleology...
I'm evaluating a
multi-media course on blogging from the folks at Simpleology. For a while, they're letting you snag it for free if you post about it on your blog.
It covers:
- The best blogging techniques.
- How to get traffic to your blog.
- How to turn your blog into money.
I'll let you know what I think once I've had a chance to check it out. Meanwhile, go grab yours while it's still free... - Regards, Cheri
Monday, December 17, 2007
Passwords - Windows, MySQL, other articles
1. Resetting a Lost MySQL PasswordBy Yaakov Ellis Due to my inexperience administering anything having to do with Linux, while trying to reset the root password, I accidentally put in some bad information into the password field (I forgot to use the password() function to generate ...Ellis Web - http://ellisweb.net/
2. HMRC advertises for security expertsBy dizzy(dizzy) Interesting job advert for "IT Security Risk Consultants", working in a Government department, mostly in Essex at the location of HMRC offices. So much for security procedures being in place and just not being followed. ...Dizzy Thinks - http://dizzythinks.net/
3. Show your Windows users the strength of their passwords as they type and change them! Filter your users new passwords, and enforce strong ones! NO MORE WEAK PASSWORDS!Digg / Security / upcoming - http://digg.com/security
Enjoy reading.
Regards,
Cheri
2. HMRC advertises for security expertsBy dizzy(dizzy) Interesting job advert for "IT Security Risk Consultants", working in a Government department, mostly in Essex at the location of HMRC offices. So much for security procedures being in place and just not being followed. ...Dizzy Thinks - http://dizzythinks.net/
3. Show your Windows users the strength of their passwords as they type and change them! Filter your users new passwords, and enforce strong ones! NO MORE WEAK PASSWORDS!Digg / Security / upcoming - http://digg.com/security
Enjoy reading.
Regards,
Cheri
Thursday, December 13, 2007
New Article about Online Security...
Just posted a new short article about Online Security at this URL:
http://JITVideos.info/OnlineSecurity.html
http://JITVideos.info/OnlineSecurity.html
Tuesday, December 11, 2007
Upcoming Global InfoSec Events (you can earn CPE's)...
Here are some upcoming InfoSec Events around the globe:
1. SEMAFOR Security, Management, Audit Forum
22-23 January 2008
Hotel Marriott, Warsaw, Poland
2. John Colley, Managing Director of (ISC)2 EMEA, will be among the numerous Information Security Professionals to deliver a presentation at the second SEMAFOR Forum on January 22-23.
3. Infosecurity Italia
5-7 February 2008
Fieramilanocity, Milan, Italy
Earn CPEs at Italy’s most important and comprehensive information security exhibition. The event features informative conference sessions along with a top-level continuing education program devoted to information management as well as an exhibit featuring the latest technologies and solutions. Visit (ISC)2 at booth E22.
4. Secur Middle East Congress
18-19 February, 2008
JW Marriott Hotel, Dubai, UAE
Join (ISC)2 at this 2-Day conference covering the latest developments in securing wireless technology, identification and authentication, hacking and threat counter-measures, network security for corporate defense, and enterprise and security architecture. (ISC)2 members are offered a 15% discount and can earn up to 12 CPEs.
5. Infosecurity Belgium21-22 March 2008Brussels Kart, Brussels, Belgium
Visit (ISC)2 at stand C075 and earn CPEs by attending the seminar tracks at this 2-Day event. This year, (ISC)2 will be offering the opportunity to take certification exams (CISSP, SSCP, and concentration exams) at the event on 21 March, 2008. For registration information, please visit (ISC)2 's web site (http://www.isc2.org/).
Perhaps you can attend one of these events. (I'm not "affiliated" with any event, (ISC)2 corporate, event sponsors, or companies). This is a non-commercial post, provided as a simple courtesy to fellow IA professionals across geographic boundaries.
Regards,
Cheri Sigmon, CISSP
---
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
1. SEMAFOR Security, Management, Audit Forum
22-23 January 2008
Hotel Marriott, Warsaw, Poland
2. John Colley, Managing Director of (ISC)2 EMEA, will be among the numerous Information Security Professionals to deliver a presentation at the second SEMAFOR Forum on January 22-23.
3. Infosecurity Italia
5-7 February 2008
Fieramilanocity, Milan, Italy
Earn CPEs at Italy’s most important and comprehensive information security exhibition. The event features informative conference sessions along with a top-level continuing education program devoted to information management as well as an exhibit featuring the latest technologies and solutions. Visit (ISC)2 at booth E22.
4. Secur Middle East Congress
18-19 February, 2008
JW Marriott Hotel, Dubai, UAE
Join (ISC)2 at this 2-Day conference covering the latest developments in securing wireless technology, identification and authentication, hacking and threat counter-measures, network security for corporate defense, and enterprise and security architecture. (ISC)2 members are offered a 15% discount and can earn up to 12 CPEs.
5. Infosecurity Belgium21-22 March 2008Brussels Kart, Brussels, Belgium
Visit (ISC)2 at stand C075 and earn CPEs by attending the seminar tracks at this 2-Day event. This year, (ISC)2 will be offering the opportunity to take certification exams (CISSP, SSCP, and concentration exams) at the event on 21 March, 2008. For registration information, please visit (ISC)2 's web site (http://www.isc2.org/).
Perhaps you can attend one of these events. (I'm not "affiliated" with any event, (ISC)2 corporate, event sponsors, or companies). This is a non-commercial post, provided as a simple courtesy to fellow IA professionals across geographic boundaries.
Regards,
Cheri Sigmon, CISSP
---
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
Summary: The Domains of the Common Body of Knowledge (CBK) for CISSP and SSCP certs
Part A, CISSP knowledge areas
These are the Common Body of Knowledge (CBK) "Ten Domains" WRT the CISSP certification:
1. Access Control
2. Application Security
3. Business Continuity and Disaster Recovery Planning
4. Cryptography
5. Information Security and Risk Management
6. Legal, Regulations, Compliance, and Investigations
7. Operations Security
8. Physical (Environmental) Security
9. Security Architecture and Design
10. Telecommunications and Network Security
---
Part B, SSCP knowledge areas
Here are the Common Body of Knowledge (CBK) "Seven Domains" WRT the SSCP certification:
1. Access Control
2. Analysis and Monitoring
3. Cryptography
4. Malicious Code and Other Attacks
5. Networks and Telecommunications
6. Risk, Response, and Recovery
7. Security Operations and Administration
I hope this helps you, as a brief introduction. For details, go directly to the source, (ISC)2. ;-)
NOTE: WRT training options, I personally found the "Yellow Book" and the CISSP Prep Guide by Shon Harris to be the most helpful, along with a 10-week study group via the Information Systems Security Association, (ISSA), http://www.issa-nova.org/ and http://www.issa-hr.org/
Regards,
Cheri Sigmon, CISSP
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
These are the Common Body of Knowledge (CBK) "Ten Domains" WRT the CISSP certification:
1. Access Control
2. Application Security
3. Business Continuity and Disaster Recovery Planning
4. Cryptography
5. Information Security and Risk Management
6. Legal, Regulations, Compliance, and Investigations
7. Operations Security
8. Physical (Environmental) Security
9. Security Architecture and Design
10. Telecommunications and Network Security
---
Part B, SSCP knowledge areas
Here are the Common Body of Knowledge (CBK) "Seven Domains" WRT the SSCP certification:
1. Access Control
2. Analysis and Monitoring
3. Cryptography
4. Malicious Code and Other Attacks
5. Networks and Telecommunications
6. Risk, Response, and Recovery
7. Security Operations and Administration
I hope this helps you, as a brief introduction. For details, go directly to the source, (ISC)2. ;-)
NOTE: WRT training options, I personally found the "Yellow Book" and the CISSP Prep Guide by Shon Harris to be the most helpful, along with a 10-week study group via the Information Systems Security Association, (ISSA), http://www.issa-nova.org/ and http://www.issa-hr.org/
Regards,
Cheri Sigmon, CISSP
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
Annc: (ISC)2 Special Events and Offers for InfoSec professionals
For the latest special events and offers from (ISC)2, see this announcement:
InfoSec Special Events and Offers (Follow the links below for more details):
1. Advanced Certification Review Classes
2. The Ultimate Self-Study Package
3. (ISC)2 eLearning CPEs
4. Global events from (ISC)2
5. The Official (ISC)2 Guide to the CISSP® CBK®
NOTE: I am not affiliated with (ISC)2, except as a certified professional. This information is provided merely for your convenience, and I receive no profits from sharing this with you...
Cheri Sigmon, CISSP
p.s. Next, I'll give you a list of the 10 domains in the Common Body of Knowledge (CBK), for those who are interested in getting started with the certification process. See the next post...
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
InfoSec Special Events and Offers (Follow the links below for more details):
1. Advanced Certification Review Classes
2. The Ultimate Self-Study Package
3. (ISC)2 eLearning CPEs
4. Global events from (ISC)2
5. The Official (ISC)2 Guide to the CISSP® CBK®
NOTE: I am not affiliated with (ISC)2, except as a certified professional. This information is provided merely for your convenience, and I receive no profits from sharing this with you...
Cheri Sigmon, CISSP
p.s. Next, I'll give you a list of the 10 domains in the Common Body of Knowledge (CBK), for those who are interested in getting started with the certification process. See the next post...
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
Sunday, December 9, 2007
Welcome to the InfoSec and CISSP Community Blog...
Welcome to the InfoSec and CISSP Community Blog...
If you are planning to take the CISSP exam or you have already been certified for the CISSP information security (InfoSec) certification by (ISC)2, this is the place for you.
Also, it is intended for people who just want to learn more about information security and good security practices in order to protect themselves and their loved ones, etc. Your feedback, files, and posts are welcome.
See these links:
1. If you want to prepare for the exam: (ISC)2 http://www.isc2.org/ and CCCure http://www.cccure.org/
2. If you want to watch InfoSec YouTube videos on demand:
http://www.jitvideos.info/
Regards,
Cheri Sigmon, CISSP
Blogger: InfoSec
If you are planning to take the CISSP exam or you have already been certified for the CISSP information security (InfoSec) certification by (ISC)2, this is the place for you.
Also, it is intended for people who just want to learn more about information security and good security practices in order to protect themselves and their loved ones, etc. Your feedback, files, and posts are welcome.
See these links:
1. If you want to prepare for the exam: (ISC)2 http://www.isc2.org/ and CCCure http://www.cccure.org/
2. If you want to watch InfoSec YouTube videos on demand:
http://www.jitvideos.info/
Regards,
Cheri Sigmon, CISSP
Blogger: InfoSec
Subscribe to:
Posts (Atom)