Guide to CISSP, Certified Information Systems Security Professional

Access Control, Mind Map

2007-10-09T12:18:00.000-03:00

Mind Map is a think tool that reflects instantly what goings on your head, it’s perfect to help in your study improving the power of your mind!
It’s help you easily remember points that you already studied, as CISSP certification has a lot of topics probably you will need a way to keeping your brain reminding lightly the CBK domains.

I found a great site that make available this map MindCert.com you shoud visit. The Mind Map can be download clicking in the image.

Exta TIP: Tony Buzan suggests using the following foundation structures for Mind Mapping:

Start in the centre with an image of the topic, using at least 3 colours.
Use images, symbols, codes and dimensions throughout your Mind Map.
Select key words and print using upper or lower case letters.
Each word/image must be alone and sitting on its own line.
The lines must be connected, starting from the central image. The central lines are thicker, organic and flowing, becoming thinner as they radiate out from the centre.
Make the lines the same length as the word/image.
Use colours – your own code – throughout the Mind Map.
Develop your own personal style of Mind Mapping.
Use emphasis and show associations in your Mind Map.
Keep the Mind Map clear by using radial hierarchy, numerical order or outlines to embrace your branches

CISSP Cartoons: Identification vs Security Risk

2007-09-01T11:11:00.000-03:00

Keep in a good mood while you study to CISSP exam. Chek this Information Security Cartoon that plays with Identification and Security Risk:

Please visit the site: http://www.glasbergen.com/

CISSP questions: SQL

2007-08-19T12:44:00.000-03:00

Which of the following are placeholders for literal values in a Structured Query Language (SQL) query being sent to the database on a server?

Bind variables
Assimilation variables
Reduction variables
Resolution variables

Question: 476 | Difficulty: 3/5 | Relevancy: 3/3
Correct answer: Bind variables
Details: Bind variables are placeholders for literal values in a Structured Query Language (SQL) query being sent to the database on a server.
Source:: The CISSP Prep Guide: Gold Edition
Study area: CISSP CBK domain: Application and System Development Security
Covered topics: Structured Query Language (SQL)

This question is Sponsor and authorized by CCCURE

CISSP Terms and Definitions

2007-08-12T17:43:00.000-03:00

Some definitions of Risk Management and Security Management that you need to know to CISSP exam:

Value of information
Cost to acquire + value to owners + what others are willing to pay

Asset
Something of value (resource, product, data)

Probability or Exposure
The chance or likelihood that an event (threat) will occur

Risk
The potential for harm or loss.
Total risk = asset value * vulnerabilities * threats

Safeguard (Control or Countermeasure)
Risk reducing measure (reducing both impact and likelihood) and must allow for auditability and accountability.

Safeguard Effectiveness (%)
Effective mitigation a vulnerability.

Threat
Defines an unfortunate event, undesirable impact on the well being of an asset.

Uncertainty (%)
Typically measured inversely with respect to confidence.

Exposure
Instance of being exposed to losses from specific threat.

Vulnerability
Absence or weakness of a safeguard (potential to allow a threat).

CISSP Books recommendation

2007-07-30T16:03:00.000-03:00

It's a fact that by just reading one book you won't gather enough information to pass the exam, the recommendation to ready at least two books.

In my opinion the best CISSP book is All-in-One Exam Guide, Third Edition (All-in-One) by Shon Harris. My other suggestion is the Official (ISC)2 Guide to the CISSP CBK ((Isc)2 Press Series) from (ISC)2. Giving another option we also have CISSP ® : Certified Information Systems Security Professional Study Guide, Third Edition from Sybex.

Official (ISC)2 Guide to the CISSP CBK ((Isc)2 Press Series)
by Harold F. Tipton, Kevin Henry

CISSP All-in-One Exam Guide, Third Edition (All-in-One)
by Shon Harris

CISSP ® : Certified Information Systems Security Professional Study Guide, Third Edition
by James Michael Stewart, Ed Tittel, Mike Chapple

To see all the recommendation CISSP's books from (ISC)2 visit the page:
https://www.isc2.org/cgi-bin/content.cgi?page=36

Physical Security, CISSP Mind Map

2007-07-09T03:28:00.000-03:00

CISSP Mind Map is a think tool that reflects instantly what goings on your head, it’s perfect to help in your study improving the power of your mind!
It’s help you easily remember points that you already studied, as CISSP certification has a lot of topics probably you will need a way to keeping your brain reminding lightly the CBK domains.

I found a great site that make available this maps MindCert.com you shoud visit. The Mind Map can be download clicking in the image.

Tags: CISSP, Mind Map, Physical Security

Are you looking for a Security Support ?

2007-07-03T15:12:00.000-03:00

We have an urgent requirement for Security Support, enclosed are the details.

Location of Work: Chennai

Job Description :

1) In-Depth Knowledge of Checkpoint Firewall NGX preferably on Windows & Solaris platform

2) Good Knowledge of Alteon Switched Firewall (ASF) and Alteon Web switch (Load Balancing)

3) ISS - IPS and IDS, Internet Scanner & Security Fusion Module.

4) Websense

5) Trend Micro or any other Antivirus products.

6) Fortigate Firewall

7) Good knowledge of Security Concepts, VPN, routing and swtiching.

Mandatory Certifications on Checkpoint, ASF, CCNA, CCNP
Preferred Certifications: Cisco Certified Security Professional (CCSP), Certified Ethical Hacker (CEH), CISSP

Mail your resume to careers@ codem-soft.com

CISSP questions: backup method

2007-06-17T13:50:00.000-03:00

Which common backup method is the fastest on a daily basis?
Full backup method
Incremental backup method
Fast backup method
Differential backup method

Question 905 | Difficulty level: 3/5 | Relevancy: 3/3
Correct answer: Incremental backup method
Details: The incremental backup method only copies files that have been recently changed or added. Only files with their archive bit set are backed up. This method is fast and uses less tape space but has some inherent vulnerabilities, one being that all incremental backups need to be available and restored from the date of the last full backup to the desired date should a restore be needed.
Study area: CISSP CBK domain: Telecommunication and Network Security
Covered topics: Backups and offsite storage

This question is Sponsor and authorized by CCCURE

Security phrases

2007-06-17T01:31:00.000-03:00

"If you can't protect what you won, you don't own Anything"
Lewis, Jon

Project Blackbox: earthquake test

2007-06-13T09:38:00.000-03:00

Inside cameras capture what happens when a magnitude 6.7 earthquake rattles Sun's Project Blackbox modular datacenter.

http://www.sun.com/blackbox/

CISSP Cartoons: Information Security

2007-06-05T14:53:00.001-03:00

INCREASE REQUIREMENTS FOR CISSP

2007-05-31T14:34:00.000-03:00

Effective 1 October 2007, the minimum experience requirement for certification will be five years of relevant work experience in two or more of the 10 domains of the CISSP CBK.

Also effective 1 October, CISSP candidates will be required to obtain an endorsement of their candidature exclusively from an (ISC)² - certified professional in good standing.

https://www.isc2.org/cgi-bin/content.cgi?page=1228

Security phrases

2007-05-17T23:40:00.000-03:00

Due to the confidentiality of my job, I am unable to know what I'm doing

CISSP questions: Closed Circuit Television (CCTV)

2007-05-11T11:30:00.000-03:00

The recording of events with a closed-circuit TV camera is considered a:
Preventative control.
Detective control.
Compensating control.
Corrective control.

Question 1177 | Difficulty level: 2/5 | Relevancy: 3/3
Correct answer: Detective control
Details: Visual surveillance or recording devices such as closed circuit television are used in conjunction with guards in order to enhance their surveillance ability and to record events for future analysis or prosecution. When events are monitored, it is considered preventative whereas recording of events is considered detective in nature.
Study area: CISSP CBK domain: Physical Security
Covered topics: Administrative physical security controls, Closed Circuit Television (CCTV)

This question is Sponsor and authorized by CCCURE

Business Continuity Planning and Disaster Recovery Planning, Mind Map

2007-05-06T13:36:00.000-03:00

Mind Map is a think tool that reflects instantly what goings on your head, it’s perfect to help in your study improving the power of your mind!
It’s help you easily remember points that you already studied, as CISSP certification has a lot of topics probably you will need a way to keeping your brain reminding lightly the CBK domains.

I found a great site that make available this maps MindCert.com you shoud visit. The Mind Map can be download clicking in the image.

Exta TIP: Tony Buzan suggests using the following foundation structures for Mind Mapping:

Start in the centre with an image of the topic, using at least 3 colours.
Use images, symbols, codes and dimensions throughout your Mind Map.
Select key words and print using upper or lower case letters.
Each word/image must be alone and sitting on its own line.
The lines must be connected, starting from the central image. The central lines are thicker, organic and flowing, becoming thinner as they radiate out from the centre.
Make the lines the same length as the word/image.
Use colours – your own code – throughout the Mind Map.
Develop your own personal style of Mind Mapping.
Use emphasis and show associations in your Mind Map.
Keep the Mind Map clear by using radial hierarchy, numerical order or outlines to embrace your branches

CISSP questions: Business Continuity Planning (BCP)

2007-04-24T14:15:00.000-03:00

Which of the following focuses on sustaining an organization's business functions during and after a disruption?
Business continuity plan
Business recovery plan
Continuity of operations plan
Disaster recovery plan

Question 1154 | Difficulty level: 3/5 | Relevancy: 3/3
Correct answer: Business Continuity Plan BCP
Details: A business continuity plan (BCP) focuses on sustaining an organization's business functions during and after a disruption. Information systems are considered in the BCP only in terms of their support to the larger business processes. The business recovery plan (BRP) addresses the restoration of business processes after an emergency. The BRP is similar to the BCP, but it typically lacks procedures to ensure continuity of critical processes throughout an emergency or disruption. The continuity of operations plan (COOP) focuses on restoring an organization's essential functions at an alternate site and performing those functions for up to 30 days before returning to normal operations. The disaster recovery plan (DRP) applies to major, usually catastrophic events that deny access to the normal facility for an extended period. A DRP is narrower in scope than an IT contingency plan in that it does not address minor disruptions that do not require relocation.
Source: SWANSON, Marianne, & al., National Institute of Standards and Technology (NIST), NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems, December 2001 (page 8).
Study area: CISSP CBK domain #8 - Business Continuity Planning and DRP
Covered topics: Business Continuity Planning (BCP) and Disaster Recovery Plan (DRP)

This question is Sponsor and authorized by CCCURE

Controls and countermeasures about Physical Security

2007-04-18T10:32:00.000-03:00

Controls and countermeasures about Physical Security and their gains:

1. Deterrence of criminal activity
Fences
Warning signs
Security guards
Dogs

2. Delay of intruders to help ensure that they can be caught
Locks
Defense in depth measures
Access controls

3. Detection of intruders
External intruder sensors
Internal intruder sensors

4. Assessment of situations
Security guard procedures
Communication structure (calling tree)

5. Response to intrusions and disruptions
Response force
Emergency response procedures
Police, fire, medical personnel

CISSP Cartoons: Identity Theft by Randy Glasbergen

2007-04-17T17:05:00.000-03:00

Keep in a good mood while you study to CISSP exam, Identify Thef.

Please visit the site: http://www.glasbergen.com/

CISSP questions: Encryption

2007-04-11T12:38:00.000-03:00

What encryption algorithm is best suited for communication with handheld wireless devices?
ECC
RSA
SHA
RC4

Question 671 | Difficulty level: 4/5 | Relevancy: 3/3
Correct answer: ECC
Details: The Elliptic Curve Cryptosystems (ECC) are used as asymmetric algorithms and can provide signature, key distribution and encryption functionality. The fact that it uses less resource makes it appropriate for small handheld devices.
Study area: CISSP CBK domain #5 - Cryptography
Covered topics: Elliptic Curve Cryptosystems (ECC), Mobile, wireless and satellite technologies and security

This question is Sponsor and authorized by CCCURE

Applications and Systems Development Security, Mind Map

2007-04-10T18:14:00.000-03:00

Keywords: CISSP, Mind Map, Applications and Systems Development Security

CISSP Cartoons: Backup by Randy Glasbergen

2007-04-09T18:30:00.000-03:00

Keep in a good mood while you study to CISSP exam.

"We backup our data on sticky notes because sticky notes notes never crash."

Please visit the site: http://www.glasbergen.com/

Fingerprint

2007-04-08T23:50:00.000-03:00

Fingerprint is an impression of the friction ridges of all or any part of the finger.
The details of this ridges and are called minutiae. It is the distinctiveness of these minutiae that gives each individual a unique fingerprint. An individual places his finger on a device that reads the details of the fingerprint and compares this to a reference file. If the two match, the individual’s identity has been verified.

This resource is used as type of access control using Biometric.

Video - MythBusters versus a fingerprint scanner

CISSP questions: Physical Security

2007-04-04T04:13:00.000-03:00

Which of the following is the preferred way to suppress an electrical fire?
CO2 or Halon or Halon ozone friendly replacement
CO2, soda acid, or Powder
water or soda acid
Co2 or soda acid

Question 233 | Difficulty level: 2/5 | Relevancy: 3/3
Correct answer: CO2 or Halon or Halon ozone friendly replacement
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 335.
Details: It must be noted that Halon is now banned in most country or cities.
Study area: CISSP CBK domain #10 - Physical Security
Covered topic: Fire and smoke detection and suppression systems

This question is Sponsor by CCCURE, authorized by Clement.

The first commercial computer that used a hard disk drive

2007-03-30T19:20:00.000-03:00

The IBM 305 RAMAC was the first commercial computer that used a hard disk drive. IBM introduced it on September 4, 1956.

What about ours Pendrives?

CISSP questions: Access Control

2007-03-28T14:21:00.000-03:00

In biometrics, "one-to-many" search against database of stored biometric images is done in:
Authentication
Identification
Identities
Identity-based access control

Question 430 Difficulty level: 4/5 Relevancy: 3/3
Correct answer: Identification
Details: In biometrics, identification is a "one-to-many" search of an individual's characteristics from a database of stored images.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38.
Study area: CISSP CBK domain #1 - Access Control Systems and Methodology
Covered topic: Biometrics

This question is Sponsor by CCCURE, authorized by Clement.