Blog entries

CISSP results

John Crout — Tue, 31 Jan 2012 18:47:12 +0100

The CISSP exam was a challenge -- but the hard part is what remains to be done. Work that most clearly qualifies me is work I did before 1992. Like many engineers who earned their degree when writing in machine code was part of earning the degree, I'm looking for a way to meet (ISC)2 audit requirements. A job description didn't exist. If it did, I didn't know it.

My name appears in two RTCA documents as a member of each Special Committee. RTCA, Inc....

(not just) Android -- Security Enhanced Android

John Crout — Sun, 22 Jan 2012 23:15:52 +0100

This reminded me of product-specific security discussion, comparing iPhone with Android.

http://www.voiceofgreyhat.com/2012/01/national-security-agency-nsa-released.html

NIST needs our comments

John Crout — Fri, 23 Dec 2011 05:21:08 +0100

NIST has a wiki and internal document about Cloud Security. They're asking the Cloud Security Working Group for comments until the end of this month. Join the group and lend your expertise.

The name of the document we are submitting comments about until the end of the month is, "NIST Cloud Computing Challenging Security Requirements for USG Adoption of Cloud Computing"). We also write for the wiki. The wiki has two document lists and a section wit...

Silently pushing updates

John Crout — Tue, 20 Dec 2011 20:18:04 +0100

If you've read the latest hype from media sites about Microsoft's plan to silently push updates for IE, or if you use Google Chrome and allow silent updates, you might want to reconsider your objectives. According to NIST and DISA checklists, automated updates are not acceptable.

Allowing any automated activity warrants consideration of what Microsoft calls "automated". Nothing distorts language like "marketing spin". For example, "automated" updates in XP...

My thirst for an job in the field of information security

Bharanidharan — Sun, 04 Dec 2011 01:47:39 +0100

I Am Bharanidharan from india

i have been completed certifications such as

CEH V7 from EC Council

AFCEH V5 from AnkitFadia

and i really have an thirst of knowledge in this field..

i'm ready to improve the growth of the organisation by my steady progress in this information security field.

IT security spending versus the overall IT budget

Marvin Ama — Sun, 20 Nov 2011 14:35:21 +0100

What is the estimate of IT security spending versus the overall IT budget of an average company or some companies you know?

Positive Day

Bryan Gutzman — Wed, 06 Jul 2011 18:31:24 +0100

Arnold M was kind to engage me in a conversation, I can see a great depth of knowledge and look forward to understanding the dynamics and norms of this site.

I look forward to meeting more people and hopefully I can be of assistance to someone at some point.

The Start

Bryan Gutzman — Tue, 05 Jul 2011 23:47:41 +0100

I am new to CISSP but not new to Information Assurance. I have tons to learn and looking forward to the adventure.

Test Taking Strategie......

fern bowers — Thu, 09 Jun 2011 19:33:03 +0100

I'm leaning that is takes a lot of study time and being consumed by the material.

You have to live it each day. Crack the BOOKS! No Boot Camp will help if you
have not put the time into Study.

Verizon or AT&T - iPhone faster on AT&T 3G network

sally porter — Tue, 10 May 2011 09:46:51 +0100

AT&T iPhones may have connectivity issues, but test outcomes show that iPhones on AT&T's 3G network have quicker connections than Verizon iPhones. AT&T iPhones were twice as fast as Verizon iPhones when speeds were measured on their respective 3G networks. Verizon iPhones may be much slower than iPhones on AT&T's 3G network, but with regards to dependability, AT&T iPhones dropped calls during the tests, just as people expected they would. Resource for this article - Choosi...

Murphy's fourth law of Computer Security

Arnold Murphy — Sun, 06 Mar 2011 15:07:12 +0100

Research is part of the cycle of success;

The field of information security is immense, within the CISSP there are ten domains and they translate well for the most part mapping to critical areas of IT Security, but not the be it an end all of knowledge. The Common Body of Knowledge or the CBK is a template and guide that each Security Professional can use to direct his or her research into the field, it is not a bullet proof ...

Murphy's Law's of computer security 3rd law

Arnold Murphy — Mon, 21 Feb 2011 13:54:51 +0100

Vigilance is the key concept of security

Risk is a factor of functionality, the more functional a system is the less risk it is inherently exposed to. With networked computer systems, Security is built in at the concept stage in many way's but the key is to deliver the functionality of the services consistently. Delivering functionality sometimes involves inherent risk, such as running an application which delivers the functionality required but which may be susceptible to attack. This...

A little bit of hope for disabled Veterans and Cyber Security

Arnold Murphy — Sat, 29 Jan 2011 02:46:52 +0100

This program is a very worthwhile cause, if your company has an opportunity to participate I highly recommend you lobby them to do so. There is no greater sacrifice than that of a soldier's life, and in many ways Veterans return home to re-enter the work force without the resources and skills to be successful this program provides some of those. Security of the Free World and the Global Market is dependent upon the engagement of our entire society.

A Murphy's laws of computer security 2

Arnold Murphy — Tue, 18 Jan 2011 22:11:26 +0100

2. Size Matters

When we consider the capacity of machines to decrypt and encrypt messages or data we must take into consideration the size and capability of our cryptosystem. While it is true that large keys today are rated as secure, the more processor power applied to the problem the quicker the problem will be solved. With the advent of cloud computing we can see that resources are cheap and...

A Murphy's laws of computer security

Arnold Murphy — Mon, 17 Jan 2011 16:45:14 +0100

Welcome to my blog, I plan on making this a regular sort of thing, but as with all good plans something may come up. So be prepared, plans are more than just a set of instructions, they are a guide, a tool, a way of confirming goals and much more.

My first of A. Murphy's laws:

1. Plans change

Simple enough, I will explain. In security there are Risks that involve vulnerabilities to threats. These threats come in...

CEH Study group

troy wollenslegel — Sat, 04 Dec 2010 22:51:15 +0100

I was talking to someone about CEH certification. I saw there was a group here for CEH, but not a CEH study group. Is there interest in starting a group?

Welcome to CISSP.COM and the Security Professionals Network

Andrew Afifi — Sun, 21 Nov 2010 16:21:10 +0100

There's a lot to do on cissp.com and the security professionals network--so much so we thought we'd give you are quick tour of some of the highlights:

Community Is Everything

For the community, by the community, cissp.com and the security professionals network strives to be the central source for informed and well connected security professionals.