The Twenty Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through. These controls allow those responsible for compliance and those responsible for security to agree, for the first time, on what needs to be done to make systems safer. No development in security is having a more profound and far reaching impact.
These Top 20 Controls were agreed upon by a powerful consortium brought together by John Gilligan (previously CIO of the US Department of Energy and the US Air Force) under the auspices of the Center for Strategic and International Studies. Members of the Consortium include NSA, US Cert, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus the top commercial forensics experts and pen testers that serve the banking and critical infrastructure communities.
The automation of these Top 20 Controls will radically lower the cost of security while improving its effectiveness. The US State Department, under CISO John Streufert, has already demonstrated more than 80% reduction in "measured" security risk through the rigorous automation and measurement of the Top 20 Controls.
The following sections identify additional controls that are important but cannot be fully automatically or continuously monitored to the same degree as the controls covered earlier in this document.
For CISSP's: ISC2 launched InterSeC, its very own professional networking Posted by boss on Thursday, 10 December 2009 @ 14:25:38 EST (67 reads) TopicISC2 Org
(ISC)2 launched InterSeC, its very own professional networking site on September 22, 2009! Since then, over 1,600 members have joined to network with other (ISC)2 members around the globe. It's a great tool for finding other information security professionals who share your interests, while facilitating discussion and interaction.
To enjoy this new member benefit, you can join InterSeC by visiting the member home page (http://members.isc2.org) and clicking on the InterSeC logo on the upper right-hand side.
InterSeC allows you to connect with members like never before!
Groups: Join one of the 38 groups already started on InterSeC. You can also start your own group. Start discussions, create postings, and upload files.
Wiki: Use this as a collaboration hub for discussions and materials on topical issues, such as best practices. Start your own discussion page on a certain topic, while linking to materials such as presentations, articles, etc. You have the control to make it a public page for all to view and edit, or as a private page for only select members of the InterSeC community.
Blog: Share your ideas by starting your own blog. Also, view other InterSeC blogs and contribute by posting comments.
People Map: This unique feature matches you with other InterSeC users based on similar interests. You can find this tool under 'Search Members' on the left navigation bar.
We hope that you enjoy this new way to interact with other (ISC)2 members around the world!
Original article at: http://www.utexas.edu/police/alerts/atm_scam/
A team of organized criminals is installing equipment on legitimate bank ATMs in at least two regions to steal both the ATM card number and the PIN. The team sits nearby in a car receiving the information transmitted wirelessly over weekends and evenings from equipment they install on the front of the ATM (see photos). If you see an attachment like this, do not use the ATM and report it immediately to the bank using the 800 number or phone on the front of the ATM.
The equipment used to capture your ATM card number and PIN is cleverly disguised to look like normal ATM equipment. A “skimmer” is mounted to the front of the normal ATM card slot that reads the ATM card number and transmits it to the criminals sitting in a nearby car.
At the same time, a wireless camera is disguised to look like a leaflet holder and is mounted in a position to view ATM PIN entries.
The thieves copy the cards and use the PIN numbers to withdraw thousands from many accounts in a very short time directly from the bank ATM.
Equipment being installed on front of existing bank card slot.
The equipment as it appears installed over the normal ATM bank slot.
The PIN reading camera being installed on the ATM is housed in an innocent looking leaflet enclosure.
The camera shown installed and ready to capture PINs by looking down on the keypad as you enter your PIN.
Original Article at: http://www.utexas.edu/police/alerts/atm_scam/
The DNS protocol is an important part of the web's infrastructure, serving as the Internet's "phone book". Every time you visit a website, your computer performs a DNS lookup. Complex pages often require multiple DNS lookups before they complete loading. As a result, the average Internet user performs hundreds of DNS lookups each day, that collectively can slow down his or her browsing experience.
We believe that a faster DNS infrastructure could significantly improve the browsing experience for all web users. To enhance DNS speed but to also improve security and validity of results, Google Public DNS is trying a few different approaches that we are sharing with the broader web community through our documentation:
Speed: Resolver-side cache misses are one of the primary contributors to sluggish DNS responses. Clever caching techniques can help increase the speed of these responses. Google Public DNS implements prefetching: before the TTL on a record expires, we refresh the record continuously, asychronously and independently of user requests for a large number of popular domains. This allows Google Public DNS to serve many DNS requests in the round trip time it takes a packet to travel to our servers and back.
Security: DNS is vulnerable to spoofing attacks that can poison the cache of a nameserver and can route all its users to a malicious website. Until new protocols like DNSSEC get widely adopted, resolvers need to take additional measures to keep their caches secure. Google Public DNS makes it more difficult for attackers to spoof valid responses by randomizing the case of query names and including additional data in its DNS messages.
Validity: Google Public DNS complies with the DNS standards and gives the user the exact response his or her computer expects without performing any blocking, filtering, or redirection that may hamper a user's browsing experience.
We hope that you will help us test these improvements by using the Google Public DNS service today, from wherever you are in the world. We plan to share what we learn from this experimental rollout of Google Public DNS with the broader web community and other DNS providers, to improve the browsing experience for Internet users globally.
Special offers to hakin9 magazine subscription for CCCure members and visitors! Posted by boss on Thursday, 03 December 2009 @ 15:55:00 EST (88 reads) TopicBooks New Riders
Anonymous writes "
CCCure Offer #1 -- One year print edition:
- 10% discount (discounted price: $44.10) - CD with 2005-2008 archvies - electronic subscription for FREE (one year)
To take advantage of the One Year Subscription offer simply click on the URL below:
Ensure the email body has the following information: Your First and Last names You full mailing address
CCCure Offer #2 -- Two-year print edition:
- 10% discount (discounted price: $71.10) - CD with 2005-2008 archives - Eelectronic subscription for free (one year) + The Best Of Edition Magazine for free
To take advantage of the Two Years subscription offer simply click on the URL below:
Certification Magazine’s 2009 Salary Survey By Certification Magazine Editorial Posted by boss on Wednesday, 02 December 2009 @ 08:54:48 EST (203 reads) TopicJOBS
It is a salary survey that demonstrate the well being of the ISC2 certifications. Out of the top five performers there was two that were Concentrations offered by ISC2. To get there you must complete your CISSP first and then complete one of the advanced certifications referred to as Concentrations by ISC2.
Infosec professionals always question themselves: should I go down the road of certifications?
Answers vary, but one thing is for sure: A certificate is not the end, it’s the mean. The real added value is the knowledge accumulated during your preparation for any given certification.
This week I’ve come across a factual article on earnings x certification. A snippet follows below:
” Rounding out the top five highest-paying certs in 2009 were: (ISC)2 Information Systems Security Architecture Professional (CISSP-ISSAP) with $136,060; Brocade Certified SAN Manager (BCSM) with $136,020; Brocade Certified Fabric Designer (BCFD or BCSD) with $135,600; and the (ISC)2 Information Systems Security Management Professional (CISSP-ISSMP) with $134,100.”
Wow, 2 CISSP-Concentration certifications among the top 5 most well paid. Does it tell you something?
Fifteen months ago, the world watched in horror as stock markets plummeted, debt skyrocketed, banks collapsed and the credit industry imploded, plunging the global economy into the worst recession since the Great Depression. No one knew what the next day, week or month — let alone year — had in store.
Suffice it to say, not much has changed. Though economists have pointed to early signs of recovery, we’re all still waiting with bated breath for some kind of certainty to emerge. This year’s CertMag Salary Survey received more than 40,000 responses from IT professionals in over 150 countries around the world — from Pakistan to the Philippines, from Bulgaria to Bangladesh. The good news is, despite the continued economic ambiguity, the results of our survey pointed to a few stable trends within the IT industry that could provide professionals with some direction for the coming year.
First, IT has been widely recognized as a growth industry — even in this climate — and our numbers reflected that. In 2009, the average U.S. total salary, including benefits and incentives, was a generous $96,677. That is a 9 percent gain over last year’s average of $88,640. However, this growth represents a slowdown from that of the previous year, when average total salaries jumped a dramatic 15 percent.
Also reflective of the times was the number of IT professionals who are experiencing pay cuts. About a quarter of you said you’ve either had your pay cut in the last year or expect to have your pay cut in the coming year. Fewer people reported getting incentives or bonuses this year, too — dropping from 41 percent of respondents in 2008 to 34 percent in 2009.
However, again proving the value of certification, many respondents reported receiving a raise after earning their most recent certification, with 30 percent of you saying that raise was between 10 and 20 percent. Then again, most of you (52 percent) said that raise was 5 percent or less, whereas last year the most common raise amount was 5 to 10 percent.
Also indicating the power of certification was the number of respondents who added more than two certifications to their portfolios this year. This figure jumped from 11.4 percent of respondents in 2008 to more than 30 percent in 2009, while the total number of people who earned at least one cert this year was more than 67 percent. Tellingly, a full 96 percent of respondents from the top five countries with the highest salaries said they were certified.
In the U.S., the top five highest-paying certs varied a bit this year from last year, although the general content areas stayed pretty much the same. The cert that commanded the highest salary this year was the Brocade Certified Network Engineer (BCNE, formerly FNCNE) with a whopping average total salary of $146,250. This bumped last year’s top cert, the Brocade Certified Fabric Designer (BCFD or BCSD), which had an average salary of $120,770 last year, to No. 4 this year.
Rounding out the top five highest-paying certs in 2009 were: (ISC)2 Information Systems Security Architecture Professional (CISSP-ISSAP) with $136,060; Brocade Certified SAN Manager (BCSM) with $136,020; Brocade Certified Fabric Designer (BCFD or BCSD) with $135,600; and the (ISC)2 Information Systems Security Management Professional (CISSP-ISSMP) with $134,100.
As evidenced by these results, a general focus on network and security issues continues to be a growing trend — and lucrative career choice — within the IT industry.
The cert that connoted the lowest salary was the CIW – Certified Internet Web Professional, with an average salary of $59,290. This was followed by the Microsoft Certified Desktop Support Technician (MCDST) with $62,030; the Cisco Certified Entry Networking Technician (CCENT) with $63,420; the HP: Accredited Platform Specialist (APS) with $64,180; and Dell certification with $67,190.
This is not too surprising given that many of these certs correspond with entry-level jobs or jobs that are not particularly “hot” right now.
No doubt about it: The past year has had its ups and downs. But as the results of the 2009 CertMag Salary Survey show, there are rays of light to be seen in the IT field. And while a certain level of uncertainty remains, IT professionals can use it as an opportunity to explore the new specializations or career paths that continue to emerge as the industry develops.
– Agatha Gilmore
Click on Read More... below this article to read the FULL story
Log Consolidation Tool -- Meet OSSEC and OSSIM Posted by boss on Monday, 30 November 2009 @ 17:05:11 EST (96 reads) TopicLinux
Anonymous writes "
NOTE FROM CLEMENT:
Often time in class people are askign me about log consolidation tools they could make use of to create summaries of activities on systems and also help with the identificaiton and detection of malicious activities. There are many solutions out there a a few that emerged on the Open Source side. Below you have a couple of solutions that you could look at:
OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.
It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. A list with all supported platforms is available here.
OSSEC is free
OSSEC is a free software and will remain so in the future; you can redistribute it and/or modify it under the terms of the GNU General Public License (version 3) as published by the FSF - Free Software Foundation. More details here.
Awards and Reviews
The OSSEC project has received some pretty good awards/reviews in the past. Check them out out our Awards page.
Easy to install
OSSEC is multi-platform and can be easily installed on most operating systems. Just follow some of our Install guides if you need some help.
Widely used
OSSEC is a growing project, with more than 5,000 downloads per month on average. It is being used by ISPs, universities, governments and even large corporate data centers as their main HIDS solution. In addition to being deployed as an HIDS, it is commonly used strictly as a log analysis tool, monitoring and analyzing firewalls, IDSs, web servers and authentication logs.
Active Development
OSSEC has a very active development, with a release cycle of every 3/4 months. Bugs and feature requests can be sent through our bugzilla or mailing lists and we will do our best to solve them. If you are interested in being a part of this project, we are always open to new contributors. Check out our FAQ entry “How to start helping with the project?” for more information.
Commercial Support
If you need an enterprise-class commercial support for OSSEC, Third Brigade, Inc., the company behind this great open source project, offers this option to our users. More information at the OSSEC commercial support page.
OSSIM
New to OSSIM ? Read on
OSSIM stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant network/security administrators with a detailed view over each and every aspect of his or her networks, hosts, physical access devices, server, etc.
Besides getting the most out of well known open source tools, some of which are briefly described below, OSSIM provides a strong correlation engine, detailed low, medium and high level visualization interfaces, and reporting and incident management tools, based on a set of defined assets such as hosts, networks, groups and services. All of this information can be restricted by network or sensor in order to provide only the required information to specific users; allowing for a fine grained multi–user security environment. Finally, the ability to perform as an IPS (Intrusion Prevention System), using correlated information from virtually any source, will be a useful addition to any security professional’s arsenal.
Components
OSSIM features the following software components:
Arpwatch – used for MAC anomaly detection.
P0f – used for passive OS detection and OS change analysis.
Pads – used for service anomaly detection.
Nessus – used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
Snort – the IDS, also used for cross correlation with nessus.
Spade – the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signatures.
Tcptrack – used for session data information which can prove useful for attack correlation.
Ntop – which builds an impressive network information database from which we can identify aberrant behavior/anomaly detection.
Nagios – fed from the host asset database, it monitors host and service availability information.
Osiris – a great HIDS.
OCS-NG – cross-platform inventory solution.
OSSEC – integrity, rootkit, registry detection, and more.
To this we add a bunch of self developed tools, the most important being a generic correlation engine with logical directive support. Finally we take any other device you might have on your network which could contain useful data which, when fed to the system, could allow for a better undestanding of what's going on on your network.
Profiles
Usually a typical ossim deployment consists of:
A database host.
A server which hosts the correlation, qualification and risk assessment engine.
Security Service Strategies for Small and Medium size firms Posted by boss on Monday, 30 November 2009 @ 09:19:36 EST (125 reads) TopicAwareness Info
Anonymous writes "
Feds To Sharpen Cybersecurity Job Policies
The Office of Personnel Management seeks to develop a framework for the classification, hiring, performance management, and development of federal cybersecurity pros.
On the heels of a report that raised concerns about the competency of cybersecurity pros at the Department of the Interior, the Office of Personnel Management plans to develop better ways to ensure that the federal cybersecurity workforce is up to snuff.
In a recent memo to federal HR directors, OPM director John Berry said the effort will include developing policies and guidance on job classification, hiring, performance management, and workforce education and development. He implied that the work was brought on by a consensus among OPM, the federal CIO Council, and federal Chief Human Capital Officers Council that cybersecurity workforce development required a government-wide framework.
That bears out with other findings. Earlier this year, Booz Allen Hamilton surveyed 69 officials from 18 federal agencies and concluded that among other challenges to federal cybersecurity, "fragmented governance and uncoordinated leadership" hinder the ability to meet the government's cybersecurity needs.
A report issued this month by the Department of the Interior highlights the problems Barry and OPM plan to address. Among cybersecurity staff, Interior requires only self-certified training, and the inspector general found that only 13.5% of self certifications were relevant and complete.
Furthermore, the report found a pipeline coordinator officer and a supervisory land examiner among many with non-security titles whose jobs were entirely focused on cybersecurity. Among the other problems identified in the report: several Interior CISOs don't hold top-security clearances as policy requires.
In the memo, Barry asked federal HR directors to send OPM information about cybersecurity job descriptions, vacancies, accreditation, training, performance management, and any governance frameworks they have in place, as well as details of the challenges they face.
It's unclear when final policies might be released, but OPM plans to organize the models around three categories of cybersecurity pros: IT operations, law enforcement, and specialized operations that include classified work on "collection, exploitation and response."
NOTE FROM CLEMENT:
LOOK AT THE FOLLOWING REPORT WHICH IS INTERESTING:
Finding the flaws in your operating systems and applications is only the beginning. You then need to plot a path to security and ensure that no new weaknesses find their way onto your network. This Dark Reading report focuses on how to do that. Download the report here (registration required)
4,000+
CISSP's were "Certified" from SU's CISSP Prep classes.
Special Pricing for CISSP® Prep Class - 2 attendees for $2,495
/same
class! Click
here to learn more
CISSPs,
SSCPs and ISACA members can receive 40 CPE credit for attending each
class. You can earn the credit by simply specifying your number on
the registration form and correctly answering 3 multiple choice polling
questions about the program at the end of the event.
CISSP®
is a
registered trademark of (ISC)2® SU CISSP® Prep classes
are not
endorsed, sponsored or delivered by (ISC)2®
DoD 8570M Information
Assurance
Security University Q/ISP
Certifications
Selected to be added to IA 8570M2
Q/ISP & related Certifications are selected to be
added to
IAT II and IAT III certifications! (pending approval)
Webcast: “SC Magazine’s 20 Influential Security Products of the Past 20 Years” Posted by boss on Thursday, 12 November 2009 @ 15:35:12 EST (221 reads) TopicTraining News
*** A recording of the webcast will be sent to everyone who registers, so be sure to sign up even if you can’t attend the live session. *** ---------------------------------------------------------------------------------
SC Magazine recently marked its 20th anniversary with a special issue including the publication’s picks for 20 influential security products of the past 20 years. Please join Peter Stephenson for a webcast review of these products and how they have assisted SC Magazine’s security pros during tough situations, made their jobs easier, and helped them to make new discoveries about the current threat environment.
The webcast will detail the process through which SC Magazine editors and reviewers selected the 20 products, while also taking a closer look at some of the individual selections. In addition, Stephenson will touch upon some of the most interesting and valuable experiences that he and his team have had over their many years of testing products and using them in their own IT environments.
Core Security’s penetration testing software solution, CORE IMPACT Pro, will also be covered as part of SC Magazine’s list. Stephenson will offer his thoughts on the product’s evolution over time and why the experts have praised its ability to prioritize, benchmark and measure organizational exposure to real-world IT threats.
Microsoft Security Intelligence Report for first half of 2009 Posted by boss on Tuesday, 10 November 2009 @ 21:00:44 EST (269 reads) TopicAwareness Info
Microsoft Security Intelligence Report provides an in-depth perspective on malicious and potentially unwanted software, software exploits, security breaches and software vulnerabilities (both in Microsoft software and in third-party software). Microsoft developed these perspectives based on detailed analysis over the past several years, with a focus on the first half of 2009.
The latest Microsoft Security Intelligence Report shares security best practices from countries that have consistently exhibited low malware infection. These best practices and security intelligence provide a valuable resource for business leaders who need to make accurate decisions based on the threats that are most pressing today.
Infection rates and threats vary geographically, and the report contains proven best practices from countries with the lowest infections. For example, infection rates in Japan, Austria and Germany remained relatively low during this period.
Comments from Prakash: This is a detailed report of 232 pages from Microsoft with inputs from Microsoft Malware Protection Center & Microsoft Security Engineering Center. It gives complete overview of threats around the world.
FREE SC World Congress tickets from CCCure and Security University Posted by boss on Thursday, 01 October 2009 @ 21:39:18 EDT (519 reads) TopicTraining News
SU and CCCure are offering 3 free passport ticket to SC World Congress 2009 Oct 13 - 14 worth $1500. In addition to dozens of other presentations from esteemed security leaders, the conference has four information tracks designed to increase the security professionals' knowledge: Policy/Management, Emerging Threats/Risk Planning, Editor’s Choice and Technical requirements and advances. Through these tracks, attendees will examine topics ranging from data theft and compliance to establishing partnerships between government and the private sector, security awareness to critical infrastructure protection, and from SCADA attacks to cyberwarfare.
"For an entire year - since the success of our inaugural SC World Congress – we've been working to solicit input from our readers' about what they want to experience at the East Coast’s largest security event, and working to build an agenda that exceeds their expectations," said Illena Armstrong, editor-in-chief, SC Magazine. "We are proud to say that for the 2009 SC World Congress, we have put together the most comprehensive and exciting roster of informative experts, special events and talk tracks to share the latest and greatest the information security world has to share."
email SU your name, address and phone contact info to: Info@securityuniversity.net Tell us why you should win the free $1,500 passport tickets. Drawing will for 3 FREE passport tickets to SC World Congress will be Oct 9th.
-- Qualified Training, Qualified Results
Sondra J. Schneider Founder & CEO, Security University 109 Weed Ave Stamford CT 06902 work 203.357.7744 cell 203.249.8364 www.securityuniversity.net
and
Clement Dupuis, CD President and Founder The CCCure Family of Portals
We have a small class size / an amazing passing rate!
Still pressured to get your Security+ training for 8570 Compliance? October 5-9, 2009 Security University's special 2 attendees @ $2,495 pricing in Reston, VA.
The last 7 Security+ classes had a 96 - 98% pass rate! Our track record for Security+ training and testing is impossible to match.
Our SU Security+ courseware is mature and you get a world class instructor that can lead you to success, regardless of who you are or your background. We will provide you with 75+ practice quizzes that will help you identify your weak domains and areas. Quizzing is one of the most effective ways to identify what you need to study and it is an effective tool to help you remember the key topics needed to pass this exam.
We will provide you with assistance before, during and after your class.
This is not a one-time affair; we wish to establish a long-term relationship and be your training provider of choice for years to come! We always work hard to earn this right and your business.
Don't wait - click here for more information and to view all of our current class dates.
For more information and to reserve your seat NOW, please call 1-877-357-7744.
Security University, Where "Qualified" Happens!
CU in class!
Sondra Schneider CEO Q/ISP, Q/EH, Q/SA Q/PTL, Q/FE Q/ND, Q/IAP, CISSP, ISMS Lead Auditor
Acxiom Corporation is looking for a motivated self-starter with strong security background. The candidate must possess a strong attention to detail, thorough understanding of networking, and be a logical thinker. The position would be focused on protecting the network integrity of Acxiom and its outsourcing client environments.
This is an exciting, fast paced environment with numerous opportunities to take part in a variety of security designs. Working on Acxiom internal and external customer firewalls will challenge your engineering and design skills – are you up to the challenge?
This position is responsible for the following:
*Design/ Implementation of security architectures. *Installation and configuration of Checkpoint and Cisco firewall solutions. *Installation, management, and planning software and hardware upgrades. *Troubleshooting of IP network communications. *Monitoring firewall and proxy logs. *Interfacing with vendors, clients, and users to design security solutions.
Required Skills:
*Knowledge of IP (TCP/UDP/ICMP) protocols. *Candidate should possess relevant experience with key network vendor solutions (e.g., Checkpoint, etc). *Strong communication skills. *Must be comfortable in presenting both details to technical teams as well as business impact/risk analysis to management.
Nice to have skills:
*Experience with Nokia or Checkpoint Secure Platform. *UNIX shell scripting and PERL experience. *Clustering and/or High Availability experience. *Security/Network Disaster Recovery experience. *Database administration, backup, and recovery. *Contingency planning. *Good documentation and process diagramming skills. *UNIX administration skills. *Network/Security forensic experience.
Education:
*Requires BS/BA or equivalent; CCSA and CCSE certification desired.
Who are we? A global leader in interactive marketing services, Acxiom connects clients with their customers through deep consumer insight, powering effective and profitable marketing initiatives and business decisions. Our consultative approach spans multiple industries and incorporates decades of experience in consumer data and analytics, information technology, data integration and consulting solutions for effective marketing across digital, Internet, email, mobile and direct mail channels. Founded in 1969, Acxiom is headquartered in Little Rock, Ark., and serves clients around the world from locations in the United States, Europe and Asia-Pacific. For more information about Acxiom, visit www.acxiom.com.
Please find the JD of the senior Security Incident Response & Forensics profile we had discussed about earlier. The location is Dubai.
We need at least a couple of good CVs by tomorrow. The need is urgent.
The Security Incident Response Team members should have at least 5+ years of experience in handling Security Incidents and preferably an overall experience of 6+ years.
Should be an expert on : (at least 80% of these)
· Using ENCASE and FTK forensic-analysis tools for analysis of Security Incidents
· Certified Computer Hacking and Forensic Investigator (CHFI),
· CISSP
· Certified Ethical Hacker (CEH)
They would also form part of the problem management team as well, which would be focused at arriving at Root-Causes and suggest corrective actions for high impact incidents and potential failures in the system. While being part of the Wipro service delivery team, they will have a reporting directly to the Du business leads. This would make these profiles really high-visibility profiles within the overall delivery setup.
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
This web site is not associated directly or indirectly with ISC2, the SANS Institute, ISACA, or other certification authority. The GCFW, CISSP, SSCP, ISSEP, ISSMP, CISA, and CISM are all the property of their respecful owners. The content of this site is provided to you freely due to the generosity of our sponsors.
Brochure
CISSPs,
SSCPs and ISACA members can receive 40 CPE credit for attending each
class. You can earn the credit by simply specifying your number on
the registration form and correctly answering 3 multiple choice polling
questions about the program at the end of the event.
