|
|
|||
 |
|
|||
Rated #1 TrainingLibrary of Documents Main Library Area  COBIT© Standard Governance ISO Standard 27001/17799/BS7799 Security Awareness Security Policies SSE-CMM© *Quality versus Quantity* Forum Postings ISSAP Study Start Completed both AIO & CBK. BCP/DRP Question of the Week What experience did you have prior to CISSP? Help on CISSP. Endorsment form & CV : Email or Post? Free CISSP Online Instructor Led Course - March Study Group Forming in Pleasant Hill, CA USA Access Violation question about examCISSP's BlogsHere is a list of Blogs maintained by CISSP's. SECURITY JOBS ISC2 BLOGS CISSP's BLOGS - Allen Baranov LEGAL INFO BLOGS - Bow Tie Law's Blog Recommended PodcastsSecurity BooksSurveysTop10 Links· 1: CISA et CISSP Quizzes
· 2: Exam Introduction and overview · 3: Ben Rothke's Web Site · 4: 1. Information Security and Risks Management CBK Tutorial · 5: Resume of the 10 domains of the CBK · 6: Erik Chang, CISSP Study Resources · 7: China CISSP Study Group · 8: International Information Systems Security Certifications Consortium Inc. · 9: Rob Slade's CISSP Books reviews · 10: 2. Access Control CBK Tutorial Top10 Downloads· 1: CRAM Study guide on the 10 domains of the CBK
· 2: Domain 1.zip · 3: Study Guide for Domain 1 - Access control Systems and Methodologies · 4: Overly Updated.pdf.zip · 5: Great Document on Security Models · 6: Intro1.zip · 7: Domain 3.zip · 8: Cram Study Guide for Domain 1 - Access control Systems and Methodologies · 9: Domain 7.zip · 10: Domain 5.zip Who's OnlineThere are currently, 100 guest(s) and 24 member(s) that are online. You are Anonymous user. You can register for free by clicking here Training Classes CalendarTest of Widget
|  |
Official (ISC)2 Guide to the CISSP CBK, Second Edition
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Harcover: |
1008 pages |
| Dimensions (in inches): |
2.25 x 9.25 x 7.50 |
| Publisher: |
McGraw-Hill Osborne Media; 5th edition (February 8, 2010) |
| Language: |
English |
| ISBN: |
0071602178 (OR) 978-0071602174 |
Shon Harris, CISSP, MCSE, is a security consultant, a former engineer in the Air Force Information Warfare Unit, an instructor, an author, and President of Logical Security.
She has written two best selling CISSP books, and co-authored Hacker's Challenge and Gray Hat Hacking. Shon has developed a new security book series, being published by McGraw-Hill, which will be sold to corporations, universities, colleges, and professionals throughout the world. This series will set the new standards in security training, education, and industry practices.
She is an active contributor for Information Security Magazine and Windows 2000 Magazine. Shon has taught computer and information security to a wide range of clients including RSA, Department of Defense, Department of Energy, National Security Agency (NSA), Bank of America, Defense Information Systems Agency (DISA), BMC, and more.
Shon was recently recognized by Information Security Magazine as one of the top 25 women technologists, researchers and executives reshaping information security today.
Chapter 1: Reasons to Becoming a CISSP Chapter 2: Security Trends Chapter 3: Security Management Practices Chapter 4: Access Control Chapter 5: Security Architecture and Models Chapter 6: Physical Security Chapter 7: Telecommunications and Network Security Chapter 8: Cryptography Chapter 9: Business Continuity Planning and Disaster Recovery Chapter 10: Laws, Investigations, and Ethics Chapter 11: Applications and Systems Development Security Chapter 12: Operations Security Appendix: About the CD-ROM IndexVisit the link below to give us feedback about the new book:
https://www.cccure.org/forum-6.html
If you do find any mistakes, visit the link below to contribute them to the forum reserved for that purpose:
Get all the details at:
https://www.cccure.com/cart/products/CISSP-ALL-IN-ONE-FIFTH-EDITION-from-Shon-Harris.html
"(comments? | Score: 0)
CPE = CONTINUOUS PAYMENT EXPECTED
Posted by boss on Thursday, 21 January 2010 @ 20:45:21 EST (187 reads)
Topic CISSP OSG INFO
NOTE FROM CLEMENT:
CompTIA has joined the rank of certification body who will require CPE's to keep our A+, Network+, and Security+ certification current as well as imposing an expiry date or renewal cycle every 3 years like other certification body are doing.
If the whole CPE things was done properly it would be great. However in most case this is use as a way of making more money by offering seminars and other cheesy training to make CPE's. When will people get serious about providing skills and knowledge as a priority.
See the announcement below from CompTIA:
CompTIA Certification Renewal Policy
CompTIA A+, CompTIA Network+ or CompTIA Security+ certifications are now valid for three years from the date the candidate is certified. The change brings the CompTIA certifications in line with the practice of other major providers of certifications for IT professionals, such as Cisco, Microsoft and Oracle.
The renewal policy also is required for these three certifications to maintain their accreditation and compliance with internationally accepted standards for assessing personnel certification programs (ANSI/ISO/IEC 17024). CompTIA A+, CompTIA Network+ and CompTIA Security+ certifications earned the ISO 17024 accreditation from the International Organization for Standardization (ISO) in 2008. ISO requires that individuals have a way to renew the currency of their certification on a regular basis. In CompTIA’s case, renewal will occur every three years.
The new certification renewal policy is applicable to all individuals who hold CompTIA A+, CompTIA Network+ or CompTIA Security+ certifications, regardless of the date they were certified. Other CompTIA certifications are not affected at this time.
Beginning January 1, 2010, a “Valid Through” date appears on all certificates and certificate holder ID cards for individuals who earn CompTIA A+, CompTIA Network+ or CompTIA Security+. The date is three years from the date of certification.
Certification renewal will ensure that individuals have the most up-to-date skills and knowledge to deal with the fast-changing IT environment.
In conjunction, CompTIA is introducing a continuing education program for individuals with multiple ways to earn continuing education credits to maintain their active certifications.
Among activities that will qualify for continuing education credits are passing a “bridge” exam or the most current exam for their CompTIA certification; teaching, lecturing or presenting on relevant industry topics; participating in non-degree courses or computer-based training; attending relevant industry conferences and events; participating in a CompTIA exam development workshop; publishing articles, whitepapers, blogs or books on relevant topics; obtaining other industry certifications; or completing industry-related college courses from degree-granting institutions.
Enrollment in the certification renewal program is expected to be available in mid-2010.
(Read More... | 2 comments | Score: 0)
ISACA Announces New CRISC Certification for Risk Professionals
Posted by boss on Sunday, 17 January 2010 @ 18:26:29 EST (132 reads)
Topic ISACA
Rolling Meadows, IL, USA (13 January 2010)—ISACA, a global association of 86,000 IT audit, risk, governance and security professionals, is responding to market demand by introducing a new risk-related certification. The Certified in Risk and Information Systems Control (CRISC) designation is for IT professionals who identify and manage risks through the development, implementation and maintenance of information systems (IS) controls. These professionals help enterprises accomplish business objectives such as effective and efficient operations, reliable financial reporting, and compliance with regulatory requirements.
A grandfathering program, through which experienced professionals can earn the certification without passing an exam, will open in April. The first CRISC exam will be administered in 2011.
ISACA established CRISC (pronounced “see risk”) to recognize IT professionals with skills and abilities related to:
- Risk identification, assessment and evaluation
- Risk response
- Risk monitoring
- IS control design and implementation
- IS control monitoring and maintenance
“The CRISC designation will demonstrate to employers that the certification holder is able to identify and evaluate the risks unique to their specific organization and help the enterprise accomplish its business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls,” said Urs Fischer, chair of ISACA’s CRISC Task Force. “We conducted an extensive amount of research globally and found that enterprises are becoming more risk-aware and are looking to identify professionals who possess the skills to help them protect their assets and enhance their businesses. CRISC fills a gap that currently exists in the marketplace.”
CRISC complements ISACA’s three existing certifications: Certified Information Systems Auditor (CISA), established in 1978 and earned by more than 70,000 professionals since its inception; Certified Information Security Manager (CISM), earned by more than 12,000 professionals since it was launched in 2002; and the newer Certified in the Governance of Enterprise IT (CGEIT), earned by more than 4,000 professionals since it was developed in 2006:
- CISA is designed for IT professionals who perform independent reviews of control design and operational effectiveness; CRISC is for IT and business professionals who design, implement and maintain IS controls.
- CISM is for individuals who manage, design, oversee and/or assess an enterprise’s information security, including the identification and management of information security risks; CRISC is for IT professionals whose roles also encompass operational and compliance considerations.
- CGEIT is for IT and business professionals who have a significant management, advisory or assurance role relating to the governance of IT, including risk management; CRISC is for IT and business professionals who are engaged at an operational level to mitigate risk.
Additional information about the CRISC certification is available at www.isaca.org/crisc.
About ISACA®
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.
ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.
Media Contacts:
Kristen Kessinger, +1.847.660.5512, kkessinger@isaca.org
Deborah Vohasek, +1.847.660.5566, dvohasek@isaca.org
Joanne Duffer, +1.847.660.5564, jduffer@isaca.org
ISACA
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008
USA
(comments? | Score: 0)
10 valuable advices to land a job in 2010
Posted by boss on Friday, 15 January 2010 @ 14:56:59 EST (123 reads)
Topic JOBS
So, here we are: 2010 is here already! Several good thoughts and hopes of a better future flooded our minds during these past couple of days, so now it’s time to kick off and make all our wishes to realize. For many of us, 2010 renovates the perspective of finding a job if unemployed, or a better job in case you strive for different horizons. Regardless of what drives you, finding a new job sounds like a daunting task if you’re not prepared. So what about having a little help to give you the edge and make the hunting a bit easier?
Below I share a bit of my personal experience (and also of my close colleagues) that should help you put together your personal strategy to land a job. So get yourself ready, leave your comfort zone and let’s make our career resolutions come true!
See the whole article at:
http://www.myinfosecjob.com/2010/01/10-valuable-advices-to-land-a-job-in-2010/#more-438
"(comments? | Score: 0)
2010: A Good Time to Start an Information Security Career
Posted by boss on Friday, 15 January 2010 @ 14:50:46 EST (157 reads)
Topic JOBS
Another great article published on the BankInfoSecurity web site:
I hear that latter statement, especially, and think to myself "Man, not if you're in information security!"
 |
This year and next year, bar none, security is the smart place to be in IT. - David Foote 
|
First of all, from the president on down, this nation is all about cybersecurity these days. It's one of the three hottest topics in Washington, D.C., and as my colleague Eric Chabrow says, you're likely to see some major cybersecurity policy at least discussed in 2010. Government agencies are eager to hire new, skilled security professionals.
The second hot topic in D.C. is healthcare. In 2009, the federal government gave healthcare organizations a boatload of money to create electronic records, and in 2010 it's going to enforce new regulations to help protect those records. Think this initiative won't call for additional personnel skilled in risk management, privacy and incident response? Good time to be an information security professional in healthcare. And stay tuned, please, for further discussion on this subject.
And then there's banking reform - the third hot topic in D.C. And while it's hard to imagine exactly how the regulatory agencies will be reshuffled when all the dealing is done, it is clear that: 1) There will be increased regulation, especially for non-banking financial institutions; 2) There will be greater consumer advocacy and security standards; 3) All of this regulatory pressure is going to require new bodies inside the institutions to secure critical systems, as well as outside to examine them.
Like I said, a good time to either start or re-start a career in information security.
I caught up recently with David Foote of Foote Partners LLC, a leading IT staffing research firm. He's been tracking technology-related job trends literally for decades now, and his assertion flat-out is: There's never been a better time to be an information security professional. "This year and next year, bar none, security is the smart place to be in IT," says Foote, who in his conversation with me discusses the wave that has driven the surge in security jobs, as well as his predictions for 2010-2012.
I'd be remiss if I didn't mention our recent Information Security Today Career Trends Survey, which looks academic, business and industry objectives for 2010, pointing to risk management, cybersecurity and fraud/forensics as the hottest topics for training in growth.
But what's the career outlook from your perspective? Where do you see the best information security jobs in 2010, and what are you doing to grow your own career?
Indeed, we are all lucky to have jobs these days. But we're even luckier to be in a field that's growing as quickly as information security.
Here's to a prosperous - and secure - 2010.
(comments? | Score: 0)
Job Offer Consultant - ISO27001 Implementation & Certification
Posted by boss on Thursday, 14 January 2010 @ 19:15:05 EST (138 reads)
Topic JOBS
Job Title: Consultant - ISO 27001 Implementation & Certification
Closing Date: 28th Feb, 2009
Location: Doha, Qatar
Contact: Balwant Rathore at balwant_rathore@oissg.org
Profile:
The consultant should provide a structured programme to assist clients in ISO 27001 implementation for accreditation.
Required competencies:
- 2-5 yrs of experience in implementation and maintenance of ISO 27001 in medium / large size organizations.
- In depth knowledge of ISO 27001 standard requirements and end-to-end (from beginning to the end) involved in at least one cycle of ISO 27001 certification process.
- Good knowledge in policy/procedure development
- Trained ISO 27001 Internal Auditor and extensive experience in conducting audits
Preferred competencies:
- Certified ISO 27001Lead Auditor
- ISO 27001 Training Experience
- CISSP Training Experience
- Knowledge / Experience in standards like ISO 20000, ISO 9001 and CMMI
Others:
- Excellent oral and written communication skills is must
- Candidate from big 4 consulting firms are preferred
Interview Process:
- Short listing of profiles
- Telephonic Interview
- Schedule a personal interview
"
(comments? | Score: 0)
Info for students that lost money due to Vigilar Intense School closing doors
Posted by boss on Thursday, 14 January 2010 @ 18:26:37 EST (177 reads)
Topic CISSP OSG INFO
Hi Everyone,
Today is an exceptionally great day for your clients and students that paid Intense School pre-paid fees for classes.
I have contacted SCHEV (State Council of Higher Education for Virginia) in VA - the licensing board in the State of VA and they said students can get a portion of their money refunded.
Linda Woodley is the SCHEV Director and has confirmed Intense School class fees may be refunded to the students. Below is Linda Woodley's contact information to send/email about refunding class fees.
Intense School told SCHEV no student was going to lose class fees from Intense School closing. She has been advised differently.
Your all welcome to contact Linda and I hope this helps.
Pls let me know how Security University can assist you. You have my contact info below.
'good luck with working with Linda as she really knows her stuff. ttys SJS:)
Linda H. Woodley, M.Ed.
Director, Private & Out-of-State Postsecondary Education
State Council of Higher Education for Virginia
James Monroe Building
101 N. 14th Street, 9th Floor
Richmond, VA 23219
Office phone: 804-371-2938
Fax phone: 804-786-2027 or 804-225-2604
E-mail: lindawoodley@schev.edu
Website: www.schev.edu
This information was provided by Sondra at Security University. Sondra has been a sponsor of CCCure for a long time and this is where you can get CISSP classes delivered by Clement Dupuis the owner of the CCCure Family of Portals. See Sondra's contact info below. Give her a call to book a seat on one of the many top notch qualified security classes or the world's best CISSP class.
--
Qualified Training for Qualified Results!
Sondra J. Schneider
Founder & CEO, Security University
109 Weed Ave
Stamford CT 06902
work 203.357.7744
cell 203.249.8364
www.securityuniversity.net
(Read More... | 1 comment | Score: 0)
Job Opening Penetration Tester "Hacker"
Posted by boss on Wednesday, 13 January 2010 @ 10:31:55 EST (118 reads)
Topic JOBS
Title: Security Engineer (“Penetration Tester & Hacker”)
Located in Charlotte, NC for large global leading co. with advancement opportunity. Will relocate the right individual(s). Multiple openings $75-105k. This client performs a background investigation on all new hires- checking credit history, possible drug screen, etc.
The Security Engineer’s role is to ensure the confidentiality, availability and integrity of in-house information systems. Will perform penetration testing and create own “hacking” resources (proposing new models and innovative strategies), not just use pre-packaged standard tools. Ideal candidate will have 3-10 years exp. performing Systems administration, Network administration, Shell scripting and automation, Security testing. Will design and perform audits, recoveries, monitor security performance. Strong hands-on technical knowledge of Firewalls, IDS/IPS, Windows, UNIX, TCP/IP. Support of McAffee and/or PGP products. Must have strong customer-focused skills, good communication and documentation abilities.
Cindy Miceli
Recruiter
Alta Associates
8 Bartles Corner Road
Flemington, NJ 08822
908-806-8442
"(comments? | Score: 0)
Login here
Our Sponsors
Recommended
CCCure Supporters
Most Active Members
Total points: 11781
· 2: Lopezco
Total points: 8506
· 3: cissp_newbie
Total points: 7593
· 4: cdupuis
Total points: 6332
· 5: mikeyoung_fla
Total points: 5416
· 6: Vladimir
Total points: 4611
· 7: MMM
Total points: 2969
· 8: damoose
Total points: 2172
· 9: educk
Total points: 2155
· 10: vijayu
Total points: 1910
Today's Big Story
Random Headlines
Past Articles
| Friday, January 08 | |
| · | Is your Anti-Virus worth the price you paid for? |
| · | What is YOUR reason for not using the proper tools |
| Monday, January 04 | |
| · | Researchers demonstrate brilliant quantum hack |
| Friday, December 25 | |
| · | Top 10 Certifications for 2010 |
| Tuesday, December 22 | |
| · | Vigilar Intense School has closed doors |
| Monday, December 14 | |
| · | The Top 20 Critical Security Controls |
| Thursday, December 10 | |
| · | For CISSP's: ISC2 launched InterSeC, its very own professional networking |
| Tuesday, December 08 | |
| · | ATM Scam Bank ATMs converted to steal bank customer IDs |
| Saturday, December 05 | |
| · | After "Open DNS" meet the new "Google Public DNS resolver" |
| Thursday, December 03 | |
| · | Special offers to hakin9 magazine subscription for CCCure members and visitors! |
| Wednesday, December 02 | |
| · | Certification Magazine’s 2009 Salary Survey By Certification Magazine Editorial |
| Monday, November 30 | |
| · | Log Consolidation Tool -- Meet OSSEC and OSSIM |
| · | Security Service Strategies for Small and Medium size firms |
| Monday, November 16 | |
| · | Security University has been selected to be added to 8570 |
| Thursday, November 12 | |
| · | Webcast: “SC Magazine’s 20 Influential Security Products of the Past 20 Years” |
| Tuesday, November 10 | |
| · | Microsoft Security Intelligence Report for first half of 2009 |
| Thursday, October 01 | |
| · | FREE SC World Congress tickets from CCCure and Security University |
| Tuesday, September 22 | |
| · | 2-for-1 Security+ Class - Beat the 8570 Deadline! |
| Friday, September 18 | |
| · | Security Job Offer |
| Monday, August 31 | |
| · | Security Incident Response Team (SIRT) job opening in Dubai |
Older Articles
The comments are property of their posters, all the rest © 2007 by CCCure.Org, and the site maintainers Clement Dupuis and Nathalie Lambert. Reuse is strictly prohibited without written permission of CCCure.Org or it's maintainers.
This web site is not associated directly or indirectly with ISC2, the SANS Institute, ISACA, or other certification authority. The GCFW, CISSP, SSCP, ISSEP, ISSMP, CISA, and CISM are all the property of their respecful owners. The content of this site is provided to you freely due to the generosity of our sponsors.
- EDPACS
- Hackin9
- Information Security Magazine
- Information System Management Magazine
- The official journal of ISC2
- InfoSecurity Magazine UK Version
- InfoSecurity Magazine US Version
- Journal of Digital Forensics
- Journal of OC and Electronic Commerce
- ISC2 Certifications
- CISSP
- CISSP CBT By Shon Harris
- CISSP Total Learning Package
- CISSP Documents
- CISSP FAQ
- CISSP in the news
- CISSP Quizzes
- CISSP Study Books
- Official ISC2 Book Errata
- CISSP Study Forums
- CISSP Study Guides
- CISSP Study Group HOWTO
- CISSP Study Links
- CISSP Study Mailing List
- CISSP Study Tips
- CISSP Training
- CISSP Tutorials
- CCCure
- SearchSecurity Shon Harris Tutorials
- DOMAIN 1 - SECURITY MANAGEMENT PRACTICES
- DOMAIN 2 - ACCESS CONTROL
- DOMAIN 3 - CRYPTOGRAPHY
- DOMAIN 4 - SECURITY MODELS AND ARCHITECTURE
- DOMAIN 5 - TELECOMMUNICATIONS AND NETWORKING
- DOMAIN 6 - APPLICATIONS AND SYSTEMS DEVELOPMENT
- DOMAIN 7 - BUSINESS CONTINUITY
- DOMAIN 8 - LAWS, INVESTIGATIONS AND ETHICS
- DOMAIN 9 - PHYSICAL SECURITY
- DOMAIN 10 - OPERATIONS SECURITY
- Veridon
- SearchSecurity CISSP Webcasts
- ISC2 Official Webstore
- How to get CPE's
- LinkedIn for CISSP
- SSCP
- ISC2 CAP
- ISC2 ISSEP
- ISC2 Information
- CISSP
- ISACA
- SANS GIAC
- GCFW Certification
- Onsite Training
- Online Classes
- 8570 Training
- GI Bill
- GSA Schedule
- CNSS Training
- CISSP Classes
- CompTIA Security+
- Security+ & SSCP Bootcamp
- Q/EH - Qualified Ethical Hacker
- Q/FE - Qualified Forensic Expert
- Q/ND - Qualified Network Defender
- Q/SA - Qualified Security Analyst and Pen Testing
- Q/SSE - Qualified Security Expert
- Q/WAD - Qualifed Wireless Analyst and Defender
- Certified ISO 27001 Implementation Course
- ISM Lead Auditor Certification Class
- CWNA - Certified Wireless Network Admin
- CWSP - Certified Wireless Security Expert
- CWNA & CWSP Bootcamp
- CND Training
- Intro Classes
- Specialty Training
- Special Discount Page
- CISSP Tutorials
- CCCure
- SearchSecurity Shon Harris Tutorials
- DOMAIN 1 - SECURITY MANAGEMENT PRACTICES
- DOMAIN 2 - ACCESS CONTROL
- DOMAIN 3 - CRYPTOGRAPHY
- DOMAIN 4 - SECURITY MODELS AND ARCHITECTURE
- DOMAIN 5 - TELECOMMUNICATIONS AND NETWORKING
- DOMAIN 6 - APPLICATIONS AND SYSTEMS DEVELOPMENT
- DOMAIN 7 - BUSINESS CONTINUITY
- DOMAIN 8 - LAWS, INVESTIGATIONS AND ETHICS
- DOMAIN 9 - PHYSICAL SECURITY
- DOMAIN 10 - OPERATIONS SECURITY
- Veridon
- CISSP Quizzes
- CISA Quizzes
- Contributed Quizzes
- CISSP
- Coming Soon
- CISSP
- CGEIT Certification by ISACA
- CISA Certification by ISACA
- CISM Certification by ISACA
- CAP Certification by ISC2
- CISSP Certification by ISC2
- CSSLP certification by ISC2
- ISSMP Certification by ISC2
- ISSEP Certification by ISC2
- SSCP Certification by ISC2
- HIPAA Certification
- ITIL Certification
- SANS GIAC GCFW
- Enterprise Risk Management
- Jobs & Career
- PCI DSS
- Real Life Security Issues
- Sarbanes-Oxley
- VOIP
Page Generation: 0.99 Seconds