Welcome to cissp CISSP training Certified Information Systems Security Professional
Search
Nickname Password Security Code Security Code Type Security Code  



Shon Harris Training

Shon's Corner

Library of Documents

Forum Postings

Recommended Podcasts

CISSP's Blogs

MISC Menu

ISO 17799/ISO 27001

Surveys

Where do you find the best price for books?

Amazon.Com
Bookpool.Com
The ISC2 webstore
CISSPS.COM
Cheapbooks.com
Ecampus.com
Other (Please leave a comment with name of site)



Results
Polls

Votes: 905
Comments: 30

OCSIG

Security Books

Top10 Downloads

Top10 Links

Who's Online

There are currently, 50 guest(s) and 17 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
cissp CISSP training Certified Information Systems Security Professional: ISC2 Org

Search on This Topic:   
[ Go to Home | Select a New Topic ]

CISSP Exam – Learning Above Technology & Understanding Security in Holistic
Posted by boss on Friday, 21 November 2008 @ 11:00:25 EST (525 reads)
Topic ISC2 Org

cdupuis writes "August 27, 2008 CISSP Exam – Learning Above Technology And Understanding Security In A Holistic Manner

 

For years I have heard people complain about having to learn things for the CISSP exam that they would never use in their life. When I was studying for this exam several years ago, I said the same types of things. I also hear people saying that they have to learn security through (ISC)2’s view for this exam, which does not match with reality.  The thought on both of these statements is that someone would have to memorize items for the test that are not helpful in their career – thus a waste of time. Again, I fell into this bucket when I studied and took the exam forever ago. Now I see it completely differently.

I have found that since I have written books and taught CISSP classes for many years, I understand the material at a much greater degree than I would have if I just studied and took the test and moved on with life.

The things that people complain about having to learn (Bell Lapadula, Biba, Clark-Wilson, etc.) are very beneficial to their understanding of security in a holistic manner instead of just focusing on their original thought of what makes up security.  Many technical people seem to think that learning anything above technology is a waste of their time. This is a common thought patterned because they are stuck in a realm that dictates that anyone who does not understand technology like they do are inferior. But companies are not in business to just have software and networks in place. The software, network, and systems are just some of the tools the company uses to support and further their business. So understanding things that are above technology, commonly referred to as soft skills, are actually more critical in the world of business – which is where we all live and work.

Although I am pretty disappointed with the way that the questions on the CISSP exam are worded (confusing, vague, subjective), I have a great appreciation for the actual Common Body of Knowledge CBK.  I was a security consultant before I took the exam, and then I wrote books, and taught CISSP – and I am still a security consultant, but the difference in my knowledgebase and view on security has drastically changed.

I, like most people, focused on what security topics I was to perform in my specific job. At the time on-line banking was just coming to the market (yes I am that old) and I worked with programmers, software architects, project managers, analysts, and end customers – all focusing on on-line banking . I sure as hell was not interested in the different types of fire suppression, access control models, trusted computing base or anything outside of my domain of topics that I lived, worked and breathed in.

Part 1 of 5 extracted from an original article written by Shon Harris entitled:

The CISSP Exam is Out of Date, Irrelevant, and Subjective
Busting through the Myths of the CISSP Exam

Read Part 2 - Training For CISSP - The Early Days

Read Part 3 - Preparing For CISSP Exam – Is It Really A Waste Of Time To Learn About The Wide Spectrum Of Topics Covering Security?

Read Part 4 - Learning Security Through The View Of CISSP Versus Reality

Read Part 5 - CISSP Exam – Having The Right Perspective On The World Of Security

"

(comments? | Score: 0)


Five Things ISC2 can do to improve the CISSP certification
Posted by boss on Monday, 10 November 2008 @ 21:14:35 EST (1012 reads)
Topic ISC2 Org

cdupuis writes "

Today there was a good question asked on linkedin at:

http://www.linkedin.com/answers?viewQuestion=&questionID=358240&askerID=23753864&trk=advq&goback=.hom.mid_836787175

The question from James McGovern was:

What are five things that ISC2 needs to do in order to improve the credibility of the CISSP credential?

CISSP is viewed as an introductory credential that covers the surface of the ten domains. What do you think ISC2 should do to make CISSP even better?

Fees?
Transparency?
Depth?
Others?

I felt compelled to provide an answer to the question.  Unfortunately the LinkedIn comment system does not allow for more than 4000 character which was not enough for my reply.   So see my full comment below:

Good day James,

This is really a great question that should have been asked by ISC2 from their members and other people who are not members a VERY LONG time ago.  However, I am not dreaming.

ISC2 has and still is unable to communicate efficiently.  One day they are a member organization and the next day they are not.  This communication problem is not something new, it has been reported at many occasions and by many people in the past.  However, things does not seems to improve much over the years.  We will see what 2009 reserves for us.

Here are a few things that ISC2 can do to make themselves more transparent and to improve the image of the CISSP certification:

1.  START ACTING LIKE A CERTIFICATION BODY

The relation between ISC2 (the non profit side) and their training arm is dubious at best and as close as you can get to a conflict of interest without getting into one.  When any certification body becomes a training entity often time that entity will loose their focus on what is the most important which is the certification itself. 

Instead of having their sales people talk thrash about other people training offer they should start publishing a clear and transparent process on how a training institution can become a recognized training institution under ISC2 approbation process, the recognition should not be based on the fact they are using the ISC2 courseware and sharing profit with ISC2 but on a fair evaluation of the training material and an evaluation to see how it matches with the exam objectives and how well it is presented and delivered. 

Unfortunately this does not exist and this is why it makes me sad that their sales people are talking thrash about other companies training material when they know nothing about their courseware and the delivery of the material.  I am talking from a very recent experience that happened to me here.  I can challenge any of the salesman at ISC2 to get out of their cubicle and they can sit in my class, then they can judge me and my training.  Until then it does not reflect very well on them, if the only way you can sell seats in your classes is by talking trash about others, your courseware must be in dire need of updates.

EXAM AVAILABILITY

More transparency has to exists on that side as well.  It is often time VERY HARD if not IMPOSSIBLE to get an exam schedule for the students that a training institution has in their classrooms.  Even if the adequate number of students is there to justify running such an exam.  Even if there are plenty of proctors that can supervise it for free.  It does not make sense to face such rebuttal.

Denying or making access to the exam hard this way, only affect the students and the certification as a whole.  It is time to stop playing games.  Why is it possible for ISC2 to deliver exams when it is combined with their own training classes but not when it is a third party training class.  It does not make sense and I cannot see the fair reason as to why some people are getting denied access to the exam.

Lately I receive dozens of messages from people in places such as India where exams are not regularly conducted and they were telling me that the exams coming up are sold out and they must wait until next year to attempt the exam.  This is not what I call customer service. 

If the number of registration and the demand justify having a second exam room for the exam then be it.  Any other business that would act this way would loose their customers and this is what will happen if ISC2 does not start looking after their customers better.  They are the sole choice today but that could change very quickly in the near future.

THE FAMOUS COMMON BODY OF KNOWLEDGE

I have grown sick and tired over the years of hearing about the unseen CBK.  Everyone refer to it but nobody has ever seen the official version of it published as a document by ISC2. 

The current candidate information bulletin is totally useless as a tool to prepare for this exam.  Why can't I get a good guide from ISC2 that will tell the student how to prepare for this exam and what are the exam objectives they will be tested against and to what depth they will be tested.  The student need to know the details of each domains, not a few high level bullets as it is presented in the candidate bulletin. 

It is time that ISC2 start offering copies of the CBK to anyone who wishes to get a copy for free as a PDF file.  DHS has just released their EBK and they are doing the right thing.  A secret CBK has no value as far as I am concerned. 

The DHS CBK will be updated every two years.  How much changes have you seen on the CISSP CBK in the past six years ????

NOBODY should have to register and then be harassed by the sales people in order to get a copy of the CBK.  The CBK has to be publicly available to all in its entirety.  WHY do you need to force people to register for a document that should be PUBLIC anyway.  Collecting only the email address would be more than enough if you wish to let them know about updates.

I agree with keeping the master copy on the ISC2 site but it should not require registration.  The only reason that registration is used at this moment is to pass the info to their sales people which allow them to talk thrash about other being UNOFFICIAL training.  Considering there is no way to get somone courseware authorize then why are they using such tactics.  CompTIA will certified courseware from other training entities and they have a well document process to do so.  Why is ISC2 not doing the same thing.  Thinking only them can produce quality courseware for the CBK is futile at best.

In summary the CBK is in dire needs of an update.  It is time to get the OLD and OUTDATED topics that NOBODY uses today out and make room for some relevant and up to date content.  There is so much happening in security every one year that doing updates only every 3 to 4 years is not enough.

CPE

The acronym CPE has become synonymous with Continuous Payment Econosystem

CPE should not mean $$$$

CPE activities should be offered to the members as a benefit and not as money making activities.  Why can't we get online and live seminars for FREE?  Whey can't I get a conference of great quality for FREE?  If the Defcon, OWASP, and many other organizations that are MEMBER ORIENTED can do it, WHY can't ISC2 do the same?

If our organization had no money in the bank I would understand but with many millions in the bank it is time that some of this money be spent for the benefit of the members as it was gathered in the most part from the members.  A couple of years ago there was over 15 millions in the bank.  Today that number might even be higher.  What for...

I need 20 CPE per year!   WOW, what a challenge!   Half of those can be obtained by subscribing to Security Magazines.  Does this really prove my continuous education, most likely not.

The WHOLE CPE system has to be revised to add value to it, to show that the CPE submitted are in fact related to being a CISSP.  Such a system would be very complex, would require human intervention,  a random audit once in a while is not enough to keep the CPE as a valid gauge of one professional development.

WHAT METRIC DO THEY USE TO GAUGE SUCCESS

Over and over again I hear officials brag about having reach 50K members,  60K members, and even more today.  What does this number prove if we as a group don't impact the security community and influence it.

Gauging success by the total number of people who have received their certification over the past 12 months is certainly NOT a valid matric.  If I remember correctly this is how many of the well respected and valued certifications out there have lost their value. 

You need to show more than number.  You need to be look at as leaders and a community who is playing a very active role in all facets of security.

I am still waiting for an official at ISC2 to come out with some other metrics and the ability to demonstrate the impact that ISC2 has on the security community overall.  What is the support that ISC2 has provided to their membership over the past 12 months.  How they have helped "JOE the security guy" in his daily job after he became certified.

Start giving me significant metrics.

MAINTENANCE FEES

When I first got certified over ten years ago the maintenance fees were 85$ USD back then.  I could understand that with 12 CISSP's in Canada it was necessary to charge that much money to keep the site up and running, to give me acces to the web submission form for my CPE's, etc... etc...

However, today we have over 60,000 members and I do not understand why I still have to pay the same price.

Normally offer and demand will drive prices down.  Does ISC2 need to collect more than 5 Millions dollars in maintenance fees every year to give me that service today. 

The certification world is the ONLY place where I have seen price that never get affected by the offer and demand.  It is the only place where I have seen prices go up as there was more demand.  Exams that used to be $250 are now over $500.  WHY?

Considering the exams are being run by volonteers, considering the production cost per person for the exam greatly decreases as the number of exam offered increases, I fail to understand WHY it cost so much.

If really an organization was concerned about the good of the common wealth and improving security overall, they would also make all effort to ensure the certification path is accessible and affordable.

There is no need to pay that much for a certification.  If at least people were still getting a nice wood mounted plaque with their certificate on it that would justify some of the cost.  However the opposite happened, we are being charged more for less as the volume increases.

I must be in the wrong line of business....

CLEMENT WHY ARE YOU MAD?

First let me tell you that I am not mad at all,  I am writing this with an ironic smile on my face,  I am simply very disappointed to see how much energy is wasted on futility versus being used for us the members and us as a priority.

Will the points above change in the near future, I doubt it.

I think a new organization will see the light before we can turn the current organization around.

I know I am an idealistic with my sharing for free ideas but there are still people out there who REALLY believe in helping others and they also believe in doing it openly without money being their main objective.

Best regards to all

Thanks for reading my rant

Take care

Clement

P.S.  PLEASE CLICK HERE OR ON THE comments LINK BELOW TO LET US KNOW YOUR OPINION AS WELL

 

"

(Read More... | 11 comments | Score: 5)


Upcoming changes to the CISSP exam and the drama associated with it
Posted by boss on Monday, 20 October 2008 @ 20:28:49 EDT (735 reads)
Topic ISC2 Org

NOTE FROM CLEMENT:
Below you have a message I am posting on behalf of Shon Harris from Logical Security.  She expressed herself on the way the ISC2 talks about changes without ever giving details on what they are or asking the membership for participation.  I do not understand WHY it has to remain a secret this way.  It really makes you wonder if this is all marketing without substance or is there really any changes if they cannot even communicate them.

A good example of this piece of text I have seen in many emails from ISC2 that states:

"Official (ISC)2 Guide to the CISSP CBK - (ISC)2 book, written and compiled by world-class CISSPs, offers thorough analysis of all 10 CISSP CBK domains. It's the only book available with the CBK changes updated recently."

What are those changes, when did they take place, where has this been documented and communicated to the membership and new exam candidates???  I taught one of the requirements of their ISO certification was to make the CBK publicly available.

I know that Shon's message below might seem surprising to some of you, however lately I have experience some very strange behavior on ISC2's part as well.   I have just delivered a CISSP class in Dubai, UAE and many of my students were told by ISC2 that they should avoid taking my class because it is NOT an official ISC2 class and that only the official ISC2 class would give them the coverage needed to pass the exam.  Such claims are totally retarded and even more retarded considering it comes from a sales person who has never sat other vendors CISSP classes.

I have developed, delivered, reviewed, and improved courseware for five of the leading Training Company in the states and let me tell you that the ISC2 courseware is not what they claim it is and it will NOT give you any special advantages.  If they would use their Certification Body position as an advantage on the training side they would be breaking the requirement of their ISO certification, even making such claim is against their ISO certification requirements.

When a certification body has to revert to such tactics to sell seats into their classes it talks for itself.  Quality of content and quality of delivery is what people are looking for.  They are NOT looking for FUD (Fear, Uncertainty, and Doubt).  Such tactics are really sad and disappointing to say the least.

 

HERE IS THE MESSAGE FROM SHON:

I have received several e-mails pertaining to (ISC)2 hinting that there will be new material on the CISSP exam in 2009.  Below you have the response I recently sent to someone asking me about this. I just thought I would "put it out there" for everyone:

Here is the skinny on how (ISC)2 works on these things.

Every once in a while they broadcast that there is new material on the exam so that they can then say that their competitors do not have the most up to date material in their training material – thus you HAVE to go to their training if you want to make sure you have the most updated stuff. This is a sales gimmick. They have done this many times over the last several years with the goal of making more money - not helping to ensure that you have what you need to be successful. It is part of their sales training I am sure.

About 1 1/2 years ago they did actually add some new material to the CBK and then changed a couple of the methodologies they test on or got more granular with the methodologies they currently focus on (incident response, BCP, etc.) All of this is fully covered in my 4th edition. These changes to the CBK and exam material is why I did the 4th edition of my book.

In this instance they are writing yet another CISSP study guide book. They have written 2 CISSP study guide books and had them published in the past.  Because of their poor quality and acceptance by the public, they just let the books go out of print and carried out internal finger pointing as to why the book failed. So now they are releasing yet another CISSP study guide book.

To start and pump up the potential sales for this new book they are saying that “there is new material on the exam”, but that is all they are basically saying.  They are giving no specifics and if you call (ISC)2 directly most people who answer the phone there will not even know what you are talking about.  Even the ‘internal’ people don’t know anything about this mystery exam update.

Sadly I know how (ISC)2 works intimately. I could tell you things that would curl your toes.

While I am positive that the 4th edition of my book will be more than anyone will need for the CISSP exam for the next 2-3 years (it covers everything under the sun already), I will probably come out with a new edition in 2009 that will have  a bit more info added (this NEW material that (ISC)2 will claim that is extensive and why you absolutely have to buy their book and go to their training), but more importantly I am looking at adding a full suite of digital study aids as part of the purchase of the book.

So, I do feel that you need my 4th edition instead of my 3rd. I did extensive rewrites and added a lot of new material to my 4th edition, but to be honest the CISSP exam changes so slowly I am pretty sure you could study the 3rd edition and pass just fine. The 4th edition will give you the updated info that has been added to the exam over the last 2 years, but also I rewrote about 40% of the book just because I knew I could do a better job after teaching CISSP for 6 years.

You should be good with the 3rd edition, you will be better with the 4th edition. The CISSP is not going to change drastically (if at all) in 2009. (ISC)2 just wants to start the buzz so that people will feel that they absolutely have to have the new (ISC)2 book. It is just capitalism.

(comments? | Score: 5)


ISC2 new cert: The Certified Secure Software Lifecycle Professional (CSSLP)
Posted by boss on Thursday, 25 September 2008 @ 14:20:25 EDT (963 reads)
Topic ISC2 Org

cdupuis writes "

(ISC2) announced preparations for a new certification designed to validate secure software development practices and expertise to address the increasing number of application vulnerabilities.


The Certified Secure Software Lifecycle Professional (CSSLP) aims to stem the proliferation of security vulnerabilities resulting from insufficient development processes by establishing best practices and validating an individual's competency in addressing security issues throughout the software lifecycle (SLC). It takes a holistic approach to software security.

Code-language neutral, it will be applicable to anyone involved in the SLC, including analysts, developers, software engineers, software architects, project managers, software quality assurance testers and programmers.

Subject areas covered by the CSSLP exam will include the software lifecycle, vulnerabilities, risk, information security fundamentals and compliance. Candidates must demonstrate four years of professional experience in the SLC process or three years of experience and a bachelor's degree (or regional equivalent) in an IT discipline.

The seven domains of the CSSLP CBK, a compendium of secure software topics, are:

  • Secure Software Concepts
  • Secure Software Requirements
  • Secure Software Design
  • Secure Software Implementation/Coding
  • Secure Software Testing
  • Software Acceptance
  • Software Deployment, Operations, Maintenance and Disposal

The first CSSLP exam is scheduled for the end of June in 2009. Currently, (ISC)² is seeking qualified professionals who meet experience and other requirements to participate in the assessment. They will become the first CSSLP holders and be asked to contribute to the exam development process and assist in other program development tasks. Applications for the CSSLP experience assessment will be accepted from Sept. 25, 2008 through March 31, 2009, with the first education seminars slated for Q1 2009.

CLick on Read Me... below to get more details -->

"

(Read More... | 7419 bytes more | comments? | Score: 3)


The ABCs of CPEs
Posted by boss on Saturday, 13 September 2008 @ 19:00:07 EDT (563 reads)
Topic ISC2 Org

cdupuis writes "

As seen within the ISC2 newsletter:

(ISC)2® is committed to helping information security professionals further their education in all areas of their profession. 

 

Continuing Professional Education (CPE) Credits


CPEs represent "proof" that education has been pursued and successfully completed. An (ISC)2 credential holder must earn a specific minimum number of CPE credits annually over a three year period to maintain their credential. Failure to meet the CPE requirements will require the member to retake the credential examination. 

 

What are Group A and Group B Credits? 

 

CPE credits are categorized as either Group A credits or Group B credits, depending on the type of activity. 

 

  • Group A credits: Direct Domain-Related Activities
    Group A credits are given for completion of activities which relate directly to the information systems security profession. Generally, this consists of the domains covered by the (ISC)2 CBK®.

 

  • Group B credits: Professional Skills Activities
    Group B credits are given for completion of activities which enhance the credential holder's overall professional skills, education, knowledge or competency. These generally include professional development programs, such as professional speaking engagements or management courses. While these may not apply directly to the field of information security, (ISC)2 recognizes these skills are vital in the growth of all professionals and their credentials.  One-third of your CPEs during the 3-year certification cycle may be "B" credits.

See the FAQ about CPE's at:

https://www.isc2.org/cgi-bin/content.cgi?page=1034

"

(comments? | Score: 0)


Hord Tipton has been named executive director of ISC2
Posted by boss on Tuesday, 15 July 2008 @ 11:25:18 EDT (413 reads)
Topic ISC2 Org

cdupuis writes "

http://www.gcn.com/online/vol1_no1/46638-1.html

By Trudy Walsh
GCN.com
07/11/08

Former Interior Department chief information officer W. Hord Tipton has been named executive director of the International Information Systems Security Certification Consortium.

He replaces Eddie Zeitler as executive director of (ISC)2. Zeitler left to pursue other interests, (ISC)2 officials said.

Tipton served as CIO of the Interior Department for more than five years. During his tenure, he managed IT operations for 2,500 Interior offices with 3,650 IT employees, 5,800 contractors and an IT portfolio
of $1.2 billion.

In early 2007, he left Interior to become president and chief executive officer of Ironman Technologies, which had a client list that included IBM, Perot Systems, EDS, Booz Allen Hamilton and Symantec.

Tipton has been a member of (ISC)2's board of directors since 2005, and a member of (ISC)2's government advisory board since 2004.

"

(Read More... | 1 comment | Score: 0)


Number of credential holders worldwide for the ISC2 certifications
Posted by boss on Saturday, 05 July 2008 @ 20:49:26 EDT (836 reads)
Topic ISC2 Org

cdupuis writes "

The following counts reflect the number of members per credential as of June 23, 2008.

CAP
Canada 6
India 1
Korea, Republic of 2
Thailand 1
United States 471

 

CISSP
(Other) 1
Andorra 1
Angola 1
Argentina 65
Aruba 1
Australia 948
Austria 73
Azerbaijan 1
Bahamas 3
Bahrain 31
Bangladesh 1
Barbados 15
Belgium 258
Belize 1
Bermuda 18
Bolivia 2
Bosnia and Herzegowina 4
Botswana 3
Brazil 226
Brunei Darussalam 2
Bulgaria 12
Cambodia 1
Cameroon 1
Canada 3,163
Cayman Islands 9
Chile 65
China 410
Colombia 54
Costa Rica 4
Croatia (Hrvatska) 29
Cuba 1
Cyprus 6
Czech Republic 27
Denmark 265
Dominican Republic 4
Ecuador 4
Egypt 51
El Salvador 3
Estonia 5
Faroe Islands 1
Fiji 1
Finland 283
France 400
French Polynesia 1
Germany 642
Ghana 4
Gibraltar 3
Greece 67
Guam 4
Guatemala 9
Haiti 1
Honduras 1
Hong Kong 1,325
Hungary 52
Iceland 3
India 1017
Indonesia 50
Iran (Islamic Republic of) 4
Iraq 2
Ireland 239
Israel 172
Italy 216
Jamaica 17
Japan 995
Jordon 30
Kazakhstan 5
Kenya 7
Korea, Republic of 2,483
Kuwait 33
Latvia 7
Lebanon 12
Lithuania 7
Luxembourg 31
Macau 8
Macedonia 7
Malaysia 203
Malta 5
Marshall Islands 1
Mauritius 15
Mexico 227
Namibia 1
Netherlands 852
Netherlands Antilles 3
New Zealand 127
Nigeria 89
Norway 90
Oman 12
Pakistan 72
Panama 11
Peru 13
Philippines 63
Poland 129
Portugal 34
Puerto Rico 23
Qatar 24
Romania 28
Russian Federation 127
Saint Lucia 1
Saudi Arabia 170
Senegal 2
Singapore 1001
Slovakia (Slovak Republic) 19
Slovenia 15
South Africa 264
Spain 304
Sri Lanka 44
Suriname 1
Sweden 267
Switzerland 407
Taiwan, Republic of China 248
Tanzania, United Republic of 2
Thailand 98
Togo 1
Trinidad and Tobago 24
Tunisia 3
Turkey 85
Turks and Caicos Islands 1
Uganda 3
Ukraine 15
United Arab Emirates 252
United Kingdom 2,922
United States 35,821
Uruguay 15
Venezuela 14
Viet Nam 10
Virgin Islands (British) 1
Virgin Islands (U.S.) 2
Yemen 1
Yugoslavia 4
Zambia 1
Zimbabwe 5


Emeritus
Canada 1
Finland 1
United States 17


Fellow
Australia 1
United States 1


ISSAP
Australia 15
Austria 2
Brazil 5
Canada 54
China 1
Croatia (local name: Hrvatska) 1
Finland 2
France 2
Germany 8
Greece 1
Hong Kong 17
India 3
Indonesia 1
Ireland 2
Israel 2
Italy 5
Japan 3
Korea, Republic of 2
Mexico 4
Netherlands 13
New Zealand 2
Norway 1
Qatar 1
Russian Federation 1
Saudi Arabia 2
Singapore 6
South Africa 4
Switzerland 9
Taiwan, Republic of China 4
Ukraine 2
United Arab Emirates 1
United Kingdom 29
United States 559


ISSEP
Canada 7
Germany 4
Hong Kong 1
India 2
Japan 1
Korea, Republic of 2
Nigeria 1
South Africa 1
Switzerland

1
Thailand 1
United States 413


ISSJP
Japan 43


ISSMP
Australia 9
Austria 1
Belgium 1
Bermuda 1
Brazil 1
Canada 42
Croatia (local name: Hrvatska) 1
Denmark 1
Finland 2
France 1
Germany 5
Greece 1
Hong Kong 18
India 3
Ireland 2
Israel 2
Italy 1
Japan 3
Kenya 1
Korea, Republic of 2
Lebanon 1
Malaysia 3
Netherlands 8
New Zealand 1
Nigeria 1
Oman 2
Pakistan 1
Portugal 2
Puerto Rico 1
Russian Federation 1
Saudi Arabia 1
Singapore 7
South Africa 3
Spain 2
Sweden 2
Switzerland 8
Taiwan, Republic of China 4
Turkey 1
United Kingdom 21
United States 509


SSCP
Australia 13
Austria 2
Belgium 2
Bermuda 1
Brazil 4
Cambodia 1
Canada 54
Caymen Islands 1
Chile 5
China 2
Denmark 3
Egypt 1
Finland 2
Germany 7
Greece 3
Guatemala 1
Hong Kong 5
India 22
Ireland 7
Israel 1
Italy 1
Japan 1
Jordan 1
Korea, Republic of 1
Luxembourg 2
Malaysia 1
Malta 1
Mexico 3
Netherlands 2
New Zealand 1
Norway 3
Philippines 1
Poland 3
Romania 2
Russian Federation 1
Saudi Arabia 7
Singapore 9
Slovakia (Slovak Republic) 1
Spain 4
Sweden 1
Switzerland 1
Taiwan, Republic of China 10
Thailand 5
Turkey 3
United Arab Emirates 3
United Kingdom 41
United States 608
Uruguay 1
Venezuela 1
Yugoslavia 1
Zimbabwe 1

Original posting at: https://www.isc2.org/cgi-bin/content.cgi?page=11399"

(Read More... | 2 comments | Score: 0)


Total number of CISSP's and SSCP's wordwide
Posted by boss on Friday, 25 April 2008 @ 20:55:02 EDT (1347 reads)
Topic ISC2 Org

Anonymous writes "In a recent discussion on the CISSP Forum,

Someone listed the total number of CISSP's worldwide as of 4/22/2008.

There are total 57602 members overall.
(56791 CISSPs and 810 SSCPs)

As it was indicated this number seems to increase by a few hundreds every month.

This is a long way from the few thousands we had about 10 years ago.

Best regards to all

Clement "

(Read More... | 8 comments | Score: 0)


Google & Yahoo Sued for allegedly infringing the ISC2 Trademarks
Posted by boss on Sunday, 18 November 2007 @ 18:14:47 EST (1222 reads)
Topic ISC2 Org

cdupuis writes "NOTE FROM CLEMENT:
Here is an interesting article from Eric Goldman on alleged trademark infringement by Yahoo and Google regarding trademarks that belongs to ISC2. This is a story that will be interesting to watch. Based on some new fact I was made aware of by the ISC legal counsel, it is obvious that going after Google and Yahoo is the correct route to take considering they control the content posted and the abuser is nowhere to be found.   Going after the Mr. DeGraphenreed has been, shall we say, somewhat problematic as he is transitory and cannot be found at the location where he once slept. See Eric Goldman blog at: http://www.ericgoldman.org/index.html

November 17, 2007 Google and Yahoo Sued for Hosting Content That Allegedly Infringes Trademarks--(ISC)2 v. Degraphenreed

By Eric Goldman

International Information Systems Security Certifications Consortium v. Degraphenreed, 2:07 CV 1195 (S.D. Ohio complaint filed Nov. 16, 2007)

International Information Systems Security Certifications Consortium ("ISC2") offers a professional designation entitled "Certified Information Systems Security Professional," or "CISSP" for short, that individuals can earn by meeting the published requirements. The Consortium has a federally registered certification mark (#2045256) for the term "CISSP." The complaint alleges that Degraphenreed was once a registered Certified Information Systems Security Professional but he failed to satisfy the continuing standards. As a result, the complaint alleges that Degraphenreed now describes himself as a "Chief Information Security Systems Practitioner," also abbreviated as "CISSP," thereby continuing to claim CISSP status without meeting the ISC2's standards.

These allegations appear to support trademark infringement and false advertising claims, although interestingly I can't find any examples of Degraphenreed's usage of the term "Chief Information Security Systems Practitioner." (I got zero results in both Google and Yahoo searching for the term "Chief Information Security Systems Practitioner."). ISC2 also alleged trademark dilution but that should be a non-starter because I doubt CISSP will qualify as widely recognized among the general consuming public.

The most interesting aspect of this case is that ISC2 also sued Google and Yahoo for trademark infringement for hosting content that contained Degraphenreed's impermissible CISSP usage. Specifically, the complaint alleges that Google hosted six blogs that contained the CISSP mark (at least 2 of which contained the term in the blog title), and that Google refused to take down these blogs after the plaintiff's notice. The complaint also alleges that Yahoo hosted 5 Yahoo Groups referencing CISSP and a Flickr account containing ISC2's CISSP logo, and that after plaintiff's notice Yahoo only removed one group and left everything else up. The complaint claims direct (not contributory) trademark based on these allegations.

From my outsider's perspective, it looks like a significant tactical error to bring Google and Yahoo into this lawsuit for at least four reasons:

1) The plaintiff's theories of trademark liability against Google and Yahoo are untested and lack any useful precedent. In fact, to date we really don't have an exemplar lawsuit discussing the liability of a service provider for hosting trademark-infringing content, and I can't think of a case where a service provider has been held liable a trademark infringer for hosting user content. This claim reminds me a little of the Jews for Jesus v. Google Blogspot lawsuit from Dec. 2005 (which ultimately settled irresolutely), where Jews for Jesus complained about a third level domain/blog title selected by a blog user. When that lawsuit was filed, I speculated about some of the possible theories of liability and defenses, but the law was murky at best. So in this case, suing Google and Yahoo makes a relatively straightforward case much more complex and expensive.

2) Often, individual defendants in these types of cases don't hire top-flight IP defense lawyers....but Google and Yahoo most assuredly will. As a result, ISC2 has ensured that some very skilled attorneys will line up on the defense to break every aspect of its case.

3) I couldn't investigate everything, but what I saw of Degraphenreed's activities on Google and Yahoo didn't look immediately problematic. For example, some of the blogs really lack any substance at all (see, e.g., here), but they don't look like splogs. If anything, it looked like ISC2 may be trying to shut down some griping. For example, two of the Yahoo groups are entitled "cissp-clueless" and "cissp-censorship," and the cissp-censorship group is a restricted access group with only three members. It's not clear how this group could possibly contribute to a trademark infringement claim. Instead, it looks like ISC2 might be overreaching, perhaps to shut down some unwanted commentary, and this may increase the judge's sensitivities to the public interests at stake here.

4) The plaintiff can get all of the relief it needs just by suing Degraphenreed. If the plaintiff wins that lawsuit, they can get an order forcing Degraphenreed to remove the infringing material. Further, I imagine that Google and Yahoo would happily take down any content that a court has adjudged infringing.

Please email me if you have any thoughts about why ISC2 decided to go after Google and Yahoo (let me know if I can post your comments). For now, I'm classifying it as a blunder. It will be interesting to see how aggressively Google and Yahoo respond to this lawsuit.

"

(Read More... | 2 comments | Score: 0)


Exam in Buenos Aires, Argentina -- You are out of luck
Posted by boss on Sunday, 18 November 2007 @ 16:06:01 EST (1146 reads)
Topic ISC2 Org

cdupuis writes "UPDATE AS OF NOVEMBER 23rd, 2007:  I was just informed that ISC2 has added another exam date on the 15th of December 2007 for people who could not get a seat.  This is what I was referring to when I mentioned service to their constituent.  I am very happy for everyone that has studied VERY HARD for this exam.  I wish you all the best.    Clement

ORIGINAL POST BELOW:

WOW,

Am I glad that I live in North America and not oversea. I was contacted by a site member from Buenos Aires, Argentina who has been studying for the past 6 months diligently and now he cannot get a seat on the local exam that will be conducted in December.

You would think that ISC2 would conduct their exam into a location that is big enough to allow ALL potential CISSP's to have a seat available. Considering that ISC2 visit Buenos Aires only two to three times a year, the least that could be done is to use a large exam room to accommodate all persons who desire to sit for the exam.

The site member mentioned above has just registered for the June exam next year. You would think that common sense would prevail and a larger room would be sought to accommodate all requests.

I guess it is not an important issue and we are only customers.

The word INTERNATIONAL in their name means that you provide quality services equally to all part of the world or you do not call yourself INTERNATIONAL. It is sad to see this.

Take care

Clement

"

(Read More... | 3 comments | Score: 0)


ISC2: Pls let your CISSP, CAP, SSCP colleagues know A.S.A.P
Posted by boss on Wednesday, 14 November 2007 @ 18:04:19 EST (1326 reads)
Topic ISC2 Org

cdupuis writes "

NOTE FROM CLEMENT:

As noted in the (ISC)² election announcement, please do check that your new (ISC)² logon-ID and password combination will work for you, before November 16th . Based on recent comments on the CISSP-Forum, some members have had no difficulty with their ID/password, however others have had difficulty signing on to the (ISC)² website. Your email address is now used instead of your candidate ID. Logon now to ensure that you can exercise your right to vote when voting day will come. Below you have a message from the two candidates that CCCure has supported in their effort to be on the ballot. Soon will be the time to get them from the ballot to the board by voting for them. Our organization is in dire need of fresh ideas and new blood on the board that will listen to you the members. Take a look at some of the numbers listed below and you will be amazed that you are still being asked to pay 85$ a year for maintenance fees without getting anything back from the money that you pay. Those numbers are NOT fabricated, they are from public copies of IRS filing made by ISC2.

Please, Please, Please: Do forward this message to any CISSP , SSCP, and CAP that you know. 

 

Dear Colleagues,

Are you getting good value from (ISC)² ? Should you be getting more back from the $ 3,000,000+. “profit” that (ISC)² makes each year. [That’s right $3+ million cash deposited into the bank account each year after expenses related to certification, education and member services, based on IRS filings. And, (ISC)²’s Board may be sitting on more than $17,000,000 cash reserves that could be used right now to help you earn more money with a more powerful certificate.]

We, Rolf Moulton and Bill Murray, are two of independent Board candidates. We urge you to consider what you want from (ISC)² and what you should be getting. As examples:

- Are you getting your money’s worth right now?

- Do the current Board members listen and respond?

- Is (ISC)² taking steps to help you for the future?

- What more should the Board be doing?

- Will Board recommended candidates do more than the Board does?

- Is it time for a leadership change?

- Which of the candidates will be the best leaders for the “new” Board?

Based on what many of you told us when we asked for petition signatures, we believe that (ISC)² should be focusing on building career and personal value for its members, not building cash reserves with its profits.

Specifically, the Board should be:

- Doing much more to increase CISSP, SSCP and CAP visibility and worth,

- Providing more opportunities for member communications,

- Creating closer relationships with educational institutions to provide fellowships and more CPE opportunities; and,

- Developing closer relationships with national and state legislatures and leaders to provide more opportunities for security professionals to help improve information protection.

You have the opportunity, and the responsibility, to choose new leaders who will listen and respond. There are twelve candidates seeking five Board Director positions. Nine were recommended by the current Board, including four incumbents. Three candidates were nominated by the members through the independent candidate petition process.

Bill Murray and I are ready to start making the changes that we recommended when we sought your endorsement to get onto the ballot. And, we will continue to listen to you and respond to your priorities as Board members.

We ask you to give us a clear mandate to make the necessary changes by voting for us, Rolf Moulton and Bill Murray, starting on November 16th at http://members.isc2.org.


And, we also ask that you forward this note to your friends and colleagues asking them to vote for us.

Thank you.

Rolf Moulton, CISSP-ISSMP, CISA, CCP
William H. (Bill) Murray, CISSP
http://www.boardcandidate2007.com

"

(Read More... | 3 comments | Score: 0)


Changes in (ISC)2 Credential Recertification Requirements to Start 30 April 2008
Posted by boss on Friday, 02 November 2007 @ 15:59:02 EDT (1711 reads)
Topic ISC2 Org

cdupuis writes "NOTE FROM CLEMENT:
Here is an important message for all CISSP's. The CPE requirements have changed and you mus be aware that a minimum of 20 CPEs must be earned and posted and the US$85 Annual Maintenance Fee (AMF) paid during each year of the three-year certification cycle before the anniversary date. Here is the announcement from ISC2:

Dear Valued Member,

Effective 30 April 2008, those holding the CISSP, SSCP and/or CAP certifications will be required to meet minimum annual requirements for Continuing Professional Education credits (CPEs) and Annual Maintenance Fees (AMFs). Meeting these minimum annual requirements will be required of any (ISC)2 certificate holder who is certified or recertified on or after 30 April 2008. Currently, to maintain your certification, you are required to meet AMF and CPE requirements by the end of your three-year certification cycle.

The (ISC)2 board of directors and management made these changes to:

* Support your professional development and competence throughout your certification cycle;

* Assist you in meeting your recertification requirements by setting annual milestones;

* To assure your value to your employer and clients by demonstrating your ongoing commitment to your professional development and expanding proficiency in a field that is constantly changing;

* Assure employers that their (ISC)2-certified employees are receiving timely professional education;

* Prevent any devaluation, perceived or otherwise, of the (ISC)2 credentials, which distinguish our certificate holders and command global respect;

* With free live educational events around the world and online seminars, (ISC)2 has made it even easier for you to obtain your CPEs. For more information on these events, please visit www.isc2.org/events.

Following are details on the annual CPE requirements for each credential:

CISSP - CISSPs must earn and submit a total of 120 CPEs by the end of their three-year certification cycle. With the new changes, a minimum of 20 CPEs must be earned and posted and the US$85 AMF paid during each year of the three-year certification cycle before the anniversary date. For CISSPs who hold one or more concentrations, CPEs submitted for the CISSP concentration(s) will be counted toward the annual minimum CPEs required for the CISSP.

SSCP - SSCPs must earn and submit a total of 60 CPEs by the end of their three-year certification cycle. Under the new requirements, a minimum of 10 CPEs must be posted and the US$65 AMF paid during each year of the three-year certification cycle before the anniversary date.

CAP - CAPs must earn and submit a total of 60 CPEs by the end of the three-year certification cycle. Under the new rules, a minimum of 10 CPEs must be posted and US$65 paid during each year of the three-year certification cycle before the anniversary date.

Upon submitting the required number of CPEs and paying the AMFs, (ISC)2 will send you a notice via email confirming you've met the minimum annual requirements and are on track for recertification. You will receive a renewal package upon meeting your three-year recertification requirements.

Although you may earn more than the minimum CPEs required for credential maintenance, you are still required to earn and submit the minimum annual number during each year of your certification cycle to maintain your certification in "good standing." Other requirements to remain in "good standing" include paying AMFs and abiding by the (ISC)2 Code of Ethics.

Rights afforded to (ISC)2 members in "good standing" include:

* Use of credential designation on business cards, signature blocks, and letterhead

* Use of the credential logo

* Wearing of the credential lapel pin

* Verification of credentials and inclusion in the Member Directory

* Invitations to meetings, networking receptions and other (ISC)2-sponsored events

* Access to proprietary research, surveys and other career support tools

* Voting for bylaws and in Board of Director elections

* Participation in online forums and other networking groups

If you fail to meet the minimum annual CPE and AMF requirements for your certification, your credential will be suspended.

Suspension is the temporary loss of right of membership and can only be lifted when the minimum CPE and AMF requirements are met.

Once your certification has been suspended, your "good standing" membership rights described above will be immediately revoked.

However, members who have been suspended will still be able make AMF payments and submit CPEs via their account on the member Website. You will have a grace period of 90 days to bring your CPE credits and AMFs up to date.

Following the third consecutive suspension at the end of your three-year certification cycle, you will be decertified by (ISC)2. The member being decertified will receive a decertification notice via email.

We hope these changes will be helpful to you in the maintenance of your credentials. We will be providing additional information as we get closer to 30 April 2008. Should you have any questions in the meantime, please refer to the FAQ [https://www.isc2.org/cgi-bin/content.cgi?page=11289] or send an email to newrequirements@isc2.org.

Because our members are spread around the globe, we rely heavily on email communications to provide you with important information.

Please take a moment to ensure that your contact information is up to date by logging in to the member Website and click on "My Profile", where you can edit all your account information.

We value your membership.

Sincerely,

Eddie Zeitler, CISSP
Executive Director
(ISC)2

"

(Read More... | 4 comments | Score: 0)


ISC2 Security Awareness Centre
Posted by boss on Sunday, 21 October 2007 @ 12:09:17 EDT (954 reads)
Topic ISC2 Org

cdupuis writes "

In honour of October being (as promoted by the US National Cyber Security Alliance (NCSA)) security awareness month, (ISC)2 has created an (ISC)2 Awareness Centre: a collection of papers, posters, and presentations (and a few product promotional pamphlets) by CISSPs.

Check it out and vote on your favourites.

http://www.isc2.org/csa

https://www.isc2.org/cgi-bin/csam_resources.cgi

"

(Read More... | 1 comment | Score: 0)


Great site and references for the Application Security Domain
Posted by boss on Sunday, 14 October 2007 @ 23:09:20 EDT (1001 reads)
Topic ISC2 Org

Anonymous writes "What is Build Security In?

Build Security In (BSI) contains and links to best practices, tools, guidelines, rules, principles, and other resources that software developers, architects, and security practitioners can use to build security into software in every phase of its development. BSI content is based on the principle that software security is fundamentally a software engineering problem and must be addressed in a systematic way throughout the software development life cycle.

Build Security In is a project of the Software Assurance program of the Strategic Initiatives Branch of the National Cyber Security Division (NCSD) of the U.S. Department of Homeland Security. The Software Engineering Institute (SEI) was engaged by the NCSD to provide support in the Process and Technology focus areas of this initiative. The SEI team and other contributors develop and collect software assurance and software security information that helps to create secure systems.

Get more information at:

https://buildsecurityin.us-cert.gov/daisy/bsi/home.html


See Also:

The Department of Homeland Security. Security in the Software Lifecycle: Making Software Development Processes – and Software Produced by Them – More Secure , draft version 1.2. DHS, August 2006.
"

(comments? | Score: 0)


CISSP's it is now time to act and let your voice be heard
Posted by boss on Monday, 10 September 2007 @ 00:59:13 EDT (1180 reads)
Topic ISC2 Org

cdupuis writes "

NOTE FROM CLEMENT:

I would like to remind ALL CISSP's about the role they can play in the upcoming elections. ISC2 has been making lots of money over the past few years but this has not been passed on to us as benefit to the membership. I am still paying my $85 a year to get next to nothing from my so called maintenance fee. Does it really cost 4 Millions dollars to provide a web form where I can submit my CPE?  When are they going to provide me with free resources instead of marketing information about the next class that I can buy to earn  CPE.  It is sad that I don't even get a free magazine, I have to pay for it, even thou the content is mostly contributed by CISSP's.  Is it normal that when I wish to find information about trends, jobs, career development, tools, etc... I usually subscribe to SANS or other training body resources to get it. Below you have two candidates that have great plans (and they are realistic), guts, and integrity. I am asking you to read about their platform and DO TAKE five minutes to get their names on the ballot.

CREDIT NOTE:  The message below was initially sent over the University of Fairfax mailing list and was modified to fit the tone and content of the www.cccure.org web site.  Thanks to Dr. Berlin and his staff at UoF for keeping us informed and providing free resources to the CISSP in becoming.

Here is overview of their goals:

CISSPS: (ISC)²

Board Elections: Participate Now and express yourself, what do you want ISC2 to be in the future.

In the interest of supporting the (ISC)² board election process, CCCure has decided to follow the steps of the University Of Fairfax initiative in passing information to CISSP in good standing and members of the site on their way to become a CISSP. The information will help you stay informed of candidates that could be great members on the board. The item below was received from the campaign of Rolf Moulton and Bill Murray. Please review it and then participate in the (ISC)² board election process. Ralf and Bill just desire an opportunity to participate in the election process by getting onto the ballot. If you send in this petition (and you can endorse as many candidates as you want) you will give all CISSPs the opportunity to decide on voting for Rolf or Bill to represent them on the board. Having both on the board would be ideal :-)

(You must respond by September 13, 2007)

You can make your CISSP more valuable and increase your CISSP Career and Incom Opportunities when you support the (ISC)² board nominations of Rolf Moulton and Bill Murray. They will increase your ROI on your $85/year (ISC)² dues payment. Rolf and Bill want all CISSPs to be recognized as true professionals and get the community and employers recognition for their valuable knowledge and skills!

Rolf and Bill are information security leaders (see their bios and (ISC)² leadership qualifications on http://www.boardcandidate2007.com ). They believe that (ISC)² should do more to help you by making your CISSP certification even more valuable. They have run major INFOSEC programs and know what it takes to advance your career and income.

What is your current salary and what do you think is needed to help you earn more money? As, background, the (ISC)² Global Information Security Workforce Study (2006) indicates that 75% of INFOSEC professionals in the Americas earn $70K/year or more, with 37% earning $100K or more. Rolf and Bill want all CISSPs to be recognized as true professionals which would allow them to increase thier earning and respect of other professionals.

Rolf and Bill believe that CISSPs can and should make more money by having an even more valuable certification to signify their high standing in the information security profession, and by each CISSP personally demonstrating their own personal contributions and worth to the organization. To get this done will take prioritized work by (ISC)² and preparation by you. Specifically what needs to be done by (ISC)² and the timetable to get it done should be driven by your priorities – not the current Board’s priorities!

Click here to submit your (ISC)² petition now: http://www.boardcandidate2007.com/Sign-Petition.html

Where would the money come from to make CISSP a more valuable certification? You are already paying $85/year as “dues” to be a member of (ISC)². (That amounts to over $4M annually into the treasury of (ISC)² from your dues, not to mention the revenue from certification and education.) They also believe that ample startup funds are available in (ISC)² bank account for use right now! And, that these funds can be spent without changing a single current Board priority. They also believe that what’s keeping the money from being used to help you right now is the current Board’s lack of focus on helping members to improve their careers and their salaries.

Moulton and Murray suggest an eight point action plan for the “new” Board to get started on:

1. CISSP Graduate fellowships to help you earn graduate degrees and advanced certifications.

2. INFOSEC Job Network to better meet your requirements.

3. INFOSEC career trend spotters to prepare you for the next areas of career opportunity.

4. More online CISSP CPE programs targeted to member requirements.

5. Career Case Histories so you can see what your colleagues are doing to advance themselves.

6. CISSP Career Mentoring to help you to develop your own career advancement plan.

7. Much closer relationships with academic institutions, federal and state legislatures to build INFOSEC criticality awareness.

8. SSCP and CAP differentiation and certification value awareness.

If you want to increase your professional value and like this action plan, give Rolf and Bill a chance to run for election. You can put Rolf Moulton and Bill Murray onto the ballot as candidates by clicking here:

http://www.boardcandidate2007.com/Sign-Petition.html,

or by sending your name and CISSP number directly to rolfmoulton@yahoo.com telling him that you want Moulton and Murray placed onto the 2007 Board election ballot.

For more information, click here: http://www.boardcandidate2007.com

"

(Read More... | 3 comments | Score: 0)

Login here

Nickname

Password

Security Code:
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Our Sponsors

World class security services by world's top security consultants

CCCure Supporters

_SP_SUPPORTEDBY

The PST

The Academy

ChicagoCon

[ _SP_BESUPPORTER ]
[ _SP_TITLE ]

Random Headlines

Today's Big Story

There isn't a Biggest Story for Today, yet.

Past Articles

Thursday, June 14
· Participate in the CCCure.Org forums and get CPE's
Tuesday, May 15
· New requirements for the CISSP certification
Tuesday, April 10
· CCCure party at NetSec07
Tuesday, April 03
· Let us help you advance your career!
Thursday, March 15
· Passing Written Tests tips and tricks
Monday, March 12
· New editor in chief for The Official Journal of (ISC)2®
Monday, December 04
· 7 Types of Hard CISSP Questions and How to Approach Them
Wednesday, November 22
· The New (November 2006) Official (ISC)² Guide to the CISSP Exam
Thursday, November 16
· (ISC)²® APPOINTS BRUCE BRODY TO ADVISORY BOARD OF THE AMERICAS
Tuesday, October 17
· (ISC)2 Networking Reception in Orlando at the CSI 33rd Annual Event
· September/October ISC2 Newsletter has been released
Tuesday, September 12
· Larry's Group on the CISSP Cyber Kungfu
Thursday, August 17
· CISSP CBK Credential Update
Monday, July 24
· CCCure made an exclusive distribution agreement with Shon Harris
Monday, July 03
· ISC2 Official Study Guide Errata
Thursday, June 01
· Search Security Article Counterpoints
Friday, May 19
· ISC2 news from our active contributor Mike Young
Monday, May 15
· A new survey about teaching the CISSP in college is available
Thursday, May 11
· Student' CISSPs put cert's value in jeopardy
Wednesday, March 08
· CISSP: Join ISC2 on April 4, in Orlando, Florida, for a Special (ISC)2 Reception

Older Articles

Recommended

Most Active Members

· 1: side_winder
Total points: 10900
· 2: Lopezco
Total points: 8443
· 3: cissp_newbie
Total points: 7586
· 4: cdupuis
Total points: 5596
· 5: mikeyoung_fla
Total points: 5301
· 6: Vladimir
Total points: 4605
· 7: MMM
Total points: 2969
· 8: vijayu
Total points: 1859
· 9: Deepakseth
Total points: 1714
· 10: educk
Total points: 1311

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2007 by CCCure.Org, and the site maintainers Clement Dupuis and Nathalie Lambert. Reuse is strictly prohibited without written permission of CCCure.Org or it's maintainers.

This web site is not associated directly or indirectly with ISC2, the SANS Institute, ISACA, or other certification authority. The GCFW, CISSP, SSCP, ISSEP, ISSMP, CISA, and CISM are all the property of their respecful owners. The content of this site is provided to you freely due to the generosity of our sponsors.