Welcome to cissp CISSP training Certified Information Systems Security Professional
Search
Nickname Password Security Code Security Code Type Security Code  

You are certified but are your qualified?  Become qualified today.


Rated #1 Training

Surveys

Where do you find the best price for books?

Amazon.Com
Bookpool.Com
The ISC2 webstore
CISSPS.COM
Cheapbooks.com
Ecampus.com
Other (Please leave a comment with name of site)



Results
Polls

Votes: 1314
Comments: 33

Who's Online

There are currently, 109 guest(s) and 16 member(s) that are online.

You are Anonymous user. You can register for free by clicking here

Training Classes Calendar

Test of Widget

 

cissp CISSP training Certified Information Systems Security Professional: ISC2 Org

Search on This Topic:   
[ Go to Home | Select a New Topic ]

For CISSP's: ISC2 launched InterSeC, its very own professional networking
Posted by boss on Thursday, 10 December 2009 @ 13:25:38 EST (531 reads)
Topic ISC2 Org

cdupuis writes "

Dear Valued Member,

(ISC)2 launched InterSeC, its very own professional networking site on September 22, 2009! Since then, over 1,600 members have joined to network with other (ISC)2 members around the globe. It's a great tool for finding other information security professionals who share your interests, while facilitating discussion and interaction.

To enjoy this new member benefit, you can join InterSeC by visiting the member home page (http://members.isc2.org) and clicking on the InterSeC logo on the upper right-hand side.

InterSeC allows you to connect with members like never before!

Groups:
Join one of the 38 groups already started on InterSeC.  You can also start your own group. Start discussions, create postings, and upload files.

Wiki:
Use this as a collaboration hub for discussions and materials on topical issues, such as best practices. Start your own discussion page on a certain topic, while linking to materials such as presentations, articles, etc. You have the control to make it a public page for all to view and edit, or as a private page for only select members of the InterSeC community.

Blog:
Share your ideas by starting your own blog. Also, view other InterSeC blogs and contribute by posting comments.

People Map:
This unique feature matches you with other InterSeC users based on similar interests. You can find this tool under 'Search Members' on the left navigation bar.

We hope that you enjoy this new way to interact with other (ISC)2 members around the world!


Sincerely,

(ISC)2 Management

Follow us on Twitter: http://www.twitter.com/isc2.

Please do not reply to this message. For questions or to contact (ISC)2, please visit http://www.isc2.org/contactus.

"

(Read More... | 2 comments | Score: 0)


Number of (ISC)2 credential holders (June 30, 2009)
Posted by duck on Saturday, 01 August 2009 @ 12:03:31 EDT (1726 reads)
Topic ISC2 Org

The following counts reflect the number of members per credential as of June 30, 2009:

 

CAP
Canada 7
India 1
Korea, Republic of 1
United States 588
Viet Nam     1

 

CISSP
(Other) 2
Albania 2
Andorra 1
Angola 1

Antigua and Barbuda   

1
Argentina 81
Australia 1017
Austria 77
Azerbaijan 1
Bahamas 3
Bahrain 28
Bangladesh 1
Barbados 20
Belarus 1
Belgium 284
Belize 1
Bermuda 19
Bolivia 2
Bosnia and Herzegowina 4
Botswana 3
Brazil 249
Brunei Darussalam 1
Bulgaria 17
Cambodia 1
Cameroon 1
Canada 3,383
Cayman Islands 12
Chile 69
China 431
Colombia 65
Costa Rica 5
Croatia (Hrvatska) 34
Cuba 1
Cyprus 10
Czech Republic 48
Denmark 268
Dominican Republic 4
Ecuador 4
Egypt 54
El Salvador 3
Estonia 6
Faroe Islands 1
Fiji 1
Finland 291
France 483
France, Metropolitan 3
French Polynesia 1
Georgia 1
Germany 730
Ghana 6
Georgia 1
Gibraltar 3
Greece 70
Guam 4
Guatemala 11
Haiti 1
Honduras 1
Hong Kong 1,258
Hungary 61
Iceland 4
India 1065
Indonesia 65
Iran (Islamic Republic of) 3
Iraq 4
Ireland 253
Israel 174
Italy 222
Jamaica 15
Japan 1145
Jordan 22
Kazakhstan 4
Kenya 12
Korea, Republic of 2,541
Kuwait 38
Latvia 7
Lebanon 11
Liechtenstein 1
Lithuania 9
Luxembourg 37
Macau 14
Macedonia, the former Yugoslav Republic of 6
Malaysia 213
Malta 7
Mauritius 15
Mexico 245
Morocco 1
Nepal     1
Netherlands 959
Netherlands Antilles 4
New Zealand 138
Nigeria 108
Norway 106
Oman 10
Pakistan 88
Panama 11
Peru 11
Philippines 61
Poland 153
Portugal 39
Puerto Rico 16
Qatar 36
Romania 42
Russian Federation 134
Saint Lucia 1
Saudi Arabia 175
Senegal 3
Serbia 6
Singapore 992
Slovakia (Slovak Republic) 22
Slovenia 16
South Africa 267
Spain 374
Sri Lanka 51
Sweden 318
Switzerland 447
Taiwan, Republic of China 224
Tanzania, United Republic of 1
Thailand 106
Togo 1
Trinidad and Tobago 26
Tunisia 6
Turkey 87
Turks and Caicos Islands 1
Uganda 2
Ukraine 16
United Arab Emirates 277
United Kingdom 3,209
United States 39,255
Uruguay 20
Venezuela 11
Viet Nam 10
Virgin Islands (U.S.) 2
Yemen 1
Zambia 2
Zimbabwe 3

 

CSSLP
Argentina 2
Australia 11
Austria 5
Belgium 2
Brazil 8
Canada 49
China 1
Denmark 1
Egypt     1
Finland 10
France 3
Germany 11
Greece 1
Hong Kong 14
India 18
Iran (Islamic Republic of) 2
Ireland 1
Israel 1
Italy 4
Japan 2
Jordan 1
Korea, Republic of 3
Luxembourg 1
Malaysia 3
Mexico 1
Netherlands 3
Norway 1
Pakistan 1
Peru 1
Philippines 2
Puerto Rico 1
Saudi Arabia 1
Singapore 11
South Africa 6
Sweden 5
Switzerland 4
Taiwan 1
Thailand 3
Turkey 4
United Arab Emirates 5
United Kingdom 19
United States 561

 

Fellow
Australia 1
Korea, Republic of 1
United States 18

 

ISSAP
Argentina       1
Australia 16
Austria 1
Belgium 2
Brazil 4
Canada 55
Cayman Islands 1
China 1
Croatia (local name: Hrvatska) 1
Finland 3
France 3
Germany 12
Greece 1
Hong Kong 17
India 5
Indonesia 1
Ireland 3
Israel 3
Italy 5
Japan 4
Korea, Republic of 2
Mexico 5
Netherlands 31
New Zealand 2
Nigeria 1
Norway 2
Poland 1
Qatar 1
Russian Federation 1
Saudi Arabia 1
Singapore 6
South Africa 3
Sweden 3
Switzerland 8
Taiwan, Republic of China 4
Thailand 1
Ukraine 2
United Arab Emirates 4
United Kingdom 42
United States 589

 

ISSEP
Canada 9
Germany 4
Hong Kong 1
India 2
Korea, Republic of 1
Netherlands 1
Nigeria 1
Switzerland 1
Thailand 1
United States 515

 

ISSJP
Japan 50

 

ISSMP
Australia 9
Austria 1
Belgium 1
Bermuda 1
Brazil 1
Canada 41
Croatia (local name: Hrvatska) 1
Czech Republic     1
Denmark 1
Finland 2
France 1
Germany 4
Greece 1
Hong Kong 18
India 4
Ireland 2
Israel 1
Italy 1
Japan 3
Kenya 1
Korea, Republic of 1
Lebanon 1
Malaysia 2
Netherlands 10
New Zealand 1
Nigeria 1
Oman 2
Pakistan 1
Portugal 1
Puerto Rico 1
Russian Federation 1
Saudi Arabia 1
Singapore 7
South Africa 2
Spain 3
Sweden 4
Switzerland 6
Taiwan, Republic of China 3
Turkey 1
United Kingdom 24
United States 52

 

SSCP
Australia 18
Austria 4
Belgium 3
Bermuda 1
Brazil 4
Cambodia 1
Canada 62
Caymen Islands 4
Chile 3
China 2
Cyprus 1
Denmark 5
Egypt 2
Finland 2
Germany 9
Greece 4
Hong Kong 5
India 26
Ireland 11
Israel 1
Italy 1
Japan 3
Jordan 1
Luxembourg 1
Korea, Republic of 3
Luxembourg 1
Malaysia 10
Malta 1
Mexico 3
Netherlands 13
New Zealand 1
Norway 4
Poland 5
Romania 3
Russian Federation 1
Saudi Arabia 7
Singapore 10
Slovakia (Slovak Republic) 1
South Africa 3
Spain 6
Sri Lanka 1
Sweden 2
Switzerland 2
Taiwan, Republic of China 10
Thailand 6
Turkey 3
United Arab Emirates 3
United Kingdom 52
United States 632
Uruguay 1
Venezuela 1

(Read More... | 20327 bytes more | 1 comment | Score: 0)


CSSLP Certification - Opening of Exam And Class Registration
Posted by boss on Thursday, 23 April 2009 @ 11:56:10 EDT (1689 reads)
Topic ISC2 Org

prakashp writes "

The CSSLP aims to stem the proliferation of security vulnerabilities resulting from insufficient development processes by establishing best practices and validating an individual’s competency in addressing security issues throughout the software lifecycle (SLC). Code-language neutral, it will be applicable to those involved in the SLC, including analysts, developers, software engineers, software architects, project managers, software quality assurance testers and programmers.

To be eligible for the certification, CSSLP candidates must demonstrate four years of professional experience in the SLC process or three years of experience and a bachelor’s degree (or regional equivalent) in an IT discipline.

It covers seven domains:

    * Secure Software Concepts - security implications in software development
    * Secure Software Requirements - capturing security requirements
    * Secure Software Design - translating security requirements into application
    * Secure Software Implementation/Coding - unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation
    * Secure Software Testing - integrated QA testing for security functionality
    * Software Acceptance - security implication in the software acceptance phase
    * Software Deployment, Operations, Maintenance and Disposal - security issues around steady state operations and management of software

The first open exams will be offered beginning June 30, 2009

For more information on the CSSLP, You can visit www.isc2.org/csslp

Visit our CSSLP forums at:  http://www.cccure.org/forum-c19.html

"

(Read More... | 2 comments | Score: 0)


ISC2 Mystery Instructor
Posted by boss on Tuesday, 27 January 2009 @ 09:24:27 EST (1765 reads)
Topic ISC2 Org

cdupuis writes "

NOTE FROM CLEMENT:

There are days when I shake my head so hard that it hurt.  There are other days where I simply drop my arms in dismay when I look at the way people are being treated as customers by organizations.

Let's just pretend there is a show coming to town and you wish to attend.  You show up at the ticket sales office and they will not tell you who the performing band or artist will be but they want you to pay $2,500 to attend.  What would be your reaction?

This is exactly what happen to someone I highly respect as one of the most notarious figure in today's security community.  Let's call him Bob as in Bob and Alice. 

Bob called the ISC2 sales number to book a seat on one of their seminar.  To his surprise the sales peson would not tell Bob who his instructor will be or send him a list of potential instructors where he could pick the one he prefers and the one with the most experience in delivering such seminar.  This is madness.  Not only they lost a but worst they lost a customer as well.

Bob closing remark was something similar to: "How bad does that suck?".  I do not blame him.

My big question today is: 

I am asking too much by expecting my training provider to tell me who my instructor or possible instructor could be? 

Please use the comment feature below this article to let us know what you think?

"

(Read More... | 9 comments | Score: 4.5)


CISSP Exam – Learning Above Technology & Understanding Security in Holistic
Posted by boss on Friday, 21 November 2008 @ 10:00:25 EST (1606 reads)
Topic ISC2 Org

cdupuis writes "August 27, 2008 CISSP Exam – Learning Above Technology And Understanding Security In A Holistic Manner

 

For years I have heard people complain about having to learn things for the CISSP exam that they would never use in their life. When I was studying for this exam several years ago, I said the same types of things. I also hear people saying that they have to learn security through (ISC)2’s view for this exam, which does not match with reality.  The thought on both of these statements is that someone would have to memorize items for the test that are not helpful in their career – thus a waste of time. Again, I fell into this bucket when I studied and took the exam forever ago. Now I see it completely differently.

I have found that since I have written books and taught CISSP classes for many years, I understand the material at a much greater degree than I would have if I just studied and took the test and moved on with life.

The things that people complain about having to learn (Bell Lapadula, Biba, Clark-Wilson, etc.) are very beneficial to their understanding of security in a holistic manner instead of just focusing on their original thought of what makes up security.  Many technical people seem to think that learning anything above technology is a waste of their time. This is a common thought patterned because they are stuck in a realm that dictates that anyone who does not understand technology like they do are inferior. But companies are not in business to just have software and networks in place. The software, network, and systems are just some of the tools the company uses to support and further their business. So understanding things that are above technology, commonly referred to as soft skills, are actually more critical in the world of business – which is where we all live and work.

Although I am pretty disappointed with the way that the questions on the CISSP exam are worded (confusing, vague, subjective), I have a great appreciation for the actual Common Body of Knowledge CBK.  I was a security consultant before I took the exam, and then I wrote books, and taught CISSP – and I am still a security consultant, but the difference in my knowledgebase and view on security has drastically changed.

I, like most people, focused on what security topics I was to perform in my specific job. At the time on-line banking was just coming to the market (yes I am that old) and I worked with programmers, software architects, project managers, analysts, and end customers – all focusing on on-line banking . I sure as hell was not interested in the different types of fire suppression, access control models, trusted computing base or anything outside of my domain of topics that I lived, worked and breathed in.

Part 1 of 5 extracted from an original article written by Shon Harris entitled:

The CISSP Exam is Out of Date, Irrelevant, and Subjective
Busting through the Myths of the CISSP Exam

Read Part 2 - Training For CISSP - The Early Days

Read Part 3 - Preparing For CISSP Exam – Is It Really A Waste Of Time To Learn About The Wide Spectrum Of Topics Covering Security?

Read Part 4 - Learning Security Through The View Of CISSP Versus Reality

Read Part 5 - CISSP Exam – Having The Right Perspective On The World Of Security

"

(comments? | Score: 0)


Five Things ISC2 can do to improve the CISSP certification
Posted by boss on Monday, 10 November 2008 @ 20:14:35 EST (2485 reads)
Topic ISC2 Org

cdupuis writes "

Today there was a good question asked on linkedin at:

http://www.linkedin.com/answers?viewQuestion=&questionID=358240&askerID=23753864&trk=advq&goback=.hom.mid_836787175

The question from James McGovern was:

What are five things that ISC2 needs to do in order to improve the credibility of the CISSP credential?

CISSP is viewed as an introductory credential that covers the surface of the ten domains. What do you think ISC2 should do to make CISSP even better?

Fees?
Transparency?
Depth?
Others?

I felt compelled to provide an answer to the question.  Unfortunately the LinkedIn comment system does not allow for more than 4000 character which was not enough for my reply.   So see my full comment below:

Good day James,

This is really a great question that should have been asked by ISC2 from their members and other people who are not members a VERY LONG time ago.  However, I am not dreaming.

ISC2 has and still is unable to communicate efficiently.  One day they are a member organization and the next day they are not.  This communication problem is not something new, it has been reported at many occasions and by many people in the past.  However, things does not seems to improve much over the years.  We will see what 2009 reserves for us.

Here are a few things that ISC2 can do to make themselves more transparent and to improve the image of the CISSP certification:

1.  START ACTING LIKE A CERTIFICATION BODY

The relation between ISC2 (the non profit side) and their training arm is dubious at best and as close as you can get to a conflict of interest without getting into one.  When any certification body becomes a training entity often time that entity will loose their focus on what is the most important which is the certification itself. 

Instead of having their sales people talk thrash about other people training offer they should start publishing a clear and transparent process on how a training institution can become a recognized training institution under ISC2 approbation process, the recognition should not be based on the fact they are using the ISC2 courseware and sharing profit with ISC2 but on a fair evaluation of the training material and an evaluation to see how it matches with the exam objectives and how well it is presented and delivered. 

Unfortunately this does not exist and this is why it makes me sad that their sales people are talking thrash about other companies training material when they know nothing about their courseware and the delivery of the material.  I am talking from a very recent experience that happened to me here.  I can challenge any of the salesman at ISC2 to get out of their cubicle and they can sit in my class, then they can judge me and my training.  Until then it does not reflect very well on them, if the only way you can sell seats in your classes is by talking trash about others, your courseware must be in dire need of updates.

EXAM AVAILABILITY

More transparency has to exists on that side as well.  It is often time VERY HARD if not IMPOSSIBLE to get an exam schedule for the students that a training institution has in their classrooms.  Even if the adequate number of students is there to justify running such an exam.  Even if there are plenty of proctors that can supervise it for free.  It does not make sense to face such rebuttal.

Denying or making access to the exam hard this way, only affect the students and the certification as a whole.  It is time to stop playing games.  Why is it possible for ISC2 to deliver exams when it is combined with their own training classes but not when it is a third party training class.  It does not make sense and I cannot see the fair reason as to why some people are getting denied access to the exam.

Lately I receive dozens of messages from people in places such as India where exams are not regularly conducted and they were telling me that the exams coming up are sold out and they must wait until next year to attempt the exam.  This is not what I call customer service. 

If the number of registration and the demand justify having a second exam room for the exam then be it.  Any other business that would act this way would loose their customers and this is what will happen if ISC2 does not start looking after their customers better.  They are the sole choice today but that could change very quickly in the near future.

THE FAMOUS COMMON BODY OF KNOWLEDGE


I have grown sick and tired over the years of hearing about the unseen CBK.  Everyone refer to it but nobody has ever seen the official version of it published as a document by ISC2. 

The current candidate information bulletin is totally useless as a tool to prepare for this exam.  Why can't I get a good guide from ISC2 that will tell the student how to prepare for this exam and what are the exam objectives they will be tested against and to what depth they will be tested.  The student need to know the details of each domains, not a few high level bullets as it is presented in the candidate bulletin. 

It is time that ISC2 start offering copies of the CBK to anyone who wishes to get a copy for free as a PDF file.  DHS has just released their EBK and they are doing the right thing.  A secret CBK has no value as far as I am concerned. 

The DHS CBK will be updated every two years.  How much changes have you seen on the CISSP CBK in the past six years ????

NOBODY should have to register and then be harassed by the sales people in order to get a copy of the CBK.  The CBK has to be publicly available to all in its entirety.  WHY do you need to force people to register for a document that should be PUBLIC anyway.  Collecting only the email address would be more than enough if you wish to let them know about updates.

I agree with keeping the master copy on the ISC2 site but it should not require registration.  The only reason that registration is used at this moment is to pass the info to their sales people which allow them to talk thrash about other being UNOFFICIAL training.  Considering there is no way to get somone courseware authorize then why are they using such tactics.  CompTIA will certified courseware from other training entities and they have a well document process to do so.  Why is ISC2 not doing the same thing.  Thinking only them can produce quality courseware for the CBK is futile at best.

In summary the CBK is in dire needs of an update.  It is time to get the OLD and OUTDATED topics that NOBODY uses today out and make room for some relevant and up to date content.  There is so much happening in security every one year that doing updates only every 3 to 4 years is not enough.

CPE

The acronym CPE has become synonymous with Continuous Payment Econosystem

CPE should not mean $$$$

CPE activities should be offered to the members as a benefit and not as money making activities.  Why can't we get online and live seminars for FREE?  Whey can't I get a conference of great quality for FREE?  If the Defcon, OWASP, and many other organizations that are MEMBER ORIENTED can do it, WHY can't ISC2 do the same?

If our organization had no money in the bank I would understand but with many millions in the bank it is time that some of this money be spent for the benefit of the members as it was gathered in the most part from the members.  A couple of years ago there was over 15 millions in the bank.  Today that number might even be higher.  What for...

I need 20 CPE per year!   WOW, what a challenge!   Half of those can be obtained by subscribing to Security Magazines.  Does this really prove my continuous education, most likely not.

The WHOLE CPE system has to be revised to add value to it, to show that the CPE submitted are in fact related to being a CISSP.  Such a system would be very complex, would require human intervention,  a random audit once in a while is not enough to keep the CPE as a valid gauge of one professional development.

WHAT METRIC DO THEY USE TO GAUGE SUCCESS

Over and over again I hear officials brag about having reach 50K members,  60K members, and even more today.  What does this number prove if we as a group don't impact the security community and influence it.

Gauging success by the total number of people who have received their certification over the past 12 months is certainly NOT a valid matric.  If I remember correctly this is how many of the well respected and valued certifications out there have lost their value. 

You need to show more than number.  You need to be look at as leaders and a community who is playing a very active role in all facets of security.

I am still waiting for an official at ISC2 to come out with some other metrics and the ability to demonstrate the impact that ISC2 has on the security community overall.  What is the support that ISC2 has provided to their membership over the past 12 months.  How they have helped "JOE the security guy" in his daily job after he became certified.

Start giving me significant metrics.

MAINTENANCE FEES

When I first got certified over ten years ago the maintenance fees were 85$ USD back then.  I could understand that with 12 CISSP's in Canada it was necessary to charge that much money to keep the site up and running, to give me acces to the web submission form for my CPE's, etc... etc...

However, today we have over 60,000 members and I do not understand why I still have to pay the same price.

Normally offer and demand will drive prices down.  Does ISC2 need to collect more than 5 Millions dollars in maintenance fees every year to give me that service today. 

The certification world is the ONLY place where I have seen price that never get affected by the offer and demand.  It is the only place where I have seen prices go up as there was more demand.  Exams that used to be $250 are now over $500.  WHY?

Considering the exams are being run by volonteers, considering the production cost per person for the exam greatly decreases as the number of exam offered increases, I fail to understand WHY it cost so much.

If really an organization was concerned about the good of the common wealth and improving security overall, they would also make all effort to ensure the certification path is accessible and affordable.

There is no need to pay that much for a certification.  If at least people were still getting a nice wood mounted plaque with their certificate on it that would justify some of the cost.  However the opposite happened, we are being charged more for less as the volume increases.

I must be in the wrong line of business....

CLEMENT WHY ARE YOU MAD?

First let me tell you that I am not mad at all,  I am writing this with an ironic smile on my face,  I am simply very disappointed to see how much energy is wasted on futility versus being used for us the members and us as a priority.

Will the points above change in the near future, I doubt it.

I think a new organization will see the light before we can turn the current organization around.

I know I am an idealistic with my sharing for free ideas but there are still people out there who REALLY believe in helping others and they also believe in doing it openly without money being their main objective.

Best regards to all

Thanks for reading my rant

Take care

Clement

P.S.  PLEASE CLICK HERE OR ON THE comments LINK BELOW TO LET US KNOW YOUR OPINION AS WELL

 

"

(Read More... | 11 comments | Score: 5)


Upcoming changes to the CISSP exam and the drama associated with it
Posted by boss on Monday, 20 October 2008 @ 19:28:49 EDT (1888 reads)
Topic ISC2 Org

NOTE FROM CLEMENT:

The message I had below from Shon Harris has been removed at the request of Shon Harris who receive a letter from a legal firm representing ISC2 asking for the content she posted to be removed. 

The message was about exam changes and whether or not there are some. 

Some says there are, some says there are none,  I do not understand WHY every CBK updates seems to be a secret.  It really makes you wonder if this is all marketing without substance or is there really any changes.  Sometimes even official communication from ISC2 leaves you wondering if there are some or not.

A good example of this:  I have seen in many official emails from ISC2 claim that states:

"Official (ISC)2 Guide to the CISSP CBK - (ISC)2 book, written and compiled by world-class CISSPs, offers thorough analysis of all 10 CISSP CBK domains. It's the only book available with the CBK changes updated recently."

Another example is the back cover of their book:

"Endorsed by the (ISC)2, this valuable resource follows the newly revised CISSP CBK, providing reliable, current, and thorough information."

What are those changes, when did they take place, where has this been documented and communicated to the membership and new exam candidates???  I taught one of the requirements of their ISO/IEC 17024 certification was to make the CBK publicly available.

Unfortunately it seems that at time some of the sales staff at ISC2 will use Fear Uncertainty and Doubt (FUD) as a sale tactic.

I have just delivered a CISSP class in Dubai, UAE and many of my students were told by ISC2 people thay have talk to on the sales side that that they should avoid taking my class because it is NOT an official ISC2 class and that only the official ISC2 class would give them the coverage needed to pass the exam.  Such claims are totally retarded and even more retarded considering it comes from a sales person who has never sat other vendors CISSP classes and does not even know me on top of it.

I have developed, delivered, reviewed, and improved courseware for five of the leading Training Company in the states and let me tell you that the ISC2 courseware is not what their sales staff claim it is and it will NOT give you any special advantages. 

If ISC2 or their training spinoff would use their Certification Body position as an advantage on the training side they would be breaking the requirement of their ISO certification, even making such claim is against their ISO certification requirements.

When a certification body sales force has to revert to such tactics to sell seats into their training classes it talks for itself. 

Quality of content and quality of delivery is what people are looking for. 

They are NOT looking for FUD (Fear, Uncertainty, and Doubt).  Such tactics are really sad and disappointing to say the least.

MESSAGE FROM SHON HARRIS BELOW WAS DELETED


(comments? | Score: 5)


ISC2 new cert: The Certified Secure Software Lifecycle Professional (CSSLP)
Posted by boss on Thursday, 25 September 2008 @ 13:20:25 EDT (2372 reads)
Topic ISC2 Org

cdupuis writes "

(ISC2) announced preparations for a new certification designed to validate secure software development practices and expertise to address the increasing number of application vulnerabilities.


The Certified Secure Software Lifecycle Professional (CSSLP) aims to stem the proliferation of security vulnerabilities resulting from insufficient development processes by establishing best practices and validating an individual's competency in addressing security issues throughout the software lifecycle (SLC). It takes a holistic approach to software security.

Code-language neutral, it will be applicable to anyone involved in the SLC, including analysts, developers, software engineers, software architects, project managers, software quality assurance testers and programmers.

Subject areas covered by the CSSLP exam will include the software lifecycle, vulnerabilities, risk, information security fundamentals and compliance. Candidates must demonstrate four years of professional experience in the SLC process or three years of experience and a bachelor's degree (or regional equivalent) in an IT discipline.

The seven domains of the CSSLP CBK, a compendium of secure software topics, are:

  • Secure Software Concepts
  • Secure Software Requirements
  • Secure Software Design
  • Secure Software Implementation/Coding
  • Secure Software Testing
  • Software Acceptance
  • Software Deployment, Operations, Maintenance and Disposal

The first CSSLP exam is scheduled for the end of June in 2009. Currently, (ISC)² is seeking qualified professionals who meet experience and other requirements to participate in the assessment. They will become the first CSSLP holders and be asked to contribute to the exam development process and assist in other program development tasks. Applications for the CSSLP experience assessment will be accepted from Sept. 25, 2008 through March 31, 2009, with the first education seminars slated for Q1 2009.

CLick on Read Me... below to get more details -->

"

(Read More... | 7419 bytes more | comments? | Score: 3.5)


The ABCs of CPEs
Posted by boss on Saturday, 13 September 2008 @ 18:00:07 EDT (1727 reads)
Topic ISC2 Org

cdupuis writes "

As seen within the ISC2 newsletter:

(ISC)2® is committed to helping information security professionals further their education in all areas of their profession. 

 

Continuing Professional Education (CPE) Credits


CPEs represent "proof" that education has been pursued and successfully completed. An (ISC)2 credential holder must earn a specific minimum number of CPE credits annually over a three year period to maintain their credential. Failure to meet the CPE requirements will require the member to retake the credential examination. 

 

What are Group A and Group B Credits? 

 

CPE credits are categorized as either Group A credits or Group B credits, depending on the type of activity. 

 

  • Group A credits: Direct Domain-Related Activities
    Group A credits are given for completion of activities which relate directly to the information systems security profession. Generally, this consists of the domains covered by the (ISC)2 CBK®.

 

  • Group B credits: Professional Skills Activities
    Group B credits are given for completion of activities which enhance the credential holder's overall professional skills, education, knowledge or competency. These generally include professional development programs, such as professional speaking engagements or management courses. While these may not apply directly to the field of information security, (ISC)2 recognizes these skills are vital in the growth of all professionals and their credentials.  One-third of your CPEs during the 3-year certification cycle may be "B" credits.

See the FAQ about CPE's at:

https://www.isc2.org/cgi-bin/content.cgi?page=1034

"

(Read More... | 1 comment | Score: 0)


Hord Tipton has been named executive director of ISC2
Posted by boss on Tuesday, 15 July 2008 @ 10:25:18 EDT (1095 reads)
Topic ISC2 Org

cdupuis writes "

http://www.gcn.com/online/vol1_no1/46638-1.html

By Trudy Walsh
GCN.com
07/11/08

Former Interior Department chief information officer W. Hord Tipton has been named executive director of the International Information Systems Security Certification Consortium.

He replaces Eddie Zeitler as executive director of (ISC)2. Zeitler left to pursue other interests, (ISC)2 officials said.

Tipton served as CIO of the Interior Department for more than five years. During his tenure, he managed IT operations for 2,500 Interior offices with 3,650 IT employees, 5,800 contractors and an IT portfolio
of $1.2 billion.

In early 2007, he left Interior to become president and chief executive officer of Ironman Technologies, which had a client list that included IBM, Perot Systems, EDS, Booz Allen Hamilton and Symantec.

Tipton has been a member of (ISC)2's board of directors since 2005, and a member of (ISC)2's government advisory board since 2004.

"

(Read More... | 2 comments | Score: 0)


Number of credential holders worldwide for the ISC2 certifications
Posted by boss on Saturday, 05 July 2008 @ 19:49:26 EDT (1849 reads)
Topic ISC2 Org

cdupuis writes "

The following counts reflect the number of members per credential as of June 23, 2008.

CAP
Canada 6
India 1
Korea, Republic of 2
Thailand 1
United States 471

 

CISSP
(Other) 1
Andorra 1
Angola 1
Argentina 65
Aruba 1
Australia 948
Austria 73
Azerbaijan 1
Bahamas 3
Bahrain 31
Bangladesh 1
Barbados 15
Belgium 258
Belize 1
Bermuda 18
Bolivia 2
Bosnia and Herzegowina 4
Botswana 3
Brazil 226
Brunei Darussalam 2
Bulgaria 12
Cambodia 1
Cameroon 1
Canada 3,163
Cayman Islands 9
Chile 65
China 410
Colombia 54
Costa Rica 4
Croatia (Hrvatska) 29
Cuba 1
Cyprus 6
Czech Republic 27
Denmark 265
Dominican Republic 4
Ecuador 4
Egypt 51
El Salvador 3
Estonia 5
Faroe Islands 1
Fiji 1
Finland 283
France 400
French Polynesia 1
Germany 642
Ghana 4
Gibraltar 3
Greece 67
Guam 4
Guatemala 9
Haiti 1
Honduras 1
Hong Kong 1,325
Hungary 52
Iceland 3
India 1017
Indonesia 50
Iran (Islamic Republic of) 4
Iraq 2
Ireland 239
Israel 172
Italy 216
Jamaica 17
Japan 995
Jordon 30
Kazakhstan 5
Kenya 7
Korea, Republic of 2,483
Kuwait 33
Latvia 7
Lebanon 12
Lithuania 7
Luxembourg 31
Macau 8
Macedonia 7
Malaysia 203
Malta 5
Marshall Islands 1
Mauritius 15
Mexico 227
Namibia 1
Netherlands 852
Netherlands Antilles 3
New Zealand 127
Nigeria 89
Norway 90
Oman 12
Pakistan 72
Panama 11
Peru 13
Philippines 63
Poland 129
Portugal 34
Puerto Rico 23
Qatar 24
Romania 28
Russian Federation 127
Saint Lucia 1
Saudi Arabia 170
Senegal 2
Singapore 1001
Slovakia (Slovak Republic) 19
Slovenia 15
South Africa 264
Spain 304
Sri Lanka 44
Suriname 1
Sweden 267
Switzerland 407
Taiwan, Republic of China 248
Tanzania, United Republic of 2
Thailand 98
Togo 1
Trinidad and Tobago 24
Tunisia 3
Turkey 85
Turks and Caicos Islands 1
Uganda 3
Ukraine 15
United Arab Emirates 252
United Kingdom 2,922
United States 35,821
Uruguay 15
Venezuela 14
Viet Nam 10
Virgin Islands (British) 1
Virgin Islands (U.S.) 2
Yemen 1
Yugoslavia 4
Zambia 1
Zimbabwe 5


Emeritus
Canada 1
Finland 1
United States 17


Fellow
Australia 1
United States 1


ISSAP
Australia 15
Austria 2
Brazil 5
Canada 54
China 1
Croatia (local name: Hrvatska) 1
Finland 2
France 2
Germany 8
Greece 1
Hong Kong 17
India 3
Indonesia 1
Ireland 2
Israel 2
Italy 5
Japan 3
Korea, Republic of 2
Mexico 4
Netherlands 13
New Zealand 2
Norway 1
Qatar 1
Russian Federation 1
Saudi Arabia 2
Singapore 6
South Africa 4
Switzerland 9
Taiwan, Republic of China 4
Ukraine 2
United Arab Emirates 1
United Kingdom 29
United States 559


ISSEP
Canada 7
Germany 4
Hong Kong 1
India 2
Japan 1
Korea, Republic of 2
Nigeria 1
South Africa 1
Switzerland

1

Thailand 1
United States 413


ISSJP
Japan 43


ISSMP
Australia 9
Austria 1
Belgium 1
Bermuda 1
Brazil 1
Canada 42
Croatia (local name: Hrvatska) 1
Denmark 1
Finland 2
France 1
Germany 5
Greece 1
Hong Kong 18
India 3
Ireland 2
Israel 2
Italy 1
Japan 3
Kenya 1
Korea, Republic of 2
Lebanon 1
Malaysia 3
Netherlands 8
New Zealand 1
Nigeria 1
Oman 2
Pakistan 1
Portugal 2
Puerto Rico 1
Russian Federation 1
Saudi Arabia 1
Singapore 7
South Africa 3
Spain 2
Sweden 2
Switzerland 8
Taiwan, Republic of China 4
Turkey 1
United Kingdom 21
United States 509


SSCP
Australia 13
Austria 2
Belgium 2
Bermuda 1
Brazil 4
Cambodia 1
Canada 54
Caymen Islands 1
Chile 5
China 2
Denmark 3
Egypt 1
Finland 2
Germany 7
Greece 3
Guatemala 1
Hong Kong 5
India 22
Ireland 7
Israel 1
Italy 1
Japan 1
Jordan 1
Korea, Republic of 1
Luxembourg 2
Malaysia 1
Malta 1
Mexico 3
Netherlands 2
New Zealand 1
Norway 3
Philippines 1
Poland 3
Romania 2
Russian Federation 1
Saudi Arabia 7
Singapore 9
Slovakia (Slovak Republic) 1
Spain 4
Sweden 1
Switzerland 1
Taiwan, Republic of China 10
Thailand 5
Turkey 3
United Arab Emirates 3
United Kingdom 41
United States 608
Uruguay 1
Venezuela 1
Yugoslavia 1
Zimbabwe 1

Original posting at: https://www.isc2.org/cgi-bin/content.cgi?page=11399"

(Read More... | 2 comments | Score: 0)


Total number of CISSP's and SSCP's wordwide
Posted by boss on Friday, 25 April 2008 @ 19:55:02 EDT (3949 reads)
Topic ISC2 Org

Anonymous writes "In a recent discussion on the CISSP Forum,

Someone listed the total number of CISSP's worldwide as of 4/22/2008.

There are total 57602 members overall.
(56791 CISSPs and 810 SSCPs)

As it was indicated this number seems to increase by a few hundreds every month.

This is a long way from the few thousands we had about 10 years ago.

Best regards to all

Clement "

(Read More... | 1 comment | Score: 5)


Google & Yahoo Sued for allegedly infringing the ISC2 Trademarks
Posted by boss on Sunday, 18 November 2007 @ 17:14:47 EST (1980 reads)
Topic ISC2 Org

cdupuis writes "NOTE FROM CLEMENT:
Here is an interesting article from Eric Goldman on alleged trademark infringement by Yahoo and Google regarding trademarks that belongs to ISC2. This is a story that will be interesting to watch. Based on some new fact I was made aware of by the ISC legal counsel, it is obvious that going after Google and Yahoo is the correct route to take considering they control the content posted and the abuser is nowhere to be found.   Going after the Mr. DeGraphenreed has been, shall we say, somewhat problematic as he is transitory and cannot be found at the location where he once slept. See Eric Goldman blog at: http://www.ericgoldman.org/index.html

November 17, 2007 Google and Yahoo Sued for Hosting Content That Allegedly Infringes Trademarks--(ISC)2 v. Degraphenreed

By Eric Goldman

International Information Systems Security Certifications Consortium v. Degraphenreed, 2:07 CV 1195 (S.D. Ohio complaint filed Nov. 16, 2007)

International Information Systems Security Certifications Consortium ("ISC2") offers a professional designation entitled "Certified Information Systems Security Professional," or "CISSP" for short, that individuals can earn by meeting the published requirements. The Consortium has a federally registered certification mark (#2045256) for the term "CISSP." The complaint alleges that Degraphenreed was once a registered Certified Information Systems Security Professional but he failed to satisfy the continuing standards. As a result, the complaint alleges that Degraphenreed now describes himself as a "Chief Information Security Systems Practitioner," also abbreviated as "CISSP," thereby continuing to claim CISSP status without meeting the ISC2's standards.

These allegations appear to support trademark infringement and false advertising claims, although interestingly I can't find any examples of Degraphenreed's usage of the term "Chief Information Security Systems Practitioner." (I got zero results in both Google and Yahoo searching for the term "Chief Information Security Systems Practitioner."). ISC2 also alleged trademark dilution but that should be a non-starter because I doubt CISSP will qualify as widely recognized among the general consuming public.

The most interesting aspect of this case is that ISC2 also sued Google and Yahoo for trademark infringement for hosting content that contained Degraphenreed's impermissible CISSP usage. Specifically, the complaint alleges that Google hosted six blogs that contained the CISSP mark (at least 2 of which contained the term in the blog title), and that Google refused to take down these blogs after the plaintiff's notice. The complaint also alleges that Yahoo hosted 5 Yahoo Groups referencing CISSP and a Flickr account containing ISC2's CISSP logo, and that after plaintiff's notice Yahoo only removed one group and left everything else up. The complaint claims direct (not contributory) trademark based on these allegations.

From my outsider's perspective, it looks like a significant tactical error to bring Google and Yahoo into this lawsuit for at least four reasons:

1) The plaintiff's theories of trademark liability against Google and Yahoo are untested and lack any useful precedent. In fact, to date we really don't have an exemplar lawsuit discussing the liability of a service provider for hosting trademark-infringing content, and I can't think of a case where a service provider has been held liable a trademark infringer for hosting user content. This claim reminds me a little of the Jews for Jesus v. Google Blogspot lawsuit from Dec. 2005 (which ultimately settled irresolutely), where Jews for Jesus complained about a third level domain/blog title selected by a blog user. When that lawsuit was filed, I speculated about some of the possible theories of liability and defenses, but the law was murky at best. So in this case, suing Google and Yahoo makes a relatively straightforward case much more complex and expensive.

2) Often, individual defendants in these types of cases don't hire top-flight IP defense lawyers....but Google and Yahoo most assuredly will. As a result, ISC2 has ensured that some very skilled attorneys will line up on the defense to break every aspect of its case.

3) I couldn't investigate everything, but what I saw of Degraphenreed's activities on Google and Yahoo didn't look immediately problematic. For example, some of the blogs really lack any substance at all (see, e.g., here), but they don't look like splogs. If anything, it looked like ISC2 may be trying to shut down some griping. For example, two of the Yahoo groups are entitled "cissp-clueless" and "cissp-censorship," and the cissp-censorship group is a restricted access group with only three members. It's not clear how this group could possibly contribute to a trademark infringement claim. Instead, it looks like ISC2 might be overreaching, perhaps to shut down some unwanted commentary, and this may increase the judge's sensitivities to the public interests at stake here.

4) The plaintiff can get all of the relief it needs just by suing Degraphenreed. If the plaintiff wins that lawsuit, they can get an order forcing Degraphenreed to remove the infringing material. Further, I imagine that Google and Yahoo would happily take down any content that a court has adjudged infringing.

Please email me if you have any thoughts about why ISC2 decided to go after Google and Yahoo (let me know if I can post your comments). For now, I'm classifying it as a blunder. It will be interesting to see how aggressively Google and Yahoo respond to this lawsuit.

"

(Read More... | 7 comments | Score: 0)


Exam in Buenos Aires, Argentina -- You are out of luck
Posted by boss on Sunday, 18 November 2007 @ 15:06:01 EST (1821 reads)
Topic ISC2 Org

cdupuis writes "UPDATE AS OF NOVEMBER 23rd, 2007:  I was just informed that ISC2 has added another exam date on the 15th of December 2007 for people who could not get a seat.  This is what I was referring to when I mentioned service to their constituent.  I am very happy for everyone that has studied VERY HARD for this exam.  I wish you all the best.    Clement

ORIGINAL POST BELOW:

WOW,

Am I glad that I live in North America and not oversea. I was contacted by a site member from Buenos Aires, Argentina who has been studying for the past 6 months diligently and now he cannot get a seat on the local exam that will be conducted in December.

You would think that ISC2 would conduct their exam into a location that is big enough to allow ALL potential CISSP's to have a seat available. Considering that ISC2 visit Buenos Aires only two to three times a year, the least that could be done is to use a large exam room to accommodate all persons who desire to sit for the exam.

The site member mentioned above has just registered for the June exam next year. You would think that common sense would prevail and a larger room would be sought to accommodate all requests.

I guess it is not an important issue and we are only customers.

The word INTERNATIONAL in their name means that you provide quality services equally to all part of the world or you do not call yourself INTERNATIONAL. It is sad to see this.

Take care

Clement

"

(comments? | Score: 0)


ISC2: Pls let your CISSP, CAP, SSCP colleagues know A.S.A.P
Posted by boss on Wednesday, 14 November 2007 @ 17:04:19 EST (1933 reads)
Topic ISC2 Org

cdupuis writes "

NOTE FROM CLEMENT:

As noted in the (ISC)² election announcement, please do check that your new (ISC)² logon-ID and password combination will work for you, before November 16th . Based on recent comments on the CISSP-Forum, some members have had no difficulty with their ID/password, however others have had difficulty signing on to the (ISC)² website. Your email address is now used instead of your candidate ID. Logon now to ensure that you can exercise your right to vote when voting day will come. Below you have a message from the two candidates that CCCure has supported in their effort to be on the ballot. Soon will be the time to get them from the ballot to the board by voting for them. Our organization is in dire need of fresh ideas and new blood on the board that will listen to you the members. Take a look at some of the numbers listed below and you will be amazed that you are still being asked to pay 85$ a year for maintenance fees without getting anything back from the money that you pay. Those numbers are NOT fabricated, they are from public copies of IRS filing made by ISC2.

Please, Please, Please: Do forward this message to any CISSP , SSCP, and CAP that you know. 

 

Dear Colleagues,

Are you getting good value from (ISC)² ? Should you be getting more back from the $ 3,000,000+. “profit” that (ISC)² makes each year. [That’s right $3+ million cash deposited into the bank account each year after expenses related to certification, education and member services, based on IRS filings. And, (ISC)²’s Board may be sitting on more than $17,000,000 cash reserves that could be used right now to help you earn more money with a more powerful certificate.]

We, Rolf Moulton and Bill Murray, are two of independent Board candidates. We urge you to consider what you want from (ISC)² and what you should be getting. As examples:

- Are you getting your money’s worth right now?

- Do the current Board members listen and respond?

- Is (ISC)² taking steps to help you for the future?

- What more should the Board be doing?

- Will Board recommended candidates do more than the Board does?

- Is it time for a leadership change?

- Which of the candidates will be the best leaders for the “new” Board?

Based on what many of you told us when we asked for petition signatures, we believe that (ISC)² should be focusing on building career and personal value for its members, not building cash reserves with its profits.

Specifically, the Board should be:

- Doing much more to increase CISSP, SSCP and CAP visibility and worth,

- Providing more opportunities for member communications,

- Creating closer relationships with educational institutions to provide fellowships and more CPE opportunities; and,

- Developing closer relationships with national and state legislatures and leaders to provide more opportunities for security professionals to help improve information protection.

You have the opportunity, and the responsibility, to choose new leaders who will listen and respond. There are twelve candidates seeking five Board Director positions. Nine were recommended by the current Board, including four incumbents. Three candidates were nominated by the members through the independent candidate petition process.

Bill Murray and I are ready to start making the changes that we recommended when we sought your endorsement to get onto the ballot. And, we will continue to listen to you and respond to your priorities as Board members.

We ask you to give us a clear mandate to make the necessary changes by voting for us, Rolf Moulton and Bill Murray, starting on November 16th at http://members.isc2.org.


And, we also ask that you forward this note to your friends and colleagues asking them to vote for us.

Thank you.

Rolf Moulton, CISSP-ISSMP, CISA, CCP
William H. (Bill) Murray, CISSP
http://www.boardcandidate2007.com

"

(Read More... | 1 comment | Score: 0)


Login here

Nickname

Password

Security Code:
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Our Sponsors

CCCure Partners

USA


Security University

Security University


MIDDLE EAST


Dubai, Qatar, Kuwait, Oman

THE OISSG GROUP
The OISSG serving the Middle East security needs


EUROPEAN UNION


Dublin, Ireland
ESPION

Best security training you can get in Ireland


AFRICA


Yaounde-Cameroun
GetSec

The best training one can get in Cameroon

Lagos, Nigeria
Digital Encode


The best security training in Lagos and Nigeria

Most Active Members

· 1: side_winder
Total points: 11918
· 2: Lopezco
Total points: 8506
· 3: cissp_newbie
Total points: 7593
· 4: cdupuis
Total points: 6442
· 5: mikeyoung_fla
Total points: 5440
· 6: Vladimir
Total points: 4611
· 7: MMM
Total points: 2969
· 8: damoose
Total points: 2277
· 9: educk
Total points: 2173
· 10: vijayu
Total points: 1931

Today's Big Story

There isn't a Biggest Story for Today, yet.

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2007 by CCCure.Org, and the site maintainers Clement Dupuis and Nathalie Lambert. Reuse is strictly prohibited without written permission of CCCure.Org or it's maintainers.

This web site is not associated directly or indirectly with ISC2, the SANS Institute, ISACA, or other certification authority. The GCFW, CISSP, SSCP, ISSEP, ISSMP, CISA, and CISM are all the property of their respecful owners. The content of this site is provided to you freely due to the generosity of our sponsors.


  • Career
  • Magazines
  • Conferences
  • Study Books
  • Certifications
  • Training
  • Tutorials
  • Quizzes
  • Forums

  • Page Generation: 0.75 Seconds