[Cisspstudy] cisspstudy Digest, Vol 19, Issue 12

Amit Singh amit.secure1 at gmail.com
Sun Jan 17 10:51:22 EST 2010 

The CISSP credential is valid for only three years, after which it must be
renewed. The credential can be renewed by re-taking the exam; however, the
more common method is to report at least 120 Continuing Professional
Education (CPE) credits since the previous renewal. Currently, to maintain
the CISSP certification, a member is required to earn and submit a total of
120 CPEs by the end of their three-year certification cycle and pay the
Annual Membership Fee of US$85 during each year of the three-year
certification cycle before the annual anniversary date. With the new changes
effective 30 April 2008, CISSPs are required to earn and post a minimum of
20 CPEs (of the 120 CPE certification cycle total requirement) and pay the
AMF of US$85 during each year of the three-year certification cycle before
the member’s certification or recertification annual anniversary date. For
CISSPs who hold one or more concentrations, CPEs submitted for the CISSP
concentration(s) will be counted toward the annual minimum CPEs required for
the CISSP.[14]<http://en.wikipedia.org/wiki/Certified_Information_Systems_Security_Professional#cite_note-13>
.

CPEs can be earned through several paths, including taking classes,
attending conferences and seminars, teaching others, undertaking volunteer
work, professional writing, *etc*., all in areas covered by the CBK. Most
activities earn 1 CPE for each hour of time spent, however preparing (but
not delivering) training for others is weighted at 4 CPEs/hour, published
articles are worth 10 CPEs, and published books 40
CPEs[15]<http://en.wikipedia.org/wiki/Certified_Information_Systems_Security_Professional#cite_note-14>
.


Regards,

Amit

On Sun, Jan 17, 2010 at 7:06 PM, yogeshwaran <yogeshm23 at yahoo.com> wrote:

> hi all,
>
>
> what is the certificate validation period?
> Do we have to upgrade the certificate ? if so what is the duration?
> Do we have to pay any annual cost to maintain the certificate?
>
> Regards,
> Yogesh.M
>
> --- On *Sun, 1/17/10, cisspstudy-request at cccure.org <
> cisspstudy-request at cccure.org>* wrote:
>
>
> From: cisspstudy-request at cccure.org <cisspstudy-request at cccure.org>
> Subject: cisspstudy Digest, Vol 19, Issue 12
> To: cisspstudy at cccure.org
> Date: Sunday, January 17, 2010, 2:33 AM
>
> Send cisspstudy mailing list submissions to
>     cisspstudy at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy@cccure.org>
>
> To subscribe or unsubscribe via the World Wide Web, visit
>     http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> or, via email, send a message with subject or body 'help' to
>     cisspstudy-request at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy-request@cccure.org>
>
> You can reach the person managing the list at
>     cisspstudy-owner at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy-owner@cccure.org>
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of cisspstudy digest..."
>
>
> Today's Topics:
>
>    1. Re: Exam strategy (Leif Palmer)
>    2. Re: Question on IDS (Heidar heidarinia)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 16 Jan 2010 16:42:29 -0800 (PST)
> From: Leif Palmer <ldpalmer at sbcglobal.net<http://us.mc362.mail.yahoo.com/mc/compose?to=ldpalmer@sbcglobal.net>
> >
> To: The CISSP Study Mailing list <cisspstudy at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy@cccure.org>
> >
> Subject: Re: [Cisspstudy] Exam strategy
> Message-ID: <425938.37647.qm at web180510.mail.gq1.yahoo.com<http://us.mc362.mail.yahoo.com/mc/compose?to=425938.37647.qm@web180510.mail.gq1.yahoo.com>
> >
> Content-Type: text/plain; charset="utf-8"
>
> Yes,
>
> Much congratulations and thank you for sharing the study habits!!!
>
>
>
>
> ________________________________
> From: Prakash <prakash2757 at yahoo.com<http://us.mc362.mail.yahoo.com/mc/compose?to=prakash2757@yahoo.com>
> >
> To: The CISSP Study Mailing list <cisspstudy at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy@cccure.org>
> >
> Sent: Sat, January 16, 2010 1:35:52 PM
> Subject: Re: [Cisspstudy] Exam strategy
>
>
>
> That's very much useful "Non Technical" tips.
>
> My hearty congratulations to you.
>
> Complete the endorsement process & welcome to the elite community of
> security.
>
> - Prakash
>
> --- On Sat, 1/16/10, tka4ov at inbox.lv<http://us.mc362.mail.yahoo.com/mc/compose?to=tka4ov@inbox.lv><
> tka4ov at inbox.lv<http://us.mc362.mail.yahoo.com/mc/compose?to=tka4ov@inbox.lv>>
> wrote:
>
>
> >From: tka4ov at inbox.lv<http://us.mc362.mail.yahoo.com/mc/compose?to=tka4ov@inbox.lv><
> tka4ov at inbox.lv<http://us.mc362.mail.yahoo.com/mc/compose?to=tka4ov@inbox.lv>
> >
> >Subject: [Cisspstudy] Exam strategy
> >To: cisspstudy at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy@cccure.org>
> >Date: Saturday, January 16, 2010, 10:06 PM
> >
> >
> >Hi all,
> >
> >just got "congratulations..." letter from ISC! Thank you Clement, and the
> rest of the crew for providing this great resource. It really helped me A
> LOT! To "give back to the community", I would like to share my exam
> strategy. I am not going to talk about preparation for the exam, because the
> topic was discussed so many times here...
> >Exam was physically hard for most people. You have to stay focused for 6
> hours (I used all 6 hours to complete 250 questions).The exam strategy
> taught me by my collegue saved me.
> >
> >1. Until the day before the exam, DO study hard!
> >
> >day before the exam...
> >2. Try to not overload yourself with the last-minute reading. If you want
> to refresh memories, reserve 1 hour in the morning and go trough study cramm
> (prepare it yourself). Do not read more! You have done everything you could,
> nothing will make difference now.
> >3. Go to bed at 21.00 latest. But just before that take a walk to the
> place where you are going to take the exam, it will help you to sleep
> better, and to avoid panic in the morning.
> >4. Sleep well!
> >
> >on the day of the exam...
> >5. Wake up and have some carbohydrates for lunch. They will give you power
> for the rest of the day (marathon runners eat that to stay in concious).
> Muesly are great! Drink green (herbal) tea. Do not overeat.
> >6. Arrive in advance, check in, sit down.
> >7. If proctor will offer to visit the facilities, DO SO. It will save you
> those 5-10 minutes, that are so much needed at the end.
> >
> >exam starts...
> >8. 6 hours, 250 questions + filling the answer sheet (do not underestimate
> it!). Make roughly 45 questions per hour. If you do that, you will have 225
> in 5 hours. That will leave you 1 hour to complete 25 questions and draw 250
> circles on answer sheet (quite a task)
> >9. Have 3 breaks! It was hard for me to sit still for 6 hours. I have
> started to lose concertration after second hour. So I did 5 minutes break.
> Had a banana (easy to digest, tastes good) and had a zip of HERBAL tea from
> a thermo-cup I brought with me.
> >10. Next pause after 4th hour. Have 10 min break - green tea/ mineral
> water. Bread +cheese +salad. No heavy stuff!
> >11. Last 5 min pause after 5th hour. EAT SUGAR! It will give you boost of
> energy for the last hour. Drink licozade, coca-cola, BLACK tea. Have a
> snickers or twix. Remember Rocky Balboa! This is the last round. After
> intake of sugars, and the last hour of work you will be deadly tired, but it
> doesn`t matter, because this is the last hour of exam. Do your best!
> >
> >after exam...
> >12. Welcome to the month of pain! You have to forget about the exam and
> just wait. It is hard, but do NOT write to ISC asking how you did. Do not
> schedule another exam, thinking that you have failed for sure. Everything
> you can do now is just wait. This was the longest month of my life :)
> >
> >Tips:
> >a. Work with booklet, not answer sheet. Read the question, draw minus next
> to two options that are obviously wrong, if you can answer now - circle the
> right one. If not, do not stop on the question - go to the next one.
> >b. underline the important words. It will help when you come back to the
> question for review.
> >c. when transferring your questions to the answer sheet. BE CAREFUL! One
> mistake can make you fail miserably.
> >    1. Do not start your exam by drinking coca-cola or eating chocolate
> bars. They are just giving you temporary boost, that will end, and you will
> fall asleep after hour.
> >e. Study hard! The exam is difficult, and you have to know a lot! I know
> smart guys that failed to become CISSP. Start studying in advance, if you
> are starting 2 month before exam ? you are trowing your money away.
> >Thanks for reading, I hope it will help someone!
> >P.S. Sorry for mistakes, I am not native speaker and rely heavily on MS
> office spell checker.
> >?
> >
> >
> >
> >
> >Quoting cisspstudy-request at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy-request@cccure.org>
> :
> >Send cisspstudy mailing list submissions to
> >>cisspstudy at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy@cccure.org>
> >>
> >>To subscribe or unsubscribe via the World Wide Web, visit
> >>http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >>or, via email, send a message with subject or body 'help' to
> >>cisspstudy-request at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy-request@cccure.org>
> >>
> >>You can reach the person managing the list at
> >>cisspstudy-owner at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy-owner@cccure.org>
> >>
> >>When replying, please edit your Subject line so it is more specific
> >>than "Re: Contents of cisspstudy digest...."
> >>
> >>
> >>Today's Topics:
> >>
> >>1. Question on IDS (Saurabh Bhargava)
> >>2. Re: Question on IDS (Jef A.)
> >>
> >>
> >>----------------------------------------------------------------------
> >>
> >>Message: 1
> >>Date: Fri, 15 Jan 2010 16:52:29 +0530 (IST)
> >>From: Saurabh Bhargava <catchbhargava at yahoo.com<http://us.mc362.mail.yahoo.com/mc/compose?to=catchbhargava@yahoo.com>
> >
> >>To: The CISSP Study Mailing list <cisspstudy at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy@cccure.org>
> >
> >>Subject: [Cisspstudy] Question on IDS
> >>Message-ID: <354277.25971.qm at web94807.mail.in2.yahoo.com<http://us.mc362.mail.yahoo.com/mc/compose?to=354277.25971.qm@web94807.mail.in2.yahoo.com>
> >
> >>Content-Type: text/plain; charset="utf-8"
> >>
> >>
> >>
> >>Hello Everyone:
> >>
> >>Need your thoughts on below question:
> >>
> >>1. which of the following is the is a weakness of both statistical
> anomaly detection and pattern matching
> >>
> >>A. Lack of learning model
> >>B. inability to run in real time
> >>C. Requirement to monitor every event
> >>D. Lack of ability to scale
> >>
> >>I think answer is C but author says its A.
> >>
> >>My reasoning - Statistical IDS creates a profile of ?normal? and compares
> activities to this profile. For that, its put in leaning mode and if an
> attack was happening during "learning" mode, it may go undetected in
> production environment as well.
> >>
> >>Pattern matching depends on signatures so may not be able to pick up
> "zero day" attacks.
> >>
> >>
> >>Thoughts pls?
> >>
> >>cheers, SB
> >>
> >>
> >>
> >>-------------- next part --------------
> >>An HTML attachment was scrubbed...
> >>URL: <
> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100115/5ffefcf5/attachment-0001.html
> >
> >>
> >>------------------------------
> >>
> >>Message: 2
> >>Date: Fri, 15 Jan 2010 08:23:10 -0500
> >>From: "Jef A." <jeff132 at gmail.com<http://us.mc362.mail.yahoo.com/mc/compose?to=jeff132@gmail.com>
> >
> >>To: The CISSP Study Mailing list <cisspstudy at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy@cccure.org>
> >
> >>Subject: Re: [Cisspstudy] Question on IDS
> >>Message-ID:
> >><2e06e8e61001150523o65f9456vccdbd25f86295bbd at mail.gmail.com<http://us.mc362.mail.yahoo.com/mc/compose?to=2e06e8e61001150523o65f9456vccdbd25f86295bbd@mail.gmail.com>
> >
> >>Content-Type: text/plain; charset="windows-1252"
> >>
> >>This question confused me a bit also but this is my reasoning for
> choosing
> >>C. I was immediately able to rule out choices B & D because they
> >>just didn't apply. In regards to answer A i considered the idea that
> >>statistical anomaly detection is actually learning by comparing current
> >>activities to behavior that it believes to be normal. Pattern matching
> >>doesn't learn at all because it is only looking for a specific pattern,
> it
> >>is not capable of finding any deviations from that pattern. However the
> >>requirement to monitor every event is something that both devices must do
> >>and i guess they are considering it a weakness.
> >>
> >>i am curious to here what others have to say about this questions.
> >>
> >>On Fri, Jan 15, 2010 at 6:22 AM, Saurabh Bhargava
> >><catchbhargava at yahoo.com<http://us.mc362.mail.yahoo.com/mc/compose?to=catchbhargava@yahoo.com>
> >wrote:
> >>
> >>>
> >>> Hello Everyone:
> >>>
> >>> Need your thoughts on below question:
> >>>
> >>> 1. which of the following is the is a weakness of both statistical
> anomaly
> >>> detection and pattern matching
> >>>
> >>> A. Lack of learning model
> >>> B. inability to run in real time
> >>> C. Requirement to monitor every event
> >>> D. Lack of ability to scale
> >>>
> >>> I think answer is C but author says its A.
> >>>
> >>> My reasoning - Statistical IDS creates a profile of ?normal? and
> compares
> >>> activities to this profile. For that, its put in leaning mode and if an
> >>> attack was happening during "learning" mode, it may go undetected in
> >>> production environment as well.
> >>>
> >>> Pattern matching depends on signatures so may not be able to pick up
> "zero
> >>> day" attacks.
> >>>
> >>>
> >>> Thoughts pls?
> >>>
> >>> cheers, SB
> >>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> cisspstudy mailing list
> >>> cisspstudy at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy@cccure.org>
> >>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >>>
> >>>
> >>-------------- next part --------------
> >>An HTML attachment was scrubbed...
> >>URL: <
> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100115/285aa9ea/attachment-0001.html
> >
> >>
> >>------------------------------
> >>
> >>_______________________________________________
> >>cisspstudy mailing list
> >>cisspstudy at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy@cccure.org>
> >>http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >>
> >>
> >>End of cisspstudy Digest, Vol 19, Issue 9
> >>*****************************************
> >>
> >
> >
> >
> >-- Tavs bezmaksas pasts Inbox.lv
> >-----Inline Attachment Follows-----
> >
> >
> >_______________________________________________
> >cisspstudy mailing list
> >cisspstudy at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy@cccure.org>
> >http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100116/a8f6df59/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Sun, 17 Jan 2010 00:33:33 -0800 (PST)
> From: Heidar heidarinia <h_heidarinia at yahoo.com<http://us.mc362.mail.yahoo.com/mc/compose?to=h_heidarinia@yahoo.com>
> >
> To: The CISSP Study Mailing list <cisspstudy at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy@cccure.org>
> >
> Subject: Re: [Cisspstudy] Question on IDS
> Message-ID: <998073.59173.qm at web33302.mail.mud.yahoo.com<http://us.mc362.mail.yahoo.com/mc/compose?to=998073.59173.qm@web33302.mail.mud.yahoo.com>
> >
> Content-Type: text/plain; charset="utf-8"
>
> ?
> Right?answer? is?
> ?? D. Lack of ability to scale
> ?
> ?
> ?
> The disadvantages of network-based IDSs include:
> ?
> They are not very scaleable; they have struggled to maintain capacities of
> 100 Mbps.
> They are based on predefined attack signatures?signatures that will always
> be a step behind the latest underground exploits
> IDS vendors have not caught up with all known attacks, and signature
> updates are not released nearly as frequently as antivirus updates.
> ?
> ?
> ?
> Requirement to monitor every event?
> ? The primary host-based IDS purpose is to monitor systems for individual
> file changes.
> ?
> Lack of learning model
> ?This :is not weakness of statistical anomaly.
> ?
> ?
> Inability to run in real time
> ?Network-based IDSs typically utilise network adapters running in
> promiscuous mode to monitor and analyse network traffic in real time
> ?
> ?
> ?
> I hope you find useful
> ?
> HH
> ?
>
>
> ?
>
> ________________________________
> From: Jef A. <jeff132 at gmail.com<http://us.mc362.mail.yahoo.com/mc/compose?to=jeff132@gmail.com>
> >
> To: The CISSP Study Mailing list <cisspstudy at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy@cccure.org>
> >
> Sent: Fri, January 15, 2010 8:23:10 AM
> Subject: Re: [Cisspstudy] Question on IDS
>
> This question confused me a bit also but this is my reasoning for choosing
> C. I was?immediately?able to rule out choices B & D because they
> just?didn't?apply. In regards to answer A i considered the idea that
> statistical anomaly detection is actually learning by comparing current
> activities to behavior that it believes to be normal. Pattern matching
> doesn't learn at all because it is only looking for a?specific?pattern, it
> is not capable of finding any deviations from that pattern. However the
> requirement to monitor every event is something that both devices must do
> and i guess they are considering it a weakness.
>
> i am curious to here what others have to say about this questions.
>
>
> On Fri, Jan 15, 2010 at 6:22 AM, Saurabh Bhargava <catchbhargava at yahoo.com<http://us.mc362.mail.yahoo.com/mc/compose?to=catchbhargava@yahoo.com>>
> wrote:
>
>
> >
> >Hello Everyone:?
> >
> >
> >Need your thoughts on below question:?
> >
> >
> >1. which of the following is the is a weakness of both statistical anomaly
> detection and pattern matching?
> >
> >
> >A. Lack of learning model
> >B. inability to run in real time
> >C. Requirement to monitor every event
> >D. Lack of ability to scale
> >
> >
> >I think answer is C ?but author says its A.?
> >
> >
> >My reasoning -?Statistical?IDS creates a profile of ?normal? and?compares
> activities to this profile. For that, its put in leaning mode and if an
> attack was happening during "learning" mode, it may go undetected in
> production environment as well.?
> >
> >
> >Pattern matching depends on signatures so may not be able to pick up "zero
> day" attacks.?
> >
> >
> >
> >
> >Thoughts pls?
> >
> >
> >cheers, SB
> >
> >
> >
> >
> >_______________________________________________
> >cisspstudy mailing list
> >cisspstudy at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy@cccure.org>
> >http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> >
>
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100117/e35fd833/attachment.html
> >
>
> ------------------------------
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org<http://us.mc362.mail.yahoo.com/mc/compose?to=cisspstudy@cccure.org>
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
> End of cisspstudy Digest, Vol 19, Issue 12
> ******************************************
>
>
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>


--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100117/cedd07ee/attachment-0001.html>

More information about the cisspstudy mailing list