To CISSP or Not to CISSP – Part 2

December 30, 2010 · Posted in Information Security, Information Systems · 6 Comments 

Continued from: To CISSP or Not to CISSP – Part 1

Let’s look at what another non-fan of the cert thinks about the cert. In his blog entry he quoted another blog that stated:

“I chose a self study route, and devoted around 2 months for the preparation. Locked myself in and had very little to no time for the family, I’d told them what I was up to, both my wife and son were very supporting. Every weekday I would dedicate 3 to 4 hours, and on weekends 5 to 6 hours for preparation. The last week before exam, I took leave from work and dedicated around 12 hours straight everyday for 7 days. To cope with the physical and mental tensions I did 45 minutes yoga in the morning and 20 minutes meditation in the afternoon. I took a break or stretched for 5 to 15 minutes after every 1 or 2 hours of studies.”

He then followed up by stating:

That is ridiculous. I would expect someone who wants to be considered as a “security professional” to be well-enough versed in the CISSP material to not require seven straight days of 12 hour studying sessions, beyond the previous seven weeks of study.”

Read more

Tags: , , ,

To CISSP or Not to CISSP – Part 1

December 30, 2010 · Posted in Information Security, Information Systems · 5 Comments 

I had a discussion with a current co-worker over lunch one day on the importance of higher education. Just a week prior, two contractors working with us left without notice and somehow claimed the workplace was pretty hostile to them. Being also a contractor and working with the same group of folks, I (along with the rest of the team) found the claim to be pretty odd. We simply did not see the place as being a hostile one. It was actually a tad dull and boring if you ask me. However, whatever the case may be, this is the reason that they gave their contracting office.

One of the contractors was actually not making the cut. Meaning he fails to meet even the simplest objective that is given to him by our manager and team leads. The other contractor was the one who recommended him for the job and also this contractor apparently has another gig that he believes will bring him tons of cash. So believing that the writing is on the wall, they decided to leave. Why they left without notice and also giving out a false statement as to the reason why left has no viable explanation. The only word that comes to mind is, unprofessional.

These two stories came to mind today as I was searching for ideas for acquiring Continuing Professional Education (CPE) credits to maintain my CISSP (Certified Information Systems Security Professional) certification. Somehow the search landed me into pages asking if whether CISSP is worth it. There are several bloggers who simply believe that the accreditation is nothing but a piece of paper that is not worth the ink it was printed with.

Read more

Tags: , , , ,

Simple Principles for Effective IT Management

December 28, 2010 · Posted in Information Systems, Information Technology, Project Management · Comment 

50-30-20 Principle

  • IT is about 50% people, 30% process and 20% product (technology)
  • Success of any IT department depends upon the people within the department and the people it supports. There has to be buy-in to IT initiatives and that the department offers value to its customer base
  • Processes (Procedures, Guidelines, Standards and Policies) should be aligned with overall business objectives to ensure that IT is not simply a cost center for the organization but also a value-add and integral part of overall revenue stream of the company. A key factor to ensure that there is alignment between IT and Business and that these processes support the objectives is buy-in from all the stakeholders within the organization Read more

Tags: , , , ,

  • Your Shopping Cart

    Your cart is empty

  • Calendar

    December 2010
    M T W T F S S
    « Oct   Jan »
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  

  • RSS From the National Vulnerability Database

    • CVE-2012-0291 (pcanywhere, altiris_client_management_suite_pcanywhere_solution, altiris_deployme...) February 21, 2012
      Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (applic […]
      nvd@nist.gov
    • CVE-2012-0315 (alftp) February 21, 2012
      Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file. […]
      nvd@nist.gov
    • CVE-2012-0223 (termis) February 21, 2012
      Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0224. […]
      nvd@nist.gov
    • CVE-2012-1256 (easyvista) February 21, 2012
      The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php. […]
      nvd@nist.gov
    • CVE-2011-4185 (iprint) February 20, 2012
      The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436. […]
      nvd@nist.gov
    • CVE-2012-1218 (freelancerkit) February 20, 2012
      Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to the (1) notes and (2) tickets components. […]
      nvd@nist.gov
    • CVE-2011-4521 (advantech_webaccess) February 20, 2012
      SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. […]
      nvd@nist.gov
    • CVE-2012-1222 (r2/extreme) February 20, 2012
      Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and earlier allows remote authenticated users to execute arbitrary code via a long string to TCP port 23. […]
      nvd@nist.gov
    • CVE-2012-1235 (advantech_webaccess) February 20, 2012
      Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. […]
      nvd@nist.gov
    • CVE-2012-0865 (cubecart) February 20, 2012
      Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php. […]
      nvd@nist.gov
Get Adobe Flash playerPlugin by wpburn.com wordpress themes