To CISSP or Not to CISSP – Part 2

December 30, 2010 · Posted in Information Security, Information Systems · 6 Comments 

Continued from: To CISSP or Not to CISSP – Part 1

Let’s look at what another non-fan of the cert thinks about the cert. In his blog entry he quoted another blog that stated:

“I chose a self study route, and devoted around 2 months for the preparation. Locked myself in and had very little to no time for the family, I’d told them what I was up to, both my wife and son were very supporting. Every weekday I would dedicate 3 to 4 hours, and on weekends 5 to 6 hours for preparation. The last week before exam, I took leave from work and dedicated around 12 hours straight everyday for 7 days. To cope with the physical and mental tensions I did 45 minutes yoga in the morning and 20 minutes meditation in the afternoon. I took a break or stretched for 5 to 15 minutes after every 1 or 2 hours of studies.”

He then followed up by stating:

That is ridiculous. I would expect someone who wants to be considered as a “security professional” to be well-enough versed in the CISSP material to not require seven straight days of 12 hour studying sessions, beyond the previous seven weeks of study.”

Read more

Tags: , , ,

To CISSP or Not to CISSP – Part 1

December 30, 2010 · Posted in Information Security, Information Systems · 5 Comments 

I had a discussion with a current co-worker over lunch one day on the importance of higher education. Just a week prior, two contractors working with us left without notice and somehow claimed the workplace was pretty hostile to them. Being also a contractor and working with the same group of folks, I (along with the rest of the team) found the claim to be pretty odd. We simply did not see the place as being a hostile one. It was actually a tad dull and boring if you ask me. However, whatever the case may be, this is the reason that they gave their contracting office.

One of the contractors was actually not making the cut. Meaning he fails to meet even the simplest objective that is given to him by our manager and team leads. The other contractor was the one who recommended him for the job and also this contractor apparently has another gig that he believes will bring him tons of cash. So believing that the writing is on the wall, they decided to leave. Why they left without notice and also giving out a false statement as to the reason why left has no viable explanation. The only word that comes to mind is, unprofessional.

These two stories came to mind today as I was searching for ideas for acquiring Continuing Professional Education (CPE) credits to maintain my CISSP (Certified Information Systems Security Professional) certification. Somehow the search landed me into pages asking if whether CISSP is worth it. There are several bloggers who simply believe that the accreditation is nothing but a piece of paper that is not worth the ink it was printed with.

Read more

Tags: , , , ,

  • Your Shopping Cart

    Your cart is empty

  • Calendar

    December 2010
    M T W T F S S
    « Oct   Jan »
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  

  • RSS From the National Vulnerability Database

    • CVE-2012-1090 (linux_kernel) May 16, 2012
      The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. […]
      nvd@nist.gov
    • CVE-2012-2123 (linux_kernel) May 16, 2012
      The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process […]
      nvd@nist.gov
    • CVE-2012-0044 (linux_kernel) May 16, 2012
      Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call. […]
      nvd@nist.gov
    • CVE-2012-2121 (linux_kernel) May 16, 2012
      The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices. […]
      nvd@nist.gov
    • CVE-2012-0207 (linux_kernel) May 16, 2012
      The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets. […]
      nvd@nist.gov
    • CVE-2012-1601 (linux_kernel) May 16, 2012
      The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. […]
      nvd@nist.gov
    • CVE-2011-4621 (linux_kernel) May 16, 2012
      The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop. […]
      nvd@nist.gov
    • CVE-2012-1179 (linux_kernel) May 16, 2012
      The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages. […]
      nvd@nist.gov
    • CVE-2012-0879 (linux_kernel) May 16, 2012
      The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context. […]
      nvd@nist.gov
    • CVE-2012-1146 (linux_kernel) May 16, 2012
      The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events. […]
      nvd@nist.gov
Get Adobe Flash playerPlugin by wpburn.com wordpress themes