Don't plan for uncertainty until you are certain:
http://www.csoonline.com/article/721150/certainly-uncertain
This humor comes too close to reality in many organizations.
Friday, November 23, 2012
The CISM
I never did post a note here that I finally got all the paperwork in for the CISM. I passed the test a while back, but it took a bit to follow up with the paperwork. One challenge I see is that it is much more limited about what will qualify for CPEs.
I listen to a lot of podcasts and while the CISSP allows those, the CISM appear to not count them. Going and sleeping through a conference is fine as long as you have the piece of paper at the end. I will have to keep my eye out for valid outlets to keep this updated. Fortunately it looks like the classes I teach will help, so I may not have as hard a time as it seemed at first.
I listen to a lot of podcasts and while the CISSP allows those, the CISM appear to not count them. Going and sleeping through a conference is fine as long as you have the piece of paper at the end. I will have to keep my eye out for valid outlets to keep this updated. Fortunately it looks like the classes I teach will help, so I may not have as hard a time as it seemed at first.
Congress is not Always the Solution
Good thoughts in the latest Salted Hash commentary.
http://blogs.csoonline.com/security-leadership/2458/dear-congress-please-keep-your-dirty-hands-cybersecurity-email-privacy
The danger is that so many fail to realize that things like this have great potential for abuse, especially of those with low personal restraint. Anything could become a national security issue and could justify spying. It is quite dangerous to trust government to protect us in all areas.
http://blogs.csoonline.com/security-leadership/2458/dear-congress-please-keep-your-dirty-hands-cybersecurity-email-privacy
The danger is that so many fail to realize that things like this have great potential for abuse, especially of those with low personal restraint. Anything could become a national security issue and could justify spying. It is quite dangerous to trust government to protect us in all areas.
Monday, January 2, 2012
Quality Software is Secure Software
The focus on software development is usually getting the system
completed on time and hopefully at or under budget. Some organizations
may even add a requirement that few known bugs may ship with the
product, though the amount of testing and validation of that can vary
greatly.
The security of those systems usually comes some position after that, especially if the organization doesn't have a regulatory requirement for that. In fact, even those organizations may only pay lip service to the need for secure software until they face a breach of their own.
Much of that is driven by business needs. The eyes of the leaders is on profit and loss (as it should be) and the new system needs to be available to help with the profit of raising income for the company.
This is as it should be, since a company without income and profits will soon be out of business, but it minimizes the impact of defects and security flaws on the business. Some organizations are starting to understand that defects can be costly, but only a few of those realize that security flaws are just another kind of dangerous defect.
Realizing this would help make educating people about the value of preventing or quickly fixing defects or security flaws more effective since only one message would need to go out.
The security of those systems usually comes some position after that, especially if the organization doesn't have a regulatory requirement for that. In fact, even those organizations may only pay lip service to the need for secure software until they face a breach of their own.
Much of that is driven by business needs. The eyes of the leaders is on profit and loss (as it should be) and the new system needs to be available to help with the profit of raising income for the company.
This is as it should be, since a company without income and profits will soon be out of business, but it minimizes the impact of defects and security flaws on the business. Some organizations are starting to understand that defects can be costly, but only a few of those realize that security flaws are just another kind of dangerous defect.
Realizing this would help make educating people about the value of preventing or quickly fixing defects or security flaws more effective since only one message would need to go out.
Saturday, December 24, 2011
I Passed the CISSP!
I just found out that I passed the CISSP exam I took several weeks ago! I was surprised, but this turned out just like my CISM exam. I thought I failed that too, but now I have the key information security certification under my belt to go with all the other hands on ones I have completed!
Tuesday, November 22, 2011
FIrst CISSP Attempt
I am often too much of a perfectionist and while I have passed several SANS certification tests and even ISACA's CISM test, I kept waiting to tackle the CISSP until I thought I knew enough. I finally decided to sign up for it a little more than a month ago, figuring I could retake it if needed. I suspect I will need to do so as several of the questions on the test were nothing like the material I jammed into my head in the last few weeks, in addition to all my hands-on time prior to that. I am annoyed that I even missed a PCI question that I should have known better on.
Overall, a quite annoying test. Annoying in a different way than the CISM, but annoying nevertheless. I did feel I failed that when I took it, so perhaps the outcome will be better, but I won't know for a couple of weeks.
Thursday, October 27, 2011
How Greedy and Stupid Can You Get?
I knew it before, but I am finally digging through the latest Shon Harris' CISSP book. Instead of going with the standard Confidentiality, Integrity and Availability, the book calls it Integrity, Confidentiality and Availability (ICA). I suppose this is so they can trademark the term. How stupid.
I suppose we are going to see the CPT-PI soon (Control Protocol for Transport - Protocol Internet)....
Some smart people in the security training business, but too worried about locking off their own material and not enough about producing excellence. I guess that's what happens when you become a bunch of prima donnas. I have seen similar stupidity in many places.
Subscribe to:
Posts (Atom)
