IT Security – from TechRepublic “Report: Negligent employees are no. 1 cause of cybersecurity breaches at small and medium business'”

Report: Negligent employees are no. 1 cause of cybersecurity breaches at SMBs

Report: Negligent employees are no. 1 cause of cybersecurity breaches at SMBs

Careless workers and poor passwords have led to a rise in ransomware attacks and other breaches on SMBs, which cost an average of $1 million.

Source: www.techrepublic.com/article/report-negligent-employees-are-no-1-cause-of-cybersecurity-breaches-at-smbs/

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #11

In open source programming we:
A: Release the software, but not the code.
B: Release the code and the software.
C: Release neither the software or code.
D: Release the code, but not the software.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


B: Open source: We release the code publicly, where it can be tested, improved and corrected, but it also allows attackers to find the flaws in the code.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

IT Security from arstechnica.com “DOJ tries to rebrand weakened encryption as “responsible encryption””

Trump’s DOJ tries to rebrand weakened encryption as “responsible encryption”

A high-ranking Department of Justice official took aim at encryption of consumer products today, saying that encryption creates “law-free zones” and should be scaled back by Apple and other tech companies. Instead of encryption that can’t be broken, tech companies should implement “responsible encryption” that allows law enforcement to access data, he said.

Source: arstechnica.com/tech-policy/2017/10/trumps-doj-tries-to-rebrand-weakened-encryption-as-responsible-encryption/

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #10

These can all be used in IPSec except which concept?
A: AH.
B: ESP.
C: SA.
D: DR.

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests

Answer


D: IPSEC (Internet Protocol Security): Set of protocols that provide a cryptographic layer to IP traffic (IPv4 and IPv6). It uses AH (Authentication Header) to provide authentication and integrity for each packet. ESP (Encapsulation Security Payload) which provides confidentiality and SA (Security Association) which is a simplex one-way communication (Like a walkie talkie).Can be used to negotiate ESP or AH parameters.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

IT Security – from Software Developer India “What is the Internet of Things (IoT)?”

For the last few years, the Internet of Things (IoT) has been getting a lot of hype even though the concept has not been a new one. In fact IoT has been around for a long time, but in subtler way. IoT has revolutionized several industries including the IT industry, marketing, health care, education, agriculture and plenty more. IoT is not a complicated thing at all – it means conne…

Source: www.software-developer-india.com/what-is-the-internet-of-things-iot/

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

IT Security from The Telegraph: “GCHQ is coming out of the shadows to protect Britain’s economy from cyber-criminals”

GCHQ is coming out of the shadows to protect Britain’s economy from cyber-criminals

I have spent my whole career, in MI5 and now as head of GCHQ, working to counter the most serious threats to our national security.

If I’ve learned one thing it’s that our adversaries are quick to spot new ways of doing us harm.

We see that in the way terrorists are constantly changing their weapons or states are using their full range of tools to steal secrets, gain influence and attack our economy.

Source: www.telegraph.co.uk/news/2017/10/08/gchq-coming-shadows-protect-britains-economy-cyber-criminals/

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #9

Which type of access control model would we use if integrity is most important?
A: DAC.
B: RBAC.
C: MAC.
D: RUBAC.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


B: RBAC (Role Based Access Control): Often used when Integrity is most important. Policy neutral access control mechanism defined around roles and privileges. A role is assigned permissions, and subjects in that role are added to the group, if they move to another position they are moved to the permissions group for that position.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

IT Security: From Internet Society “NDSS Highlights the Best in Internet Security Research”

NDSS Highlights the Best in Internet Security Research | Internet Society

The nonstop news about Internet security vulnerabilities and incidents could lead one to despair for the future of the Internet. However, what often does not make the news is all the quality research that contributes ultimately to a more secure, private, and trustworthy Internet. Quality academic research that is open and easily accessible is one …

Source: www.internetsociety.org/blog/2017/08/ndss-highlights-the-best-in-internet-security-research/

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #8

Jane is tasked with looking at FIDM, which of these would she not consider.
A: Security tokens.
B: Microsoft Azure cloud.
C: RFID.
D: Windows identity foundation.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


C: RFID (Radio Frequency Identification) is used a variety of things including smart cards and not FIDM (Federated Identity Management).

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Certification: Competition time – Win a CISSP practice test! October 8th 2017

Competition time!

Enter to win a free CISSP Practice exam.

Rules:

To enter you must do these 2 to be eligible (+3 entries)

  1. Join the CISSP study group at https://www.facebook.com/groups/ThorTeaches/
  2. Like and comment on the competition post in the Facebook group.

Optional:

  1. Share this post on Facebook (+5 entries).

The Winner will be drawn at random after the competition is over and announced in the Facebook group!
If you already own all 4 practice tests, we can do an amazon gift card instead, but only available to people with all 4 tests ($10 value).
The competition ends October 14th at 12:00 HST (noon).

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading