Just launched my free CISSP Essentials course on Udemy.

I JUST launched my FREE CISSP Certification Essentials course on Udemy, as the kickoff for my Early Bird Black Friday sale.
 
This is NOT curriculum for the 8 domains, it is:
  • A short introduction to the CISSP and tips on how you can study successfully.
  • 80 Free practice questions (10 from each domain).
  • Why you want to get certified.
  • The domains at a high level.
  • Study materials.
  • Practice test approach.
  • Exam day.
  • What to do when you pass.
  • What to do when you fail.
 
Link to the Free CISSP essentials course on Udemy:
If you like the free course and you think it could help other CISSP students please leave a review when it asks you to 🙂
It helps both future students as well as me, the key to success on Udemy is reviews (even on free courses).
 
My full CISSP curriculum course is still being recorded and released as soon as it is ready.
It is currently it is around 20 hours long, and will be available at the same price as my practice tests $10.
 
Also part of my Early Bird Black Friday sale, you can also get my 4 CISSP practice exams for $10 each.
  test1-150
test2-150
test3-150
Continue Reading

IT Security from csoonline.com: “Cybersecurity Budgets Across the Globe”

Cybersecurity Budgets Across the Globe

According to a recent AT&T-sponsored survey, the type and amount of your cybersecurity investments may be significantly influenced by the region in which your organization is based. On average, the AT&T 2017 Global State of Cybersecurity survey found that companies located in Asia-Pacific (APAC) are investing more heavily in cybersecurity defenses and cyberinsurance than their counterparts in the U.S. and EMEA..

For example, 58 percent of APAC respondents said they were allocating 10 percent or more of their organization’s budget to cybersecurity, compared to just 47 percent of EMEA respondents and 39 percent of U.S. respondents. That disparity is likely to grow even greater, with 40 percent of APAC companies expecting cybersecurity budgets to increase – by an average of 18 percent – in the coming 12 months.

Source: www.csoonline.com/article/3235133/data-breach/cybersecurity-budgets-across-the-globe.html

Continue Reading

CISSP Practice question #40

A security audit has determined we have some rather large security flaws in our organization. The IT Security team has been asked to suggest mitigation strategies using the OSI model, what could we use for layer 3?
A: Access Lists.
B: Shut down open unused ports.
C: Installing UPS’ in the data center.
D: Start using firewalls.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


A: ACL (access control list) is a sequential list of permit or deny statements that apply to the IP address and or upper-layer protocols. Packet filtering works at the network layer (layer 3) of the OSI model.

show less

Continue Reading

IT Security from AICPAGlobal: “Beat the Breach Webcast”

Beat the Breach Webcast

Combining the strengths of the American Institute of CPAs and the Chartered Institute of Management Accountants, we empower the world’s most highly-skilled accountants – CPAs and CGMAs – with the knowledge, insight and foresight to meet today’s demands and tomorrow’s challenges.

Protect your business’s most important asset – data. Robert Herjavec speaks with Association of International Certified Professional Accountants CEO Barry Melancon, CPA, CGMA, on cybersecurity trends and best practices.

This free, archived web event is designed for business executives, IT security officers, risk officers, cloud service providers, boards of directors, US CPA firms and their clients and anyone interested in having a robust cybersecurity program.

Source: www.aicpaglobal.com/cybershark

Continue Reading

CISSP Practice question #39

Why would a company use multiple types of data destruction on sensitive data?
A: Because it is easier than just a single type of data destruction.
B: To ensure there is no data remanence.
C: To ensure data is still accessible after the destruction.
D: To make sure we have the old drives available.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


B: It is common to do multiple types of data destruction on sensitive data (both degaussing and disk crushing/shredding). While it may not be necessary, it is a lot cheaper than a potential $1,000,000 fine or loss of proprietary technology or state secrets.

show less

Continue Reading

IT Security from TheSSL Store: “Cyber Security News Roundup: Introducing the Daily Edition”

Cyber Security News Roundup: Introducing the Daily Edition

It’s time to kick off another week – the first full week of November – with a new daily feature. The daily news roundup will cover the most interesting stories from the previous day (or in Monday’s case, the weekend). Let us bring the news to you! Of course, we’ll continue on providing our usual content as well. Now there will just be twice as much of it!

So, sit back. And start your Monday off with the most interesting cyber security news from the past weekend:

Source: www.thesslstore.com/blog/cyber-security-news-roundup-11-6-17/

Continue Reading

CISSP Practice question #38

What does IAAA do?
A: Provide a framework where we authorize, identify and authenticate our users and hold accountable for their actions.
B: Provide a framework where we provide integrity, authenticate, authorize our users and hold accountable for their actions.
C: Provide a framework where we identify, authenticate, authorize our users and make sure the data they need is available.
D: Provide a framework where we identify, authenticate, give users access dependent on their job title.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


A: IAAA is Identification and Authentication, Authorization and Accountability, we identify our staff, have them authenticate, authorize them to access what they are permitted and hold them accountable for their actions.

show less

Continue Reading

IT Security from ModernHealthCare: “Cybersecurity threats pose biggest healthcare hazard, ECRI reports”

Cybersecurity threats pose biggest healthcare hazard, ECRI reports

The patient-safety organization recommended healthcare organizations take a proactive approach to cybersecurity to minimize the threat of ransomware and other malware.

Malware attacks in healthcare can put patient safety at risk, shutting off access to records, taking down medical devices and interrupting supply chains, according to a new report from the ECRI Institute that puts ransomware and cybersecurity threats at the top of its technology hazards list for 2018.

To prevent cyberattacks, healthcare organizations must be proactive and engage their employees in safeguarding efforts, according to the ECRI Institute, a patient-safety not-for-profit.

“This is an issue that needs to be tackled by all different departments within a healthcare facility,” said Juuso Leinonen, ECRI’s product officer for health devices. “The collaboration between different departments, even the clinicians, is key to successful cybersecurity.”

Source: www.modernhealthcare.com/article/20171106/NEWS/171109934

Continue Reading

CISSP Practice question #37

Brute force can break any password, even one-time pads, is that a problem?
A: Yes, if broken the one-time pad is useless.
B: Yes, The attacker would have the key.
C: No, there would be too many false positives for it to matter.
D: Brute force can’t break one-time pads.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


C: Brute Force attacks uses the entire key space (every possible key), with enough time any plaintext can be decrypted. Effective against all key based ciphers except the one-time pad, it would eventually decrypt it, but it would also generate so many false positives the data would be useless.

show less

Continue Reading

Throwback Sunday – my first computer was a C64 0_o

This Old-Ass Commodore 64 Is Still Being Used to Run an Auto Shop in Poland

Hell yeah.

We need to learn a lesson about needless consumerism from this auto repair shop in Gdansk, Poland. Because it still uses a Commodore 64 to run its operations. Yes, the same Commodore 64 released 34 years ago that clocked in at 1 MHz and had 64 kilobytes of RAM. It came out in 1982, was discontinued in 1994, but it’s still used to run a freaking company in 2016. That’s awesome.

Source: sploid.gizmodo.com/this-old-ass-commodore-64-is-still-being-used-to-run-an-1787196319

Continue Reading