cissp

Did I violate my code of ethics?

Dave Farquhar security , ,

The CISSP exam (and any other (ISC)² exam) asks a few ethical questions. This question isn’t quite clear-cut enough for the test, I don’t think. But if you’re wondering what the test is like, this actually isn’t a bad thing to work through. My ethical questions on the test were more clear-cut than this, but the security questions weren’t.

Read more

One road to the CISSP: Do SSCP first

Dave Farquhar security , , , , , , ,

As my crazy week wound down, I had a number of visitors, including someone who’s been on the fence about taking the CISSP. She wanted some advice. The (ISC)² Code of Ethics says to give generously of such things when asked, so we talked for about 30 minutes. Read more

Change your Linkedin password now

Dave Farquhar security , ,

If you use the professional social networking site Linkedin–which I recommend, albeit now with caveats–you need to be aware that someone stole at least part of its passwords database and leaked it onto the Web. You should assume your password is among the stolen passwords and change it.
Read more

Only eleven percent of used hard drives contain recoverable data?

Dave Farquhar Hardware, security , ,

I read the shocking news that 11% of used hard drives in the UK contain recoverable personal data.

The news is shocking, of course, that it isn’t much higher. Read more

The real benefits of having a CISSP

Dave Farquhar security , , , , , ,

Another question from the big box o’ Google search queries: What are the real benefits of having a CISSP?

I don’t want to be flip, but here it is in two words: job security. Read more

Don’t call the war on hackers unwinnable

Dave Farquhar security , , , , , , , ,

John C Dvorak asks what war we’re waging on hackers. While war may not be the best choice of words, because it’s not exactly a conventional war, there’s no question there’s something going on, and we’re not winning it right now.

The latest salvo is that someone in China is building a botnet using Macintoshes. Read more

Quit sniveling about a tech skills gap and train your workers

Dave Farquhar Uncategorized , , ,

Infoworld tells employers to quit sniveling about their workers not having enough skills and train them.

Sounds good. It worked in the organization where I work.

Read more

The old days of viruses

Dave Farquhar security, Viruses , , , , , , , , , , , , , , , ,

Blogging pioneer John Dominik, inspired by my Michelangelo memories, wrote about his memories of viruses later in the decade. So now I’ll take inspiration of him and share my memories of some of those viruses. I searched my archives, and at the time it was going on, I didn’t write a lot. I was tired and angry, as you can tell from the terse posts I did write.

Read more

A cloud computing-related Security+ question

Dave Farquhar security , , , ,

Someone tossed a Security+ study question my way this week. This is an example of Security+ trying to be CISSP Lite, but it’s still a valid question–probably for either test, and for SSCP and CISM too.

A small not-for-profit organization needs to invest in a new expensive database. There is no budget for additional servers or personnel. Which of the following solutions would allow it to save money by avoiding hiring additional personnel and minimize the footprint in their current datacenter?

A. Linux
B. Software as a Service (SaaS)
C. Infrastructure as a Service (IaaS)
D. Platform as a Service (PaaS)

Let’s take it one at a time.

Read more

How to pass CISSP: Test taking strategies

Dave Farquhar security , , , ,

The CISSP is a 250-question, multiple-choice test. You have six hours to complete it. It’s not like any college final I ever took, though cramming all of finals week into a six-hour session is almost a fair comparison. If you’re wondering how to pass CISSP, I can’t guarantee my method, but I’m glad to share what worked for me.

Read more