The Official (ISC)² CCSP® Sybex Study Guide. ISC2 has released the third version of their study book for the CCSP®. This one is from scratch, it is two new authors and new technical editors as well. Click the article title to see the details.
Withing this articles you will find links to CCSP MindMaps for all of the domains of the CCSP. Those MindMaps were graciously contributed by Deepak Bhatia and are accessible by all members of the site.
Our mailing list is now hosted on Google Group to allow people to access it from their phone, tablet, laptop,, or any other devices. It is no longer restricted to only email. We welcome you to make use of the mailing list for all of your questions.
Here is a great document from the PCI Data Security Standard (PCI DSS) council on Penetration Testing. It is directly applicable to the new CBK coming our on tthe 15th April 2015. I highly recommend to read this to help you with the exam.
The role of nation-state actors in cyber attacks was perhaps most widely revealed in February 2013 when Mandiant released the APT1 report. Today we release a new report: APT28: A Window Into Russia’s Cyber Espionage Operations? This report focuses on a threat group that we have designated as APT28. Our report details additional information exposing ongoing, focused operations that we believe indicate a government sponsor based in Moscow.
BadUSB vulnerability is considered one of the worst IT vulnerabilities ever found.
Discovered a few months ago, this big security hole affects the way USB devices communicate with an operating system.
BadUSB is a major security flaw that allows online criminals turn a simple USB device, for example a keyboard, into a means of sending malicious commands from the user’s computer to trigger an action or contact a server controlled by hackers.
The forums on the site are accessible to all members, even non paying members. This is where you can ask questions and get answers quickly. You can also subscribe to the forums you like to get an email when an answer is provided.
Software Development security is an important domain on the exam. Lack of knowledge and involvement of Security in the SDLC is one of the main cause of the issues we have today with enterprise software. Look at this great article from Jeff William telling you HOW to do it properly and giving you great link to learn more.
Here is the release of my Physical Security CBT, it is 2 Hours and 35 Minutes of training. It is the most thorough tutorial and the best tutorial you will find to get ready for the CISSP exam.
Here is the release of my Operations Security CBT, it is 2 Hours and 3 Minutes of training. It is the most thorough tutorial and the best tutorial you will find to get ready for the CISSP exam.
Here is the release of my Software Development Security CBT, it is 52 Minutes of training available. It is the most thorough tutorial and the best tutorial you will find to get ready for the CISSP exam. This is Part 2 of 2.
SophosLabs has uploaded a new security awareness video that is really well done. In two minutes you can teach your users How to pick a proper password. This is one video all of your users should see.
The Critical Security Controls focuses first on prioritizing security functions that are effective against the latest Advanced Targeted Threats, with a strong emphasis on "What Works" - security controls where products, processes, architectures and services are in use that have demonstrated real world effectiveness. The actions defined by the Controls are demonstrably a subset of the comprehensive catalog defined by the National Institute of Standards and Technology (NIST) SP 800-53.
This is a magazine published in Egypt and it has great content. The magazine is totally free and you don't need to go through registration and loops to get it, simply click on the link and download it. The way it should always be.
A small video interview made by SecureNinja TV at Defcon this year. Alicia Webb speaks with Blackphone CSO Dan Ford about the company's new phone, it's security features, and gives SNTV a demo of how the custom Android-based PrivateOS and custom hardware work together.
CompTIA, the leading provider of vendor-neutral skills certifications for the world’s information technology (IT) workforce, today introduced a new version of its CompTIA Security+ exam. The new exam (SY0-401) is available immediately worldwide in an English language version. German and Japanese language exams will be introduced in the coming months.
Great presentation on DNS from Defcon done by Robert (Rob) Stucke.
A Rhode Island hospital must pay $150,000 after a data breach compromised more than 12,000 Massachusetts residents' personal information.
Government and business are under constant cyber attack and must learn to "take the hit," says the director of a new cybersecurity training programme.