Cissp
From Terminal23wiki
This is me making an attempt to track my CISSP CPE accrual.
Contents |
2011-2012
Webinars/Presentations
tracking: CPEs claimed, date, length of webinar, name, link, audit documentation, and why it is relevant
1 CPE - 9/5/2011 - 40 mins - http://it.toolbox.com/blogs/securitymonkey/defcon-19-talks-steal-everything-kill-everyone-cause-total-financial-ruin-48232 Steal Everything, Kill Everyone, Cause Total Financial Ruin (with Jayson Street, Defcon 19)] (screenshot available)
Description: Jayson Street talks about getting a bit nasty when thinking about physical security, data security, and personal security. Basically, take off the kid gloves and think about an immoral attacker breaking into your facility and what he can do.
1 CPE - 11/10/2011 - 51 mins - http://www.brighttalk.com/webcast/288/36833 Cyber Security: What You Should Know to Stay Safe (with Dr. Doug Jacobson, ISU, BrightTalk webinar)] (screenshot available)
Description: Dr. Jacobson asserts that while security offers up decent technology, it's not enough and really ends up giving users a false sense of security, especially as attacks increasingly target the users themselves. The point of this webinar is ways to make people literate in the area of security, but rather than being something geared directly towards users, this webinar is somewhat geared towards those who are doing the educating.
2009-2011
Webinars/Presentations
tracking: CPEs claimed, date, length of webinar, name, link, and why it is relevant
1 CPE - 4/9/2010 - 60 mins - Enterprise Logging and Log Management: Hot Topics (with Anton Chuvakin)
Description: Anton Chuvakin talks about log management in an enterprise, how organizations approach log management and analysis, common pitfalls that occur, and drivers for log analysis.
1 CPE - 10/5/2010 - 60 mins - Magic Numbers: An in-depth guide to the five key metrics for application security (Rafal Los, HP)
Description: Rafal Los goes over 5 key performance indicators (KPI) for application security programs. WRT (weighted risk trend) to illustrate which applications are most important or have the most risk. DRW (defect remediation window) to illustrate the man-hours needed to identify and close security defects anywhere in the DLC, which should hopefully show a decrease to illustrate improved fundamental security. RDR (rate of defect recurrence) to illustrate developer maturity. SCM (specific coverage metric) to illustrate the full impact or functionality of an application (known vs unknown). SQR (security to quality defect ratio) to demonstrate value to overall quality efforts (total sec defects over total defects). Plus some illustrations on how to create more KPIs.
1 CPE - 10/6/2010 - 60 mins - Hacking Horror Stories presented by Lars Ewe (Cenzic) and hosted by John Strand (Pauldotcom)
Description: Lars Ewe presents common hacking attacks taken from recent happenings, illustrating authentication, session management/authorization, XSS, and SQLi attacks.
1 CPE - 10/7/2010 - 60 mins - Establishing real-time continuous visibility and control over all of your network endpoints in days (Sandy Hawke, BigFix and Nate Howe, Western Federal Credit Union)
Description: Presentation about coming to grips with patch management with BigFix's endpoint management solution.
1 CPE - 10/20/2010 - 60 mins - Pushing Past Sound-Bytes A closer look at the Verizon DBIR (Josh Corman, 451 Group and Alex Hutton, Verizon Business)
Description: Josh and Alex talk about security and compliance and threats today. Key points: We now fear the auditor more than the attackers; and compliance is not equal to security. Alex goes through some of the big topics and changes in the 2010 DBIR.
1 CPE - 11/2/2010 - 60 mins - An Introduction to Metasploit Pro (HD Moore, Rapid7)
Description: Overview, discussion, and demo of Metasploit Pro.
Podcasts
tracking: CPEs claimed (roughly 1 CPE / 2 hours), date, length of podcast, name, link, and why it is relevant
.5 CPE - 3/22/2010 - 1 hour - Securabit Episode 52 mp3
Interview and chat with Brian Krebs from krebsonsecurity.com. Lots of great discussion on Zeus bot, APT, and especially organized cyber crime.
.25 CPE - 3/22/2010 - 42 mins - Southern Fried Security Podcast Ep 8 mp3
Topics for discussion: Verizon Incident Sharing Framework, the cost of pursuing PCI compliance, live demos of web security issues makes a nice way to prove your case, and the role and focus of the CISO.
.5 CPE - 3/25/2010 - 60 mins - Southern Fried Security Podcast Special Ep mp3
Topics for discussion: Interview with Josh Corman from 451 Group, Rugged Software
.25 CPE - 4/22/2010 - 40 mins - Southern Fried Security Podcast Ep 10 mp3
Topics for discussion: What oursourcing your IT means to security, NSA $902 million budget reactions, and an absolutely great discussion with DarkOperator about getting started and involved in security. Key points: start a blog and read others and get on Twitter; drop the ego; contribute and help others; give credit; and if you have information, pass that information on.
Other
5 CPE - 3/22/2010 - subscription to InfoSecurity magazine
2 CPE - 3/15/2010 - (ISC)2's InfoSecurity Professional Magazine Quiz 1
2 CPE - 3/22/2010 - (ISC)2's InfoSecurity Professional Magazine Quiz 2
2 CPE - 3/22/2010 - (ISC)2's InfoSecurity Professional Magazine Quiz 3
2 CPE - 3/26/2010 - (ISC)2's InfoSecurity Professional Magazine Quiz 4
2 CPE - 3/26/2010 - (ISC)2's InfoSecurity Professional Magazine Quiz 5
2 CPE - 3/26/2010 - (ISC)2's InfoSecurity Professional Magazine Quiz 6
2 CPE - 3/26/2010 - (ISC)2's InfoSecurity Professional Magazine Quiz 7
2 CPE - 3/26/2010 - (ISC)2's InfoSecurity Professional Magazine Quiz 8
2 CPE - 4/09/2010 - (ISC)2's InfoSecurity Professional Magazine Quiz 9
