SACS CISSP Core Overview

Monday morning ‘quickie’

All 10 domains in a core overview.  Click to go to the YouTube playlist

Regards
Mervin Pearce

Read More

CISSP Domain 7 and 8 podcasts available

CISSP Domain 7 and 8 podcasts available

Another two domains have been added today looking at some podcasts for a quick review.  They are available to listen online or can be downloaded from SoundCloud

More will be added as we go along with reviews.

Read More

New online courses added

New online courses added

The ability to learn at your own pace without breaking the bank has a few advantages.  Any previous learner will get a special discount on any course.   Costs will be kept realistic as we believe electronic delivery should be much more realistic due to the usage of technology.

First courses being delivered with many in the pipeline which will the prioritised… some courses will be available at no cost and we have specials for previous SACS learners.

  1. CISSP Boot Camp – Taking what we have done over more than the last decade into a eLearning solution
  2. Penetration Testing -
  3. Barefoot IT Auditor – From crawling to Running

If  you want any additional details on any of the upcoming courses… make sure you are subscribed to the training list. Subscribe here

An extract fro...

Read More

Law and Ethics Domain Podcast available

Law and Ethics Domain Podcast available

A short podcast which is available as a download covers domain 9 in the CISSP CBK which is Law, Regulations, Investigations & Compliance and is just over 34 minutes long.  This is to cover some information and not be too ‘in-depth’

Listen on SoundCloud (Downloadable)

Read More

Corruption – how can this be stemmed?

Corruption – how can this be stemmed?

Listening to the radio one morning dropping of my son at school, there was a prank call to a lady that said she was offered a bribe by a police officer for not stopping properly at a stop sign.  The overwhelming results from the listeners in the area was phoning in, tweeting, emailing and text message sharing their experiences with corrupt traffic officers in the area.  One phoned in to complain that this has been an article in the local news paper about two years ago and NOTHING has been done to address this.

I have been stopped once and I was told I was speeding and was offered to make up my own amount to pay as the actual fine is R800 (approx $80)...

Read More

Ransomware – A Real Threat

Ransomware – a real threat

I have seen the ‘Ransomware’ increasing as a persistent threat and although there is a simple solution, in the event of the threat realisation, which is backups.   As soon as you lose access to your data, you can retrieve a backup copy.  The problem exists which

The following video is a small example of a file that came into my email and how you can use a free service such as VirusTotal to check for a possible threat.  The video is 6min long and just shows some tricks that the fraudsters use to see if they can get users to click on the file.

The ‘ransomware’ in this case was sent from an email server in Mauritius however, this most certainly is also compromised.

VirusTotal

Practice SAFE HEX!

Read More

OpenSSL Heartbleed Security Vulnerability – My 2c

OpenSSL Heartbleed Security Vulnerability  - My 2c

I have been involved with developed for a very good part of my life and have advocated the following statements when delivering Information Security Training mostly to solicit reaction from the converted.

“Heartbleed,the hole in the internet’s security that exposed countless encrypted transactions to any attacker who knew how to abuse it.”

“Open Source software is software that failed elsewhere”  When I get a lot of reaction from the audience I will explain my reasoning with examples which I feel strongly are:

  1. Open Source is an excellent way for start-ups or developers to get the public to beta test their software without forking out actual $ for testers.
  2. Once you have a great following, take you software from Open Source to a commerci...
Read More

CISSP Assessment – 250 Questions Online – Creative Commons

CISSP Assessment – 250 Questions Online – Creative Commons

I have looked around and found a document of 250 questions created by Alfred Ouyang and it is licensed under  ‘Creative Commons: Attribution, Non-Commercial, Share-Alike’.  So you can either do it via grabbing the document however, we have decided to put this up onto a web front-end and in the spirit of Creative Commons, giving it a nice push

This is available at no cost however you need to create a User ID that has to be verified by yourself in an email.

http://sacs.co.za/elearning/

You can have as many attempts as you like, and we are busy adding more at the back-end.  Make sure you subscribe to the SACS CISSP Question-A-Day to make you get notification as we roll out new items.

Practice Safe HEX!
Mervin Pearce (CISSP-ISSAP)

Read More

CISSP – Physical (Environmental) Review – Podcast

CISSP Domain 10 – Physical (Environmental) Security  34 minute Review , available on Soundcloud.

CISSP Physical (Environmental) Security Review

 

Read More

Digital Forensics – 101

Digital Forensics – 101

Evidence Collection

We have seen that digital forensics is getting a lot of attention and many want to dabble in the process.  A very important fact to remember is that the evidence is critical as well as the steps taken to make sure it is admissible as evidence.  The last thing you want is to have your evidence ‘tainted’ and thrown out due incorrect procedures taken.  This means that the evidence needs to be collected using tested and proven procedures… and documented all the time.

Evidence is Volatile

You need to collect evidence in the order of volatility starting with those that are most volatile.  This means if it is RAM content you need you will start there as it will disappear as soon as you switch the workstation or server off...

Read More