Business Continuity Blog

Posts Tagged ‘CISSP’

Tutorial white papers on cryptography

Part one:
http://www.securityhorizon.com/journal/spring2006.pdf

Part two:
http://www.securityhorizon.com/journal/summer2006.pdf

The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA) . For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgeable in public key certificates issued by the CA.

The term trusted third party (TTP) may also be used for certificate authority (CA). The term PKI is sometimes erroneously used to denote public key algorithms, which do not require the use of a CA.

Duration : 0:4:22

Read the rest of this entry »

Music video by Max Quasar with clips of the Relativity Week 129 ET (Einsteinian Time) security conference in Philadelphia.
Starring:
Richard Thieme
Marie Murphy
Ralph Echemendia
Larry Greenblatt
Tom Updegrove
Ish Payne and Team Martial Posture
Ed Lopez
Rob Dittert
Vince Johnson
Zen One Dance Collective
Capoeira:
Ron “Zen One aka Prof. Pardal” Wood
Richie “Bboy Zero” Collazo
Breakin
Renee “Smiles” Collazo
Chad “Brown Bear” Bernardino
Video Produced by Otto Capobianco
Infosec technologies and standards include:
ISO/EIC 27001
NIST SP800-100
ISC2 CISSP
ISACA CISM CISA
CompTIA Security+
DoD 8570
PKI
NASA artwork by:
Don Davis and Rick Guidice
Original Music: Otto Capobianco

Duration : 0:6:23

Read the rest of this entry »

Music video by Max Quasar with clips of the Relativity Week 129 ET (Einsteinian Time) security conference in Philadelphia.
Starring:
Richard Thieme
Marie Murphy
Ralph Echemendia
Larry Greenblatt
Tom Updegrove
Ish Payne and Team Martial Posture
Ed Lopez
Rob Dittert
Vince Johnson
Zen One Dance Collective
Capoeira:
Ron “Zen One aka Prof. Pardal” Wood
Richie “Bboy Zero” Collazo
Breakin
Renee “Smiles” Collazo
Chad “Brown Bear” Bernardino
Video Produced by Otto Capobianco
Infosec technologies and standards include:
ISO/EIC 27001
NIST SP800-100
ISC2 CISSP
ISACA CISM CISA
CompTIA Security+
DoD 8570
PKI
NASA artwork by:
Don Davis and Rick Guidice

Duration : 0:3:48

Read the rest of this entry »

You’ve seen bot code and you’ve seen how bots attack. Now learn the countermeasures, defenses, and Firebox tricks that render bots “Dead On Arrival” for your network. Hosted by Corey Nachreiner, CISSP
http://www.secumania.org
http://forums.secumania.org

Duration : 0:10:1

Read the rest of this entry »

This is a short review of the CISSP exam

This is the beat to the song “never gonna give you up” by Rick Astley

Thanks Rick

Duration : 0:3:43

Read the rest of this entry »

http://www.logicalsecurity.com

A cost benefit analysis compares countermeasure costs with money saved by having it in place

After an analysis is completed on the assets, their threats, risks, & countermeasures are identified

A cost benefit analysis compares countermeasure costs with money saved by having it in place
Cost of countermeasure = cost of purchase, maintenance, affects on productivity, updating, interoperability
Only by understanding the cost & benefit of a countermeasure can a good business decision be made

ALE Before Implementing Countermeasure

ALE after Implementing Countermeasure
For more information goto www.logicalsecurity.com

Duration : 0:9:42

Read the rest of this entry »

(ISC)² Founders discuss the early challenges of the organization.

Duration : 0:6:12

Read the rest of this entry »

Incident Response is the planning and preparation performed prior to a security attack. This brief tutorial is an introduction to developing an incident response team and their roles and responsibilities including PR-Public Relations. In addition, this tutorial provides an introduction into computer forensics which is the study of computer technology and how it related to the legal system. Lastly, this tutorial reviews some of the initial “first steps” to computer CSI-computer scene investigation.

Duration : 0:6:31

Read the rest of this entry »

http://www.logicalsecurity.com
In this video well demonstrate offline password cracking using John The Ripper tool.

Lets first change to the directory where John is located. Here you can see some important binaries used by John.
First well execute the unshadow script which will merge the /etc/pass and /etc/shadow files into a single file, called crack.db. This file will be used by John for password brute force attack.

Lets see the content of the crack.db file

You can see there are various option that can be used for cracking password using John.

You can see that the brute force attack we previously initiated is still under progress.
John has now discovered the password toor for the user root.
Now lets uses the —show switch to display the password in plaintext.
John stores the obtained passwords in the john. Pot file.

You can see that the dictionary attack (in console 2) has now been completed and john has revealed 4 passwords.
Youll notice that the dictionary attack was much faster than the brute force attack carried out earlier.
The program has now stored all the obtained passwords along with their respective hashes in the john.pot file.
You can also see the plain-text password in pass-hases.db (used in the dictionary attack).

Review full Chapter at http://www.logicalsecurity.com/resources/resources_videos.html

Duration : 0:7:4

Read the rest of this entry »

http://www.issa-la.org/Default.aspx?id=1060

ISSA LA – Certified Information Systems Security Professional (CISSP) Training
Dates:
November 16th-19th, 2009

Location:
UCLA Extension
Room 408
1010 Westwood Boulevard,
Los Angeles, CA, 90024

Pricing:
Early Discount Sign-ups (ISSA members and Full Time students) $1500 (Discounted pricing extended to Oct. 31st, after which pricing will be $1650 for ISSA members)

For payment via other methods, such as check and PO, or company/group discounts contact Mikhael Felker (education_director@issa-la.org)

Instructor:
Dr. Eugene Schultz, CISM, CISSP
Chief Technology Officer, Emagined Security

Course Description:
Of all the information security-related certifications available, no certification is held by more information security professionals than the Certified Information Systems Security Professional (CISSP) certification. This course thoroughly covers the 10 Core Body of Knowledge (CBK) areas represented within the examination:

Duration : 0:5:45

Read the rest of this entry »