The SSCP credential seems to be the most misunderstood and under appreciated of
those certifications offered by (ISC)2. In actuality, it is one of the most critical and
essential in the field. This is because the work of the SSCP is where the effectiveness
of information security is implemented. Few CISSPs have the technical skills necessary
to perform the hands-on implementation of the information security controls
that they determine to be necessary to effectively protect the critical and sensitive
resources of the organization.
In a mainframe environment, the SSCP role is usually performed by systems
programmers assigned to the security department. Otherwise, it would be the
responsibility of a system or network administrator from operations.
The security role of the SSCP is twofold. First, they are responsible for the
due care activity of correctly implementing and maintaining designated security
mechanisms. Second, they are in the best position to accurately evaluate the effectiveness
of the installed controls—the due diligence side of the equation.
The SCP certification domains are named after the seven major categories of
the SSCP Common Body of Knowledge (CBK). The CBK is a taxonomy of topics
and sub-topics that is updated annually by the SSCP CBK Committee composed
of international subject matter experts. Currently, the seven categories are:
◾Access Control
◾Analysis and Monitoring
◾Cryptography
◾Malicious Code
◾Networks and Telecommunications
◾Risk, Response, and Recovery
◾Security Operations and Administration
Wednesday, October 19, 2011
Monday, May 30, 2011
BackTrack 5
BackTrack 5 released on May 11.
BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tools collection to-date. Our community of users range from skilled penetration testers in the information security field, government entities, information technology, security enthusiasts, and individuals new to the security community.
Visit http://www.backtrack-linux.org/downloads/ to download your preferable flavor.
BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tools collection to-date. Our community of users range from skilled penetration testers in the information security field, government entities, information technology, security enthusiasts, and individuals new to the security community.
Feedback from all industries and skill levels allows us to truly develop a solution that is tailored towards everyone and far exceeds anything ever developed both commercially and freely available. The project is funded by Offensive Security. Whether you’re hacking wireless, exploiting servers, performing a web application assessment, learning, or social-engineering a client, BackTrack is the one-stop-shop for all of your security needs.
BackTrack 5 comes in several flavours and architectures. VM & ISO come with KDE & GNOME flavors.
Visit http://www.backtrack-linux.org/downloads/ to download your preferable flavor.
Saturday, April 30, 2011
Microsoft EMET
The enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent hackers from gaining access to your system.
Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc.
Download EMET
Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc.
Download EMET
Tuesday, March 8, 2011
Wordlists for Password Cracking
For those who are looking for Wordlists for password cracking (dictionary), you can download some good wordlists here:
http://www.outpost9.com/files/WordLists.html
http://wordlist.sourceforge.net/
http://www.openwall.com/passwords/wordlists/
and a password wordlist generator:
http://www.securiteam.com/tools/5ZP0N20GAW.html
http://www.outpost9.com/files/WordLists.html
http://wordlist.sourceforge.net/
http://www.openwall.com/passwords/wordlists/
and a password wordlist generator:
http://www.securiteam.com/tools/5ZP0N20GAW.html
Password Checker
Very good online Password Checkers...
Check this out:
http://www.passwordmeter.com/
and this...
http://www.yetanotherpasswordmeter.com/
Check this out:
http://www.passwordmeter.com/
and this...
http://www.yetanotherpasswordmeter.com/
Subscribe to:
Posts (Atom)