Re: [PEN-TEST] Cissp

["LaViscount, Philip" <Philip.LaViscount () COMPAQ COM>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,
        The reading list at the ISC2.org web site is pretty comprehensive
(and a bit of overkill).  The Tipton & Krause book (already mentioned)
is very important, as is taking the two CBK classes.  Be certain to
include at least one reputable text on Cryptography, details of the
various TCP/IP protocols, Common Criteria/TCSEC and EU assurance
standards and some references on Physical security, disaster recovery
and application/database security.
        The class really is the key element.  My instructors pointed out the
most useful references on the reading list (expect to spend about
$500.00 on books), areas which have lesser (or no) significance on the
test and Url's for material that is so recent that it is unlikely to
appear in written form.  You also go over practice questions and
discuss the rationale behind the answers and the references on which
the answers are based.
        Good Luck.
Regards,
Philip LaViscount, CISSP
Compaq Federal LLC
Compaq Professional Services Division
Enterprise Security Practice
Voice: (301) 614-1479  Fax: (301) 614-2426
Internet: Philip.LaViscount () Compaq com
Skyword Pager: (800) SKY-8888 PIN 1338271


- -----Original Message-----
From: Sassaman, Kim [mailto:Kim.Sassaman () SCHWAB COM]
Sent: Monday, September 11, 2000 19:20
To: PEN-TEST () SECURITYFOCUS COM
Subject: Cissp
Importance: High


This is off topic but what resources did you use to study for the
CISSP
certification.  Im looking into taking the exam and was wondering if
there
were some better refrences than the study guide availiable??

Kim Sassaman
Charles Schwab, Inc.
Technology Innovation
Information Security Services
Senior Staff - Access Engineering
2343 East Lincoln Drive
Phoenix, AZ 85016
Member: SIPC/New York Stock Exchange
[Work] 602-355-3330
[Mobile] 602-421-4916
[MobileMail] 6024214916 () mobile att net
<mailto:6024214916 () mobile att net>
[Pager] 877-568-4936
[PageMail] 8775684936 () skytel com <mailto:8775684936 () skytel com>
WARNING: All e-mail sent to or from this address will be received
orotherwise recorded by the Charles Schwab corporate e-mail system and
issubject to archival, monitoring or review by, and/or disclosure
to,someone other than the recipient.



- -----Original Message-----
From: Meritt, Jim [mailto:Jim.Meritt () WANG COM]
Sent: Monday, September 11, 2000 12:40 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Testing a "rogue site"


Concur.  To have a system to secure, you need the system.

Has anyone noticed that the original question was totally
non-technical?

There seems to be a belief that all that is involved is technical.
There is
more to it than that.  How do you write up what you find?  How do you
"sell"
it (to management). The business aspects appear to be totally
overlooked.

The "dot coms" thought that way.  Notice the business failures?

_______________________
The opinions expressed above are my own.  The facts simply are and
belong to
none.
James W. Meritt, CISSP, CISA
Senior Information Systems Security and Audit Analyst, Information
Assurance
Center of Excellence
Wang Government Services, Inc.


- -----Original Message-----
From: Karyn Pichnarczyk [mailto:karyn () SANDSTORM NET]
Sent: Monday, September 11, 2000 12:47 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: Testing a "rogue site"



[snip]

I totally disagree with the two rules stated above.  yes, You need
your
company's written approval of your responsibilities.  But unless you
go by
the One and Only rule, you will not last long in the security trade:

1. Business Must Continue.

If this rule is not followed, then it doesn't matter how good or bad
the security posture is: the company just won't exist!


[snip]

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2

iQA/AwUBOb5bw2HgLKiweGxtEQL0dACguK7cz91Uy0CNxe7zlF5k6YdOtmEAoJ2B
WchqjzLVxCJR/FFxqb7TcdT0
=pJBY
-----END PGP SIGNATURE-----