Sponsors

Friday, May 29, 2009

President Obama Prioritizes Computer Security for America

How cool it is to have a President who understands technology and the risks associated with it, and what needs to be done to protect it. This is a very powerful stance and message coming from the White House, which will bring more awareness and provide better protection of our nations cyber Infrastructure.

A great day for the Information Security field!

President Obama Declares Americas' computing infrastructure "A Strategic National Asset"



FULL VIDEO (17 minutes)



Julius

Thursday, May 28, 2009

How To Pass The CISSP Exam




How To Prepare For and Pass The Certified Information Systems Security Professional (CISSP) Exam


The CISSP security certification for an IT Security Professional is a must have and it is becoming increasingly difficult to gain employment as an Information Security Professional without it. PayScale.com reports that the average salary for a person with a CISSP certification, with 1-4 years experience is $71,000.

The main focus and purpose of Information Security is to provide (CIA):
  • Confidentiality
  • Integrity
  • Accessibility 
This is known as the Security Triad.

The Security Triad (CIA) protects:
  • People
  • Processes
  • Technology


Julius Clark's Recommendation to Successfully Pass the CISSP examination

  • First, give yourself 3-6 months to prepare before you schedule to sit for the exam.
  • Read the CISSP for Dummies or the Mike Myers CISSP Certification Passport ; both of these condensed books are great and are perfect to get you started at the 50,000 ft level first!.


  • These publications are small enough to get your mind focused on the main aspects of the Common Body of Knowledge (CBK); The 10 Domains of Information Security as taken from the British Security Standard BS7799, (a.k.a, ISO/IEC 17799 and ISO/IEC 27001:2005); you can easily read through these condensed CISSP study guides within one to two weeks. Don't dive straight into the larger CISSP study books just yet!

  • Now on to some FREE CISSP instructor lead training! Go to CCCUR.org and register for a FREE account. This course is very similar to the official week long (ISC)2 training course costing over $2,500, but again this is FREE. Once registered go to: Tutorials > CISSP Tutorial > Veridon and start viewing the training videos in the following order:

    • Information Security and Risk Management;
    • Access Control;
    • Security Architecture and Design;
    • Application Security ;
    • Cryptography;
    • Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP);
    • Telecommunications and Network Security;
    • Legal, Regulations, Compliance and Ethics;
    • Operations Security;
    • Physical Security.

  • After you read through one of the books mention above and watched all of the FREE training videos on CCCUR.org, you are now ready to read through a bigger CISSP study guide, such as the Shon Harris All-in-One Study Guide;


  • Purchase the most recent version. Reading a larger CISSP study guide should be slow. Take your time and learn the security principles and theories of Information Security, because you are greatly needed by society to help protect computing systems from harm; man-made or natural.


  • As you finish each chapter read more information regarding the particular domain. You would want to download NIST (National Institute of Standards and Technology) documents that your good old tax dollars pay for. These guides contain lots of information, but they are easy to read. They will help you make sense of the material you are reading from the Shon Harris study guide and help you in your career as an Information Security professional. Most corporations use the NIST security publications as a main guide and blueprint to design their corporations IT security architecture. 






      • SP 800-12 An Introduction to Computer Security
      • SP 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems
      • SP 800-30 Risk Management
      • SP 800-34 Contingency Planning Guide for Information Technology Systems
      • SP 800-86 Guide to Integrating Forensic Techniques into Incident Response
      • SP 800-100 Information Security Handbook: A Guide for Managers
      • SP 800-115 Information Security Testing and Assessment


  • Take the tests at the end of each chapter in the book.
  • Take the Quizzes on the CCCUR.org website. This site is the BEST on the internet for FREE CISSP study and the test engine is very customizable to help you with your study and testing.

  • Study the (ISC)2 Code of Ethics. This is one of the easiest ways to get points on the CISSP exam, because you are guaranteed to be tested on them.

In addition, if you are new to the IT Security field, or have no experience and want to change your career consult with me at:


This is what I used to study for and pass the exam so study well, good luck and I will see you after you pass the exam and join the prestigious club of Certified Information Systems Security Professionals!

Enjoy!

Sincerely,

Julius Clark, CISSP





Friday, May 22, 2009

First Black Woman CEO for a Fortune 500 company



First Black Woman Named as CEO for a Fortune 500 company

I personally want to congratulate Ms. Ursula Burns for earning the Chief Executive Officer (CEO) position at Xerox, the pioneer and giant in the photo copier industry. This for me is on the same level as having elected the first Black U.S. President. Black women are too often seen as supporters of leaders in corporate America. Through hard work, Ms. Burns has shattered the glass ceiling that keeps other Black women from acquiring a corporation's top job.

Retiring CEO, Anne Mulcahy had the following praise for Ms. Burns:

"For the better part of the past decade, she has been at my side helping to turn Xerox around," Burns will join the ranks of four other Black CEOs, as well as 15 other women who sit in the CEO chair at Fortune 500 Companies.

I would like for my 12 year old daughter to learn more about women like Ursula Burns, regardless of race, because of the significance it has in building a girls' self-esteem. Additionally, it is always exciting when there is something different and there is a new hero for millions of individuals to look up to and emulate.

Ursula Burns epitomizes the BDPA creed "From the Classroom to the Boardroom".

It is also noteworthy that she did this sporting a natural African American hairstyle!

The global corporate culture can't help but keep changing and I am so glad to witness progress for women CEOs in my lifetime.

Hot Innovating Xerox Product

Xerox Corporation this year launched the world's first high-speed solid ink multifunction printer, which cuts the cost of color pages by up to 62 percent compared to traditional color lasers - without compromising print quality. Utilizing Hybrid Color Plans, customers pay only for the amount of color they use on a given page. For example, an office document with a logo and small graphic will cost the same as if it were printed in black: one penny!


Career Highlights

Company: Xerox

  • Company Assets: $18 Billion

Positions Held

  • Started as an summer Mechanical Engineering Intern in 1980.
  • Named company president in 2007

Education:

  • BS in from F Univ
  • Master's Degree in Mechanical Engineering, Columbia.

Personal:

  • Wife
  • Mother of two
  • Avid Biker




Reference:

http://www.cnbc.com/id/30884640




Thursday, May 21, 2009

LooksTooGoodToBeTrue.com


While the Internet can be a safe and convenient place to do business, scammers are out there in "cyber world" targeting unsuspecting consumers.


The Looks Too Good To Be True.com website was built to educate you, the consumer, and help prevent you from becoming a victim of an Internet fraud scheme.

Wednesday, May 20, 2009

Personal Password Security


Phishing Attacks on Facebook Users Point to Efforts to Mine Login Data for Profit

People...You are going to have to change your computer security habits to not become a victim of computer crimes!!!

"Two-thirds of US consumers surveyed use the same one or two passwords for all web sites they access that require authentication," said Gregg Kreizman, research director at Gartner.

Steps to Make a Habit to Mitigate Your Risk!!!

According to the article the following best practices should be learned and followed to prevent cyber crime.

  1. Use complex passwords and unique ones for each site. My method? Pick one string of letters and numbers and then add the first letter from the website’s name. For example: if my password “string” were “abc123$” then my Facebook password would be “Fabc123$”.
  2. Maintain an up-to-date browser and operating system. Use security software, such as Norton Internet Security 2009. Check out Web safety services such as Norton Safe Web, where a community of Web users collaborates to report dangerous phishing and malware sites.
  3. Double-check you’ve arrived at your destination. When clicking over to Facebook (or any site) make a habit of looking at what appears in the address line. You might not always be able to spot a fake site, but in the case of this particular scam, it’s obviously not www.facebook.com.
  4. Be suspicious of requests to enter your account name and password.
I will recommend a 5th step.

5. Google "Password Managers" and seriously consider using if you have multiple online accounts especially financial or medical records.

Read more on research performed about computer users bad password practices:

Poor password practice putting users at risk

Julius Clark, MBA CISSP, CISA
Information Security Professional



Sunday, May 17, 2009

What To Do If Your Cell Phone Is Stolen or Lost

  1. Record your cell phone's serial number--No one ever does this, but you will now!
  • Do this before you lose your phone! LOL.
  • Enter *#06# in to your cell phone. The serial number for your phone appears.
  1. Record the serial number and place it somewhere where it can be retrieved easily.
  2. If you lose your cell phone, contact your cell phone provider and have them block the phone using the serial number to prevent it from being used or even sold to someone else, making the phone useless; EVEN IF THEY PUT ANOTHER SIM CARD IN IT! : )

Wednesday, May 6, 2009

Friday, May 1, 2009

SC Magazine Awards the Best Professional Certification to ISACA for the Certified Information Security Auditor (CISA) Certification








SC Magazine Awards the Best Professional Certification to ISACA for the Certified Information Security Auditor (CISA) Certification

The CISA certification helps demonstrate your authority as an IT Security Professional. I took the exam in December of 2007 learned so much about my role and responsibilities functioning in a Audit & Controls. I recommend the CISA Cert to anyone looking for a security certification that will help them success in accessing security controls.

The CISA certification is also one of the security certifications recommended required for employment with the federal government.

Governed by: Information Systems Audit and Control Association (ISACA)

ISACA chapters are in more than 175 counties and in over 70 countries.

Since 1978, over 60,000 professionals have earned the prestigious IT security designation.

2009 Finalists Included:

ISC)2 – Certified Information Systems Security Professional (CISSSP)

GIAC – Global Information Assurance Certification for GIAC – The Global Information Assurance Certification program

ISACA for Certified Information Security Manager (CISM)

Symantec Corporation for Symantec Certification Program


http://www.scmagazineus.com/Best-professional-certification/article/130888/



Julius Clark, MBA, CISSP, CISA

Information Security Professional

Get Expert Advice!