Updated CISSP Domains

Security-info-graphic

The CISSP Domains (Effective April 15, 2015) will be changing:

  1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
  2. Asset Security (Protecting Security of Assets)
  3. Security Engineering (Engineering and Management of Security)
  4. Communications and Network Security (Designing and Protecting Network Security)
  5. Identity and Access Management (Controlling Access and Managing Identity)
  6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
  7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
  8. Software Development Security (Understanding, Applying, and Enforcing Software Security) 

TECH NEWS RADIO PODCAST #373 | 2014-08-02 | NMAP #DDOP

 Listen! (Size 2.12 MBs, Running Time 2m10s)
 
Today's podcast is inspired by the Dog Days Of Podcasting (#DDOP).  It is a single focus recommendation on why I have NMAP in my security toolkit and why you should consider it.

Feel free to follow along with Steve Holden at: Twitter and/or Google+.  For technology news only updates follow TechNewsRadio @ Twitter.


Tracking News Related To TrueCrypt

Here are some links to stories about TrueCrypt shutting down:

TrueCrypt is a key tool in our toolkit for protecting data and we use it everyday.  If it is actually going to go away then it will leave a big whole in end-user security options for data encryption.

 


DEFCON 21 (and 20 oops!)

Defcon-21-badge+stuffDEFCON 21 was in Las Vegas, NV from August 02-04, 2013 and we were there.  Our real-time posts, references, and links are available over on @Technewsradio on Twitter.  

We have a detailed report (PDF) from the sessions attended if you are interested.  Just drop us an email to get the full report or a request via message on Twitter.  A podcast summary is planned but not promised at this time.

Things that we are "worried about" from an Enterprise computing perspective:

  • Social Engineering against users is like a hot knife cutting butter. Only defense seems to be training and awareness. Traditional information assurance (IA) protections: virus scanning, IDS, firewall, etc are not effective.
  • You can't secure what you don't manage.
  • Basic system administration tools and infrastructure services in the Microsoft Windows world can be used for evil: PowerShell, .NET, DNS, browsers, PKI, and SCOM.
  • USB is not your friend.
  • Mobile computing and Bring Your Own Device (BYOD) are really not your friend.
  • Cloud computing could be your friend but probably won't.
  • Developers writing code for an organization without a security focus is just asking for trouble.
  • If you think your stuff is secure just because you have it behind a lock and a key you are in denial.
  • In a year or less, penetration testing is going to include inexpensive mobile assault options via semi-autonomous very-small drones and robots.

P.S. x 1: We were also at DEFCON 20 and have that report available if you are interested. Just drop us an email or message on Twitter for a link.

P.S. x 2: There are also DEFCON 18 and DEFCON 19 reports.  They are surprisingly still relevant IMHO -- same bat channel.


Updates from Twitter - iPad, DEFCON 19, Podcasts, Mobile, Amazon, Etc

The following items were recently posted on @technewsradio:

  • USB hub allows simultaneous syncing of 49 iPads http://t.co/OO9H7HW
  • DEFCON 19 Podcast Review #security #news #research #hacker #conference http://t.co/rbCr7hK
  • SpokenWord.org gets about 1000 new programs every day & they are looking for curators of categories to make the content more organized
  • BigBlueButton is a open source collaboration and training system that integrates a bunch of open source projects http://t.co/mEL5dDS  
  • PC World has more details on the recent news from Qualcomm about their planned updated Snapdragon mobile processor http://t.co/lQQO8y4  
  • YouTube has a great overview presentation on how "Prezi for iPad" works http://t.co/sHFJBSo  
  • Amazon EC2 is now supporting Virtual Machine (VM) Import to Amazon EC2 instances http://t.co/35n2UtJ  
  • IObit has announced a freeware version of Game Booster v2 for Windows that is geared for improving game performance http://t.co/Q0lWB4D  
  • Via Box.net ... you can get e-signatures features via DocuSign services integrated with documents stored on Box.net  
  • Getting started with project management? - "scope, time & "cost" - a good reference at Wikipedia http://t.co/oVIzQIX  
  • "Heroes of the Computer Revolution" original book looked at hackers & nerds from the late 1950s to the early 1980s http://t.co/H4Vz2kM   
  • arborjs.org - a graph visualization library using web workers and jQuery http://t.co/Zao0gyv

DEFCON 19 Podcast Review

Defcon19-podcasts

DEFCON 19 was in Las Vegas, NV from August 4-5, 2011.  This yearly computer network security and hacker conference is full of cutting-edge research, detailed demos, awesome presentations, and a lot of partying. The podcast coverage was pretty good also. Here are my recommendations:

If you are interested in hearing my thoughts about DEFCON 19 then check out the PaulDotCom.com podcast (08-11-2011).  I am the boring "IT Guy" trying to avoid the topic of "hot" women visiting the PaulDotCom.com booth.  If you'd like to see a copy of my notes (13+ pages) then drop me a personal email to: "s h o l d e n @pobox.com."

Here is a Picasa collage from the Network Security Podcast meet-up at DEFCON 19 that was "infected" by Paul & Larry @ Pauldotcom.com's little red balls from one of thier sponsors:

DEFCON19-PodcastMeetup-2011-08-06


Another Week Of Recommended Podcasts Worth A Listen


Podcast-recommendations-01 Looking through my listened to podcast list for this past week, I'm going to recommend the following as potentially interesting:

 


TECH NEWS RADIO PODCAST #372 | 2011-08-20 | Browser Phishing, National Cyber Range & Microphone Hijack

 Listen! (Size 2.9 MBs, Running Time 2m57s)

Today's podcast examines three stories about computer network security:

Feel free to follow along with Steve Holden at: Twitter and/or Google+.  For technology news only updates follow TechNewsRadio @ Twitter.


@technewsradio Roundup Posts for May 7th, 2011

The following is a summary of @technewsradio posts to Twitter:

  1. ASIS Bookstore (security pro organization) has announced over 26 new books via their online store
  2. SWFTools is a collection of open source utilities for working with Adobe Flash files (SWF files)
  3. Amazon online cloud services has a bunch of demos available - including Travel Log (Sample Java Web Application)
  4. Google has fixed a SketchUp 8 "dreaded shadow bug"
  5. Franklin Covey's PlanPlus for Outlook (version 7) is now on sale for $80 (vice $100) 
  6. Looking for a open source mind mapping tool?  Then check out Free Mind
  7. Microsoft Press has announced 3 more books in their Step By Step series: Microsoft Word 2010, Excel 2010 & Project 2010 
  8. Wired.com has an interesting article "Wired—Geek Power: Steven Levy Revisits Tech Titans, Hackers, Idealists"
  9. Listening to "A Witness to a the Egyptian Revolution" by Doug Kaye (Executive Director, The Conversations Network) via http://bit.ly/i35GC7Delete
  10. Per Kevin Devin at FriendsInTech.com - A good tool for finding Creative Commons (CC) images on Flickr is here http://bit.ly/gOtgMPDelete
  11. the Microsoft & Nokia deal seems to leave HP WebOS, BlackBerry, and Intel out of the loop with Apple (#2) & Android (#1) being top dogsDelete
  12. red5 is an open source audio/video (FLV & MP3) server that also supports H.264 
  13. Steven Levy's classic "Heroes of the Computer Revolution" has a new 25th Anniversary Edition