By Kathryn M. Farrish, CISSP Security Technical Implementation Guides (STIGs) are published periodically by the Defense Information Systems Agency (DISA). STIGs contain very detailed lists of security settings for commonly used IT system components, such as operating systems, database management systems, web servers, network devices, etc. Compliance with applicable STIGs is one of the key…
Article by Annette Leonard The Defense Information Systems Agency (DISA) is responsible for developing security guidance for configuring DoD information systems. An extensive collection of Security Technical Implementation Guides (STIGs) is published at http:// iase.disa.mil/stigs/Pages/index.aspx. STIGs contain detailed configuration guidance (settings) for commonly-used software products and other system components. Most of these documents are updated…
Article by Kathryn Farrish, CISSP Imagine this dialog between Edward, a System Owner, and Christine, his Information System Security Manager (ISSM): Edward (System Owner):“Now that we’ve completed our System Categorization, have you built the Security Control Baseline for our system?” Christine (ISSM): “Yes, sir, I have. Our system has been categorized as “Moderate -Moderate-Moderate (M-M-M)”.…
In this blog post Lon Berman, CISSP talks about the sub-steps of the first RMF step, System Categorization. Step 1: Identify Information Types The first and perhaps most important step in the system categorization process is the determination of the “information types” that are stored and processed by the system. So what exactly is an…
As I grow in years the amount of time that passes is more difficult to perceive. The fact that I have been a CISSP for 13 years (October 2002) is cool but it also makes me realize, once again, that I’m no longer a spring chicken. It also puts me on high-alert because the older…
We are pleased to announce that we are able to now offer our clients discounted exam vouchers for CompTIA exams. The discounts are anywhere from 8 – 12% off of retail pricing. We can save you money on A+, Network+, Security+, CASP, Server+, Storage+, Project+, Linux+, Mobility+, CDIA+, CTT+, Cloud Essentials, Cloud+, Healthcare IT, and…
I just finished reading Bruce Schneier’s blog entry, titled “The Doxing Trend”. Let me start by writing that I am usually a big fan of Mr. Schneier. I look forward to his newsletter and I have tremendous respect for his technical intelligence. But as I read his doxing article I couldn’t help but wonder what…
Why CASP Exists: A Slightly Cynical View (and no, this doesn’t mean I’m advocating the CISSP) In the world where DoD 8570.01-M (DoDD 8140) is relevant the CISSP has long been a staple for those seeking IAT Level III, IAM Level II/Level III and IASAE I and IASAE II roles. CompTIA’s CASP exam endeavors to…
When it comes to getting your CISSP certification, I have one important word for you: STUDY. Study in the car (preferably not while driving), study at work (taking care to not get fired), study at home, study everywhere you get a free moment. Study before training, study after training. You really cannot study too much…
I have a daughter in 3rd grade who started the year off with reviews of the addition and subtraction she learned last year. Fortunately, her school is private and doesn’t do any of the dumb Common Core math that I have seen other parents complaining about. My daughter understands the concepts of addition and subtraction…