CNIT 125: Information Security Professional (CISSP Preparation)

Fall 2011 Sam Bowne

Scores

Schedule · Lecture Notes · Projects · Links · Home Page


73754 601 Lec  SAT  09:00-12:00PM  SCIE  136

Catalog Description

Covers information security in depth, including access control, application security, business continuity, cryptography, risk management, legal issues, physical security, and telecommunications and network security. This class helps to prepare students for the Certified Information Systems Security Professional (CISSP) credential, which is essential for high-level information security professionals.

Advisory: Students should have taken CNIT 123, or hold the Certified Ethical Hacker credential, or have equivalent knowedge of basic security.

Upon successful completion of this course, the student will be able to:

Explain security and risk management.
Define and implement access controls.
Assess application security.
Plan for business continuity and disaster recovery.
Apply cryptography correctly to protect information.
Explain legal regulations and ensure compliance.
Perform investigations, preserve evidence, and cooperate with law enforcement authorities.
Explain codes of conduct and ethical issues.
Maintain security of operations.
Assess physical and environmental security.
Design security architecture.
Explain telecommunications and network security.

Textbooks

"CISSP Guide to Security Essentials, 1st Edition", by Peter Gregory ISBN-10: 1435428196 Buy from Amazon

"CNIT 125 Lecture Notes", by Sam Bowne (buy at CCSF bookstore)

Schedule
Date	Quiz	Topic
Sat 8-20		Class Structure and Introduction
Sat 8-27		Ch 1: Information Security and Risk Management
*Fri 9-2*	*Last Day to Add Classes*
*Sat 9-3*	*Holiday - No Class*
Sat 9-10		Ch 2: Access controls
*Thu 9-15*	*Last Day to Request Pass/No Pass Grading*
Sat 9-17	No Quiz LOCKDOWN	Ch 2: Access controls
Sat 9-24	Quiz on Ch 1 & 2	Ch 3: Application Security
Sat 10-1	Quiz on Ch 3	Ch 4: Business Continuity and Disaster Recovery Planning
Sat 10-8	Quiz on Ch 4	Ch 5: Cryptography
*Fri 10-21*	*Mid-Term Grades Due*
Sat 10-15	Quiz on Ch 5	Ch 6: Legal, Regulations, Compliance and Investigations
Sat 10-22	Quiz on Ch 6	Ch 7: Operations Security
Sat 10-29	Quiz on Ch 7	Ch 8: Physical and Environmental Security
Sat 11-5	No Quiz	Ch 8 Continued
*Sat 11-12*	*Holiday - No Class*
*Thu 11-17*	*Last Day to Withdraw*
Sat 11-19	Quiz on Ch 8	Ch 9: Security Architecture and Design
*Sat 11-26*	*Holiday - No Class*
Sat 12-3	Quiz on Ch 9	Ch 10: Telecommunications and Network Security
Sat 12-10	Class Cancelled for BayThreat
Sat 12-17		*Final Exam: 9 am*

Lecture Notes
Policy
Student Agreement
Introduction to CNIT 125
Security Circus
1: Information Security and Risk Management PowerPoint
2: Access controls PowerPoint
3: Application Security PowerPoint
OWASP's Top Ten Web Application Risks
4: Business Continuity and Disaster Recovery Planning PowerPoint
5: Cryptography PowerPoint
6: Legal, Regulations, Compliance and Investigations PowerPoint
7: Operations Security PowerPoint
8: Physical and Environmental Security PowerPoint
9: Security Architecture and Design PowerPoint
10: Telecommunications and Network Security PowerPoint
The lectures are in Word and PowerPoint formats. If you do not have Word or PowerPoint you will need to install the Free Word Viewer 2003 and/or the Free PowerPoint Viewer 2003.

Back to Top

Projects
Twitter Project (10 pts.) Cold Calls Procedure Research & Present (extra credit) Instead of the usual homework assignments, students will all work together in teams, led by student managers, to perform real security audits of real information systems and other projects with real significance. Every student will be required to sign a non-disclosure agreement. Students are required to prepare professional resumes.

Projects

Twitter Project (10 pts.)

Cold Calls Procedure

Research & Present (extra credit)

Instead of the usual homework assignments, students will all work together in teams, led by student managers, to perform real security audits of real information systems and other projects with real significance. Every student will be required to sign a non-disclosure agreement.

Students are required to prepare professional resumes.

Back to Top

Links
Introduction to CISSP and CNIT 125 CISSP 1: CISSP Education & Certification CISSP 2: (ISC)2 \| Certified Information Security Education CISSP 3: CISSP was the third highest salaried certification in 2009 CISSP 4: DOD 8570 requires CISSP, Sec+, and other certs for all gov\'t Information Assurance employees CISSP 5: CISSP exam prices CISSP 6: (ISC)2 Code of Ethics CISSP 7: Associate of (ISC)² Certification CISSP 8: SSCP Education & Certification CISSP 9: Exam Prices (pdf) CISSP 10: Test Prep: 10 Tips For Preparing and Passing the CISSP Exam CISSP 11: How to get continuing education credit for CISSP certification holders 7 Types of Hard CISSP Exam Questions and How To Approach Them How I Prepared for the CISSP Exam--Sam Bowne A CISSP Study Plan Memoir CISSP Practice Test Links for Chapter Lectures Ch 0a: How Dan Kaminsky broke and fixed DNS Ch 0b: The Most Dangerous Man in Cyberspace Ch 0c: JadedSecurity » What the CISSP wonquott teach you Ch 0d: Modern Day Witch Hunting by CISSP Members Minus The Ergot Ch 0e: My Canons on (ISC)² Ethics - Such as They Are Ch 0f: Dan Kaminsky & Kevin Mitnick Hacked Ch 0g: How Byron Sonne\'s obsession with the G20 security apparatus cost him everything Ch0h: Anonymous hacker quits, calls group\'s members hypocrites and its efforts fruitless Byron Sonne, G20 \"Bomber\", Was a CISSP--Certification Suspended (2010-06-25) Ch 1a: CCSF Catalog Mission Statement Ch 1b: Mission statement - Wikipedia, the free encyclopedia Ch 1c: Objective(Goal) - Wikipedia Ch 1d: Objective Definition \| Definition of Objective at Dictionary.com Ch 1e: NIST 800-30:Risk Management Guide for Information Technology Systems Ch 1f: ISO27k infosec management standards Ch 1g: ISO/IEC 27001 - Wikipedia Ch 1h: Assessing risk of IE 0day vulnerability Ch 1i: Information Security Governance (pdf) Ch 1j: SANS: Information Security Policy Templates Ch 1k: Sarbanes-Oxley Act - Wikipedia Ch 1l: The Sarbanes-Oxley Act 2002 Ch 1m: Operation Aurora - Wikipedia Ch 2a: Active Directory\'s LDAP Compliance Ch 3a: OWASP Ch 3b: Vulnerability scanners miss 49% of the vulns they are looking for (see figure near bottom of article) Ch 3c: Memory Parsing Vulnerability being used to steal credit card numbers (pdf) Ch 3d: OWASP Top Ten Web Application Vulnerabilities Ch 3e: Object Oriented Database Management Systems Ch 5a: Substitution cipher - Wikipedia Ch 5b: Transposition cipher - Wikipedia Ch 5c: Running key cipher - Wikipedia Ch 5d: NIST Recommendation for Block Cipher Modes of Operation (pdf) Ch 5e: NIST Cryptographic Algorithms and Key Sizes (1024-bit RSA no longer recommended) Ch 5f: US-CERT Vulnerability Note VU#836068--MD5 vulnerable to collision attacks Ch 5g1: NIST.gov - Federal agencies should stop using SHA-1 Ch 6a: Differences between Civil and Criminal Law in the USA Ch 6b: NET Act - Wikipedia Ch 6c: The technique of computer matching Ch 6d: Privacy Act Overview, 2010 Edition: Computer Matching Ch 7a: Security Control Types and Operational Security Ch 8a: Man Trap Ch 8b: Crash gates Ch 8c: How to Calculate HVAC Tonnage Ch 9a: Bell-La Padula model - Wikipedia Ch 9b: Biba Model - Wikipedia Ch 9c: Clark-Wilson model - Wikipedia Ch 9d: Non-interference (security) - Wikipedia Ch 9e: Common Criteria - Wikipedia Ch 9f: Bus (computing) - Wikipedia Ch 9g: Ring (computer security) - Wikipedia Ch 9h: Windows Architecture--only rings 0 and 3 are used Ch 9i: Lock My PC backdoor password Ch 10a: Multiprotocol Label Switching - Good explanation of why MPLS will replace ATM Ch 10b: Verizon Wireless -and CDMA Ch 10c: CLEAR 4G Wireless Broadband Internet Service--WIMAX Ch 10d: How to reach maximum 802.11n speed and throughput Ch 10e: Near Field Communication - Wikipedia Ch 10f: Address Resolution Protocol - Could be regarded as an OSI model layer 2 or 3 protocol Ch 10g: TCP/IP model - Wikipedia Ch 10h: Anycast - Wikipedia Ch 10i: Is RIP layer 3 protocol or layer 7 protocol? : layer, rip, protocol SSL-1: Security Certificate Warnings Don\\\'t Work SSL-2: Boffins bust web authentication with game consoles SSL-3: VeriSign remedies massive SSL blunder (kinda, sorta) SSL-4: MD5 Hack Interesting, But Not Threatening SSL-5: National Software Reference Library--Md5 not recognized SSL-6: FIPS 140-2 (2001) can be downloaded here SSL-7: 14% of SSL certificates on the Internet potentially unsafe SSL-8: China Internet Network Information Center accepted as a Mozilla root CA SSL-9: Bug 549701 %u2013 Remove inactive RSA Security 1024 V3 root SSL-10: Vulnerabilities Allow Attacker to Impersonate Any Website SSLstrip & Slowloris & Scary SSL Attacks (ppt) Safe--countermeasure for sslstrip attack Miscellaneous Links The 7 Psychological Principles of Scams: Protect Yourself by Learning the Techniques Exposing Network Vulnerabilities -- Campus Technology The Apache Cassandra Project--highly scalable distributed database CISSP 12: GIAC Research in the Common Body of Knowledge -- Good white papers for the ten CISSP domains Web Security Tools²: skipfish and iScanner--excellent introduction to these tools Information Security Careers Cheatsheet Luhn Check - MOD 10 Algorithm LOQMail--encrypted email solution, free 30-day trial Data Encryption \| First Data--End-to-end encryption to completely escape PCI Compliance requirements Project: www.rcfl.org - /downloads/ -- directory traversal vulnerability How To Get Your Very Own Free SSL Certificate Tech//404 -- Calculates expected financial loss for lost records Rainbow Series - Wikipedia, the free encyclopedia Orange Book--Reference Monitor and Security Kernel Security modes - The four MAC modes: Dedicated, System high security, Compartmented, Multilevel Acosta v Byrum--very important precedent for HIPPA-based lawsuits An Illustrated Guide to IPsec LOMAC -- Linux method for protecting integrity of system files Fix to save restore points in a dual-boot DOD offers tiny, secure linux distribution -- 125 Project Google's Web Application Security Training Resource - Jarlsberg.appspot.com -- Better than WebGoat? Integrating Nessus with BackTrack 5's Tools -- CNIT 125 Project The Ultimate Web App Security Scanner Comparison Published - AppScan Standard Leads the Pack <--Project ideas Pingdom stores & transmits passwords in cleartext -- possible project John The Ripper Hash Formats --useful for projects More SQL injections; apparently hotels in TN -- COLD CALLS DATA Yale Gets Google Dorked -- project idea New Unsorted Links Ch 2b: Crack Password Hashes in Lion -- OS X 10.7 - Hack Mac Ch 2c: Lockheed Says Hacker Used Stolen SecurID Data - NYTimes.com 2d: Amazon.com: Ghost in the Wires: My Adventures as the Worldquots Most Wanted Hacker (9780316037709): Kevin Mitnick, Steve Wozniak, William L. Simon: Books 2e: Mitnick fakes way into LA Telco Central Office - YouTube 2011-09-14: EMET - Whitelisting for Windows -- Good CNIT 125 Project Lilith -- Web Application Security Audit Tool \| Darknet - PROJECT IDEA WAVSEP -- Web Application Vulnerability Scanner Evaluation Project -- PROJECT IDEA 0-Day SCADA Exploits Released, Publicly Exposed Servers At Risk -- COLD CALLS PROJECT DATA Windows 7 kernel ASLR research. Statistics on number of unique images addresses per 100 OS runs -- POSSIBLE PROJECT Bypassing Chromequots Anti-XSS filter --GOOD PROJECT IDEA Fake Twitter typosquatting page -- DO NOT LOG IN -- PROJECT IDEA -- Find more of these & take them down Cold Calls Project Instructions New Attack Breaks Confidentiality Model of SSL, Allows Theft of Encrypted Cookies -- GOOD PROJECT NetworkMiner 1.1 - Network Forensic Analysis Tool (NFAT) Released ~ NetworkMiner 1.1 - Network Forensic Analysis Tool (NFAT) Released -- PROJECT IDEA Free Proxy - Surf Anonymously & Hide Your IP Address - Hide My Ass! <--PROJECT IDEA Certificate Patrol <--PROJECT IDEA From the man who discovered Stuxnet, dire warnings one year later - CSMonitor.com 2011-09-28: Flawfinder -- source code security scanner <--PROJECT IDEA 2011-09-29: sqli1 - Pastebin.com -- More data for CNIT 125 Projects Google tracks you. We donquott. An illustrated guide. Except for nuclear power plants, no regulations govern how to secure systems against cyber-attacks More SCADA vulns for Cold Calls -- atvise Interesting SCADA Security Presentation (from 2004) 2011-10-08: Securing Flash Drives within the Enterprise 2011-10-11: Bestcasuals.com Vuln Audit. _St0rm - Pastebin.com -- PROJECT DATA Ethics Project: (ISC)² Ethics Complaint Procedure Ethics Project: (ISC)2 Code of Ethics 2011-10-14: jjghui - Google Search -- MORE COLD CALLS DATA -- INFECTED WEBSITES Mass infections from jjghui.com/urchin.js (SQL injection) <--MORE INFO FOR COLD CALLS 2011-10-15: Jadedsecurity emails re: CISSP My Canons on (ISC)² Ethics - Such as They Are -- Jericho from Attrition (ISC)^2 Code of Ethics PDF 2011-10-19: Over a million web sites affected in mass SQL injection attack -- MORE INFO FOR COLD CALLS 2011-10-28: Government websites with SQLi <--MORE FRESH COLD CALLS DATA Sample Contact Letter for Government Cold Calls Preventing SQL Injection in Java - OWASP --COLD CALLS INFORMATION Huge list of vulnerable Web apps for training -- PROJECT IDEAS Ch 10j: 3GPP Long Term Evolution - Wikipedia Ch 10k: Frame Injection at Layer 1: 802.11 Packets in Packets Computer Security -- Free online class at Stanford CISSP Reloaded -- study notes 2012-02-06: Hospital appeals $250,000 fine for late breach disclosure - 19 days 2012-02-06: California law requires breach notification within 5 days (for medical data) 2012-02-06: CA Codes (civ:1798.80-1798.84) -- breach notification, see .82 (a) and (c) 2012-02-06: California Amends its Security Breach Notification Law : Workplace Privacy Counsel CISSP Certification, Information Security and Risk Management Finding PII with Google--COLD CALLS DATA

Links

Introduction to CISSP and CNIT 125
CISSP 1: CISSP Education & Certification
CISSP 2: (ISC)2 | Certified Information Security Education
CISSP 3: CISSP was the third highest salaried certification in 2009
CISSP 4: DOD 8570 requires CISSP, Sec+, and other certs for all gov\'t Information Assurance employees
CISSP 5: CISSP exam prices
CISSP 6: (ISC)2 Code of Ethics
CISSP 7: Associate of (ISC)² Certification
CISSP 8: SSCP Education & Certification
CISSP 9: Exam Prices (pdf)
CISSP 10: Test Prep: 10 Tips For Preparing and Passing the CISSP Exam
CISSP 11: How to get continuing education credit for CISSP certification holders

7 Types of Hard CISSP Exam Questions and How To Approach Them
How I Prepared for the CISSP Exam--Sam Bowne
A CISSP Study Plan Memoir
CISSP Practice Test

Links for Chapter Lectures
Ch 0a: How Dan Kaminsky broke and fixed DNS
Ch 0b: The Most Dangerous Man in Cyberspace
Ch 0c: JadedSecurity » What the CISSP won*quot*t teach you
Ch 0d: Modern Day Witch Hunting by CISSP Members Minus The Ergot
Ch 0e: My Canons on (ISC)² Ethics - Such as They Are
Ch 0f: Dan Kaminsky & Kevin Mitnick Hacked
Ch 0g: How Byron Sonne\'s obsession with the G20 security apparatus cost him everything
Ch0h: Anonymous hacker quits, calls group\'s members hypocrites and its efforts fruitless
Byron Sonne, G20 \"Bomber\", Was a CISSP--Certification Suspended (2010-06-25)

Ch 1a: CCSF Catalog Mission Statement
Ch 1b: Mission statement - Wikipedia, the free encyclopedia
Ch 1c: Objective(Goal) - Wikipedia
Ch 1d: Objective Definition | Definition of Objective at Dictionary.com
Ch 1e: NIST 800-30:Risk Management Guide for Information Technology Systems
Ch 1f: ISO27k infosec management standards
Ch 1g: ISO/IEC 27001 - Wikipedia
Ch 1h: Assessing risk of IE 0day vulnerability
Ch 1i: Information Security Governance (pdf)
Ch 1j: SANS: Information Security Policy Templates
Ch 1k: Sarbanes-Oxley Act - Wikipedia
Ch 1l: The Sarbanes-Oxley Act 2002
Ch 1m: Operation Aurora - Wikipedia

Ch 2a: Active Directory\'s LDAP Compliance

Ch 3a: OWASP
Ch 3b: Vulnerability scanners miss 49% of the vulns they are looking for (see figure near bottom of article)
Ch 3c: Memory Parsing Vulnerability being used to steal credit card numbers (pdf)
Ch 3d: OWASP Top Ten Web Application Vulnerabilities
Ch 3e: Object Oriented Database Management Systems

Ch 5a: Substitution cipher - Wikipedia
Ch 5b: Transposition cipher - Wikipedia
Ch 5c: Running key cipher - Wikipedia
Ch 5d: NIST Recommendation for Block Cipher Modes of Operation (pdf)
Ch 5e: NIST Cryptographic Algorithms and Key Sizes (1024-bit RSA no longer recommended)
Ch 5f: US-CERT Vulnerability Note VU#836068--MD5 vulnerable to collision attacks
Ch 5g1: NIST.gov - Federal agencies should stop using SHA-1

Ch 6a: Differences between Civil and Criminal Law in the USA
Ch 6b: NET Act - Wikipedia
Ch 6c: The technique of computer matching
Ch 6d: Privacy Act Overview, 2010 Edition: Computer Matching

Ch 7a: Security Control Types and Operational Security

Ch 8a: Man Trap
Ch 8b: Crash gates
Ch 8c: How to Calculate HVAC Tonnage

Ch 9a: Bell-La Padula model - Wikipedia
Ch 9b: Biba Model - Wikipedia
Ch 9c: Clark-Wilson model - Wikipedia
Ch 9d: Non-interference (security) - Wikipedia
Ch 9e: Common Criteria - Wikipedia
Ch 9f: Bus (computing) - Wikipedia
Ch 9g: Ring (computer security) - Wikipedia
Ch 9h: Windows Architecture--only rings 0 and 3 are used
Ch 9i: Lock My PC backdoor password

Ch 10a: Multiprotocol Label Switching - Good explanation of why MPLS will replace ATM
Ch 10b: Verizon Wireless -and CDMA
Ch 10c: CLEAR 4G Wireless Broadband Internet Service--WIMAX
Ch 10d: How to reach maximum 802.11n speed and throughput
Ch 10e: Near Field Communication - Wikipedia
Ch 10f: Address Resolution Protocol - Could be regarded as an OSI model layer 2 or 3 protocol
Ch 10g: TCP/IP model - Wikipedia
Ch 10h: Anycast - Wikipedia
Ch 10i: Is RIP layer 3 protocol or layer 7 protocol? : layer, rip, protocol

SSL-1: Security Certificate Warnings Don\\\'t Work
SSL-2: Boffins bust web authentication with game consoles
SSL-3: VeriSign remedies massive SSL blunder (kinda, sorta)
SSL-4: MD5 Hack Interesting, But Not Threatening
SSL-5: National Software Reference Library--Md5 not recognized
SSL-6: FIPS 140-2 (2001) can be downloaded here
SSL-7: 14% of SSL certificates on the Internet potentially unsafe
SSL-8: China Internet Network Information Center accepted as a Mozilla root CA
SSL-9: Bug 549701 %u2013 Remove inactive RSA Security 1024 V3 root
SSL-10: Vulnerabilities Allow Attacker to Impersonate Any Website
SSLstrip & Slowloris & Scary SSL Attacks (ppt)
Safe--countermeasure for sslstrip attack

Miscellaneous Links
The 7 Psychological Principles of Scams: Protect Yourself by Learning the Techniques
Exposing Network Vulnerabilities -- Campus Technology
The Apache Cassandra Project--highly scalable distributed database
CISSP 12: GIAC Research in the Common Body of Knowledge -- Good white papers for the ten CISSP domains
Web Security Tools²: skipfish and iScanner--excellent introduction to these tools
Information Security Careers Cheatsheet
Luhn Check - MOD 10 Algorithm
LOQMail--encrypted email solution, free 30-day trial
Data Encryption | First Data--End-to-end encryption to completely escape PCI Compliance requirements
Project: www.rcfl.org - /downloads/ -- directory traversal vulnerability
How To Get Your Very Own Free SSL Certificate
Tech//404 -- Calculates expected financial loss for lost records
Rainbow Series - Wikipedia, the free encyclopedia
Orange Book--Reference Monitor and Security Kernel
Security modes - The four MAC modes: Dedicated, System high security, Compartmented, Multilevel
Acosta v Byrum--very important precedent for HIPPA-based lawsuits
An Illustrated Guide to IPsec
LOMAC -- Linux method for protecting integrity of system files
Fix to save restore points in a dual-boot
DOD offers tiny, secure linux distribution -- 125 Project
Google's Web Application Security Training Resource - Jarlsberg.appspot.com -- Better than WebGoat?
Integrating Nessus with BackTrack 5's Tools -- CNIT 125 Project
The Ultimate Web App Security Scanner Comparison Published - AppScan Standard Leads the Pack <--Project ideas
Pingdom stores & transmits passwords in cleartext -- possible project
John The Ripper Hash Formats --useful for projects
More SQL injections; apparently hotels in TN -- COLD CALLS DATA
Yale Gets Google Dorked -- project idea

New Unsorted Links
Ch 2b: Crack Password Hashes in Lion -- OS X 10.7 - Hack Mac
Ch 2c: Lockheed Says Hacker Used Stolen SecurID Data - NYTimes.com
2d: Amazon.com: Ghost in the Wires: My Adventures as the World*quot*s Most Wanted Hacker (9780316037709): Kevin Mitnick, Steve Wozniak, William L. Simon: Books
2e: Mitnick fakes way into LA Telco Central Office - YouTube
2011-09-14: EMET - Whitelisting for Windows -- Good CNIT 125 Project
Lilith -- Web Application Security Audit Tool | Darknet - PROJECT IDEA
WAVSEP -- Web Application Vulnerability Scanner Evaluation Project -- PROJECT IDEA
0-Day SCADA Exploits Released, Publicly Exposed Servers At Risk -- COLD CALLS PROJECT DATA
Windows 7 kernel ASLR research. Statistics on number of unique images addresses per 100 OS runs -- POSSIBLE PROJECT
Bypassing Chrome*quot*s Anti-XSS filter --GOOD PROJECT IDEA
Fake Twitter typosquatting page -- DO NOT LOG IN -- PROJECT IDEA -- Find more of these & take them down
Cold Calls Project Instructions
New Attack Breaks Confidentiality Model of SSL, Allows Theft of Encrypted Cookies -- GOOD PROJECT
NetworkMiner 1.1 - Network Forensic Analysis Tool (NFAT) Released ~
NetworkMiner 1.1 - Network Forensic Analysis Tool (NFAT) Released -- PROJECT IDEA
Free Proxy - Surf Anonymously & Hide Your IP Address - Hide My Ass! <--PROJECT IDEA
Certificate Patrol <--PROJECT IDEA
From the man who discovered Stuxnet, dire warnings one year later - CSMonitor.com
2011-09-28: Flawfinder -- source code security scanner <--PROJECT IDEA
2011-09-29: sqli1 - Pastebin.com -- More data for CNIT 125 Projects
Google tracks you. We don*quot*t. An illustrated guide.
Except for nuclear power plants, no regulations govern how to secure systems against cyber-attacks
More SCADA vulns for Cold Calls -- atvise
Interesting SCADA Security Presentation (from 2004)
2011-10-08: Securing Flash Drives within the Enterprise
2011-10-11: Bestcasuals.com Vuln Audit. _St0rm - Pastebin.com -- PROJECT DATA
Ethics Project: (ISC)² Ethics Complaint Procedure
Ethics Project: (ISC)2 Code of Ethics
2011-10-14: jjghui - Google Search -- MORE COLD CALLS DATA -- INFECTED WEBSITES
Mass infections from jjghui.com/urchin.js (SQL injection) <--MORE INFO FOR COLD CALLS
2011-10-15: Jadedsecurity emails re: CISSP
My Canons on (ISC)² Ethics - Such as They Are -- Jericho from Attrition
(ISC)^2 Code of Ethics PDF
2011-10-19: Over a million web sites affected in mass SQL injection attack -- MORE INFO FOR COLD CALLS
2011-10-28: Government websites with SQLi <--MORE FRESH COLD CALLS DATA
Sample Contact Letter for Government Cold Calls
Preventing SQL Injection in Java - OWASP --COLD CALLS INFORMATION
Huge list of vulnerable Web apps for training -- PROJECT IDEAS

Ch 10j: 3GPP Long Term Evolution - Wikipedia

Ch 10k: Frame Injection at Layer 1: 802.11 Packets in Packets

Computer Security -- Free online class at Stanford

CISSP Reloaded -- study notes
2012-02-06: Hospital appeals $250,000 fine for late breach disclosure - 19 days
2012-02-06: California law requires breach notification within 5 days (for medical data)
2012-02-06: CA Codes (civ:1798.80-1798.84) -- breach notification, see .82 (a) and (c)
2012-02-06: California Amends its Security Breach Notification Law : Workplace Privacy Counsel

CISSP Certification, Information Security and Risk Management

Finding PII with Google--COLD CALLS DATA

Back to Top

Last Updated: 11-6-11 7 am