Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Cissp
From: David Hopkins <David () COMPUSA COM>
Date: Tue, 12 Sep 2000 10:16:56 -0500

The study guide is marginal at best, I used the "Handbook of Information
Security" edited by Hal Tipton, Micki Krause, et al.  It's alittle $$
but It is possibly the only book to break material (a series of
whitepapers)into the 10 domains that comprise the CISSP common body of
knowledge (CBK).  You may also want to supplement your studying with a
few other books on Telecommunications, Networking, Firewalls and
Internet Security (the book by Cheswick and Bellovin is popular), etc.
Good Luck!

David Hopkins, CISSP
CompUSA IT Security Manager
972-982-5414 (office)
972-333-5636 (cell)

-----Original Message-----
From: Sassaman, Kim [mailto:Kim.Sassaman () SCHWAB COM]
Sent: Monday, September 11, 2000 6:20 PM
Subject: Cissp
Importance: High

This is off topic but what resources did you use to study for the CISSP
certification.  Im looking into taking the exam and was wondering if
were some better refrences than the study guide availiable??

Kim Sassaman
Charles Schwab, Inc.
Technology Innovation
Information Security Services
Senior Staff - Access Engineering
2343 East Lincoln Drive
Phoenix, AZ 85016
Member: SIPC/New York Stock Exchange
[Work] 602-355-3330
[Mobile] 602-421-4916
[MobileMail] 6024214916 () mobile att net
<mailto:6024214916 () mobile att net>
[Pager] 877-568-4936
[PageMail] 8775684936 () skytel com <mailto:8775684936 () skytel com>
WARNING: All e-mail sent to or from this address will be received
orotherwise recorded by the Charles Schwab corporate e-mail system and
issubject to archival, monitoring or review by, and/or disclosure
to,someone other than the recipient.

-----Original Message-----
From: Meritt, Jim [mailto:Jim.Meritt () WANG COM]
Sent: Monday, September 11, 2000 12:40 PM
Subject: Re: [PEN-TEST] Testing a "rogue site"

Concur.  To have a system to secure, you need the system.

Has anyone noticed that the original question was totally non-technical?

There seems to be a belief that all that is involved is technical.
There is
more to it than that.  How do you write up what you find?  How do you
it (to management). The business aspects appear to be totally

The "dot coms" thought that way.  Notice the business failures?

The opinions expressed above are my own.  The facts simply are and
belong to
James W. Meritt, CISSP, CISA
Senior Information Systems Security and Audit Analyst, Information
Center of Excellence
Wang Government Services, Inc.

-----Original Message-----
From: Karyn Pichnarczyk [mailto:karyn () SANDSTORM NET]
Sent: Monday, September 11, 2000 12:47 PM
Subject: Re: Testing a "rogue site"


I totally disagree with the two rules stated above.  yes, You need your
company's written approval of your responsibilities.  But unless you go
the One and Only rule, you will not last long in the security trade:

1. Business Must Continue.

If this rule is not followed, then it doesn't matter how good or bad
the security posture is: the company just won't exist!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]