RE: Notes from CISSP class with Dr. Eric Cole

Having recently reviewed some on-line CISSP materials I'd agree with this -
that the CISSP answers are structured around knowing definitions,
terminology and concepts particular to CISSP study materials, not those used
in real life nor real life complexity in systems and security management.

That doesn't mean CISSP is bad (nor that real life is wrong), just that this
is the way CISSP works, and we as security professionals need to be aware of
that whenever we need to make judgements that relate to the value of CISSP.

Lyal

-----Original Message-----
From: Saqib Ali [mailto:docbook.xml_at_gmail.com]
Sent: Thursday, 6 October 2005 12:52 AM
To: Garth Somerville
Cc: webappsec_at_securityfocus.com
Subject: Re: Notes from CISSP class with Dr. Eric Cole

Hello Garth,

While I agree with most of what you said, what I published at
< http://www.xml-dev.com/blog/?action=viewtopic&id=150 > is what is required
for CISSP certification. CISSP is theoratical exam, and sometimes practical
knowledge, can lead you to wrong answers on the test.

On 10/4/05, Garth Somerville <therealgarth_at_yahoo.com> wrote:
> > .... The notes are available at:
> > http://www.xml-dev.com/blog/?action=viewtopic&id=150
>
> Hello Saqib:
> Under "IDS Events Defined," you make a great
> observation about IDS, but classifying all traffic as
> either "Attack Traffic" or "Normal Traffic" can be
> misleading as it relates to the next section, "IDS
> Methods of Operation." Not all abnormal traffic
> represents an attack, and not all normal traffic
> represents authorized activity. Also, positioning
> anomaly detection as being both default deny and more
> secure could be misleading.

--
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.