References and Resources CISSP
Last Updated 3/16/2010
(always
looking for additions please pass on any helpful links you find!)
Practice Test / Test Prep / Training
Logical Security great reference information, sign up for free account (Shon Harris)
http://www.logicalsecurity.com/index.html
CCCUre.org free quizzes and study guides
CISSP Exam Practice - $49/45 days reputable web based testing engine will show your history and progress, areas you need to focus on, good questions
http://www.cisspexampractice.com/
Flashcard Exchange has some great flash cards, or you can create your own keep in mind that these are user submitted, so verify if something seems incorrect
http://www.flashcardexchange.com/
Free Practice Test (No Download) the questions will make you think this is a good thing, even if the questions arent great
Additional
Subnetting questions (these are Cisco questions so
theyre harder than what youll likely see)
http://www.subnettingquestions.com/
College that offers CISSP
training:
http://capitol-college.edu/prospective-students/professional-development/cicpc/cissp
Hesco
http://www.hesco.com/US_CIVIL/index.html
Real World Examples:
Electronic Communications Policy
http://www.umaine.edu/it/policies/communication.php
Security through Obscurity The Terry Childs Incident
Sample Risk Analysis Report
www.nww.usace.army.mil/html/OFFICES/.../CSRA_Sample_RiskReport.doc
ISC2 Code of Ethics (you agree when you sign up to take your test)
http://www.isc2.org/ethics/default.aspx
Business Continuity Plan templates
http://searchdisasterrecovery.techtarget.com/generic/0,295582,sid190_gci1354703,00.html#
http://www.finra.org/Industry/Issues/BusinessContinuity/p006464
PGP Freeware (version 8.0.3)
http://www.pgpi.org/products/pgp/versions/freeware/winxp/8.0/
Great BCP Template
More Info / Clarification on topics:
Bastion Host
http://www.sans.org/security-resources/idfaq/bastion.php?portal=3660a155fce3b0faccf9398332a31ee2
Screened Subnet
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1297657,00.html#
BCP / Disaster Recovery:
Natural Disaster Hotspots
http://books.google.com/books?id=X3osIdnSBdgC&printsec=frontcover&source=gbs_v2_summary_r&cad=0
Steganography
(S-tools)
http://polaris.umuc.edu/~dmadison/INFA640Spr2009/Session_2.html
Towards the bottom of the page you will see two
identical photos. The S-Tools download and instructions on how to use it are
directly beneath those pictures.
Recommended Reading:
Balancing Security and Openness in Research and Science
http://www.aaup.org/AAUP/pubsres/academe/2003/SO/Feat/vest.htm
Security vs. Openness (a blog entry with commentary)
http://blog.cutter.com/2007/07/30/enterprise-20-openness-vs-security/
Fair Use Policy pay special attention to the section on common misunderstandings
(Fair Use / Acceptable Use/ Intended Use Policy)
http://en.wikipedia.org/wiki/Fair_use
Two-tiered vs Three-tiered Architecture
http://www.virtu-software.com/ask-doug/QandA.asp?q=48
Top Down and Bottom Up Management
Security Through Obscurity Accidental and Intentional
http://blogs.techrepublic.com.com/security/?p=379
Apple
Launches a Patent War
http://www.cnn.com/2010/TECH/03/04/cnet.apple.patent/index.html
Fake
Antivirus Scam
http://cyberwarfaremag.wordpress.com/2008/11/05/fake-anti-virus-brings-in-158-000-a-week/
Comodo Free Antivirus
http://download.cnet.com/Comodo-Internet-Security/3000-2239_4-10460704.html
Security Through Obscurity example (The Terry Childs incident)
Qualitative and Quantitative Risk Analysis
http://www.intaver.com/Articles/Article_QuantitativeRiskAnalysis.pdf
Risk Analysis and Project Mgmt (multiple pages)
http://www.project-management-knowledge.com/definitions/q/qualitative-risk-analysis/
The Delphi Technique
http://www.iit.edu/~it/delphi.html
Federated Identities some interesting thoughts on the pros/cons
http://software.silicon.com/security/0,39024655,39152427,00.htm
Quantum Cryptography
http://www.schneier.com/blog/archives/2009/12/quantum_cryptog_1.html