Showing posts from July, 2017

CISSP vs SSCP Certification

                                      Basis CISSP SSCP Offered by ISC2 ISC2 Length of the exam 6 hours 3 hours Number of questions 250 125 Question Format Multiple choice + Drag & Drop + Hotspot Questions Multiple Choice Questions Passing Grade 700 out of 1000 700 out of 1000 Exam Availability English, French, German, Brazilian Portuguese, Spanish, Japanese, Simplified Chinese, Korean, Visually impaired English, Japanese, and Brazilian Portuguese Testing Center Pearson VUE Testing Center Pearson VUE Testing Center Number of Domains 8 7 Domains ( Weightage) 1. Security and Risk Management (16%) 2. Asset Security (10%) 3. Security Engineering (12%) 4. Communications and Network Security (12%) 5. Identity and Access Management (13%) 6. Security Assessment and Testing (11%) 7. Security Operations

[Opinion] Will Machine Learning in Cyber Security open a Pandora’s Box?

Machine Learning is the buzz word nowadays. Huge numbers of courses on machine learning have mushroomed online and companies are running after professionals who are an expert in that. As per Udacity , which has developed a course on machine learning in collaboration with Google defines it as “Machine learning represents a key evolution in the fields of computer science, data analysis, software engineering, and artificial intelligence.” Wiki , however, explains it in a better manner rather than just throwing jargons. It says that machine learning gives "computers the ability to learn without being explicitly programmed.” Much understandable!! In simpler terms, computers start learning processes and develop a deduction capability rather than just perform what it is programmed to do. When such machines are made to learn to defend our networks and organizations from an information security point of view,  good and bad things will happen. Read on.... Acc

Quick Tips for SSCP Exam

Let me say “All the best” to you, before I start giving you tips for the SSCP exam. These tips are not mandatory to follow, but will surely help you to manage and crack the exam. Systems Security Certified Practitioner (SSCP) is a three-hour long exam which contains 125 questions. You can call this as the younger brother of CISSP. I gave this exam in July 2014 and passed in the first attempt. You have to schedule an exam through (ISC) 2  website which further takes you to booking the exam at a Pearson Vue center. Reach the exam center approximately 45 minutes in advance before your scheduled time. This will help you to settle down. Start early so as to reach early rather than waiting on the way thinking whether you will reach on time or not. When you will reach the Pearson Vue center, you will be given a set of instructions to read. These instructions are different from the NDA to be signed for the SSCP exam. In case you have any queries regarding the instructions, f

What is CIA?

The Three Pillars – CIA Anything in Information security ultimately boils down to ensuring that either or all of the three pillars is ensured. These three pillars are – Confidentiality, Integrity, and Availability. It is thus extremely important that you understand the meaning of these terms. From an exam perspective, a lot many questions will be focused on identifying the following: Which of the three pillars is violated? Which of the three pillars is ensured if a certain action is taken?   What will a certain control ensure to provide or protect? Even from an organizational perspective, all the policies, procedures, standards and guidelines are made to ensure that the three pillars of information security are catered for. So, let’s understand these concepts now. Before I begin, let’s be very clear that I’m not going to write down the definitions provided by any agency or organization. You can get them in any book and they are mostly as clear as

[Opinion] Its High Time ….

The recent spate of cyber-attacks has served as an eye-opener for many organizations and individuals. Organizations that were using unpatched software had no security teams, no incident response policy, and procedures, etc. clearly were the ones who had to bear the maximum brunt of such attacks. There were many who did not get affected as they took the right steps at the right time and gave due importance to security and security teams in their organization. Lots of points mentioned below have been long debated in organizations. But it’s high time that they are taken seriously and religiously implemented. CISO/CSO should be a part of Board Meetings In most organizations, security is still considered an IT job. The CSO reports to either the CIO or admin's head or some senior business person. The organizations mostly appoint a CSO just to ensure that regulatory compliance (in some countries) is taken care of. They are really not interested in consid