Posts

[Cybersecurity Awareness Series] The Limited Time Offer

Image
Varun was excited about the new phone which he had ordered yesterday. He couldn’t believe his luck when he got that message yesterday. Excited, he had immediately forwarded the message to his friends. Varun was imagining as to how would he showcase his new iPhone X with a swag at his college. He was lost in his thoughts when the doorbell rang. He jumped off his chair at the sound. He was pretty sure that it would be the courier boy who would be delivering his new phone. It turned out to be a salesman selling soaps from door to door. Disappointed, Varun came back to his room and decided to check his order status. He was pretty sure that the order date was today. Varun logged onto his computer and quickly typed in the site’s name “wesellphonesonly.com”. The order status read “Delivery by 3.00pm today”. Varun looked at his watch. It was 3.30pm and there was no sign of the new iPhone X which he had ordered. Well, he decided to play Candy Crush on his old phone just to pass the ti

The Spectre of Intel’s (Past) Meltdown

Image
The Internet is abuzz with reports of two major vulnerabilities codenamed “Meltdown” & “Spectre”. These vulnerabilities were independently reported by security researchers at Cyberus Technology, Google, and the Graz University of Technology.  Thousands of articles have already been written over this. So what’s new in this blog post? I did read a lot of this information available on the internet before writing this article and found this: a)Some of the articles contain highly technical information and jargon which doesn’t make sense for the common man. b)Most of the articles do not explain what the real deal is and just touch upon the basics of good information security practices. c)Leading press houses have taken this opportunity to thrash the tech companies on such vulnerabilities. So if you just want to understand as to what “Meltdown” & “Spectre” mean in extremely simple terms … read on to find out. The Speculation Problem Do you have a favori

Now on Twitter !!!

Image
Hi Guys, It gives me great pleasure to tell you that you Learning Security With Mayur has now a twitter presence too. You can connect and spread the love on Twitter too. Use #LearningSecurityWithMayur when you retweet the posts on Twitter. My handle is @LearnWithMayur. Looking forward to meeting you there. Follow @LearnWithMayur

[Cybersecurity Awareness Series] The Free Gift

Image
Anjali was sitting and surfing the internet on the computer at her desk when the phone rang. Startled, she picked it up and heard a rough voice at the other side. “Is this Miss Anjali?” asked the rough voice. “Yes, this is” answered Anjali. “There is a parcel for you in the mail room. Collect it as soon as possible” and the phone hung up. Anjali was disgusted by the voice and the manner of this person. Surprised as to who would have sent her a package, she dragged herself to the mail room. She reached the mail room and asked the fat lady at the desk to give her the package. “Name Please,” asked the lady to which Anjali replied her name. She pulled the package from the drawer at her side and handed over the box. The parcel read: “To, Ms. Anjali Mathur, ILoveIT Solutions, New Delhi”, “ From Security Conference, New Delhi”. Anjali worked as a Security Analyst in her company ILoveIT solutions and had attended a security conference last week. Well, it was quite natural for ven

Cyber Security Awareness Series

Image
As a security professional, you may agree to the fact that security awareness and training is an ongoing exercise in any organization. Most people in your organization would not even bother to think about security when working on their projects to meet their deadlines. As a security professional, we need to devise new ways to make people understand about security. It may be through web-based training or an awareness session or mailers or some innovative mechanism which you have thought of. Whatever mechanism you employ to impart any security awareness training; it is often seen that security professionals start delivering sermons where they only reiterate the organization’s security policies. Cybersecurity Awareness, however, should not only be limited to the organizational policies when delivered. In my opinion, the next time you send a mailer or a training session, you can try sharing certain fictitious or original security scenarios. Users generally don’t appreciate when

Launch of CISSP Computerized Adaptive Testing (CAT)

Image
(ISC) ² has introduced Computerized Adaptive Testing (CAT) for all English CISSP exams worldwide beginning 19th Dec 2017. Important Points: 1.The exam outline remains the same. You do not need to change any reading or study material. 2.   The exam time has been halved. The exam is now 3 hours long and not 6 hours. 3.   No of questions have been reduced to 125 from 250. [ 25 questions are for research purposes. They will not be explicitly marked. ] 4. The CAT is only for English CISSP takers. No change in other languages. 5.   The exam cost (699 USD) and the retake policy remains the same. How will it work? Each candidate taking the CISSP exam will start with a question that is well below the passing standard. Based on your response, the scoring algorithm will present you with a more difficult question if you answered the previous question correctly or an easy questions if you answered the previous question incorrectly. The computer will try to judge yo

Launch of Practice Questions

Image
It has been some time since I have written on my blog. I was thinking of how to help all the aspirants of these exams. When I prepared for the SSCP and the CISSP exams, I found that there was a dearth of FREE practice questions on the internet. Hence, it is a humble attempt by me to ensure that you get a lot of practice questions to practice for FREE. I have not segregated the questions by any exams. It is imperative that you attempt the question irrespective of the fact that whether it is easy or difficult. The practice questions will be updated every week. Looking forward to your support and comments to improve the content on this website. I'm also working on the video course for SSCP which will be uploaded in a few days. 

What to expect in SSCP exam?

Image
It’s the D-Day and you are ready for the exam. Days of hard work will now be put to test. You have prepared hard and are ready to take the exam. So what to expect in SSCP exam? Read on to find out. Quick Pointers: Check you have kept 2 identification cards. The ID cards must have a signature on them. One of them must be an address proof. You have the booking confirmation from Pearson Vue. Reach the center 30-40 minutes in advance. Attempt all questions. The wrong answers don’t count against you. Know Your Enemy SSCP is a 3-hour long exam offered by (ISC)2 . It has 125 questions which are based on 7 domains.  Following are the domains along with their weight: 1. Access Controls (16%) 2. Security Operations and Administration (17%) 3. Risk Identification, Monitoring, and Analysis (12%) 4. Incident Response and Recovery (13%) 5. Cryptography (9%) 6. Network and Communications Security (16%) 7. Systems and Application Security (17%) Many peo

What to expect in CISSP exam?

Image
It’s the D-Day and you are nervous… Your heart is beating fast or you are extremely calm. You are just having nice thoughts or extremely petrified as to what will happen in the exam. Everyone faces unique challenges in preparing for the exam. Now that you have done the preparation and revision and are ready to face the beast; read on to find out what ammunition you need to slay this beast…  Know Your Enemy Much is available on blogs and ISC2 website detailing what will be the CISSP exam all about. You will have 250 questions to be answered in 6 hours. Many argue that CISSP is not that tough as people portray it. It's only who has experienced this exam can share the real challenges of this exam.  So here are the real challenges which I faced: Vastness – It is rightly said “CISSP is an inch deep and mile wide” exam. The enormity of the domains and the material associated with is huge. But hey, you have already prepared and are appearing for the exam. So why to

How to Pass SSCP Exam in the First Attempt

Image
Systems Security Certified Practitioner (SSCP) exam is offered by (ISC)2 . When I prepared for this exam, there was hardly any material for preparation or blog posts to help me understand the experience of this exam. In this blog post, I will try to explain to you how to study for this exam and the experience of this exam.  Before I begin, let me congratulate on your journey to becoming an SSCP. Although this certification may not be highly recognized as the CISSP certification, still it shows your employer and the world that you are really interested to pursue your career in this field. You become a practitioner in this field. What is SSCP? You would like to read CISSP vs SSCP in case you want to have a comparison between the exams. SSCP is a 3-hour long examination having 125 questions. You are required to score a minimum of 700 out of 1000. 25 questions are not graded as they are research oriented questions. It is important to note that since these questions are