Author

IT Blogr

Browsing

The CISSP qualification

The Certified Information Systems Security Professional (CISSP) certification has become a prerequisite for anyone developing a senior career in information security. It provides information security professionals with an objective measure of competence and a globally recognized standard of achievement. The CISSP credential suits mid- and senior-level managers who are working towards, or have already attained, positions such as CISO, CSO or senior security engineer.

Path to passing the CISSP examination at one attempt: Here is a collection of resources that have helped previous CISSP test takers pass the test at one attempt

How to qualify for the CISSP certification

To qualify for the CISSP certification, you must:

  • Have a minimum of five years’ experience in two or more of the eight CBK domains.
  • Pass the CISSP examination.
  • Complete the endorsement process and subscribe to the (ISC)² Code of Ethics.
  • Maintain certification through continuing professional education (CPE) credits.

CISSP CBK

CISSP was developed and is maintained by (ISC)², the International Information Systems Security Certification Consortium. At the heart of CISSP is an information security common body of knowledge (CBK), which is divided into eight domains:

  1. Security and Risk Management
  2. Asset Security
  3. Security Engineering
  4. Communications and Network Security
  5. Identity and Access Management
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security

The Official (ISC)2 Guide to the CISSP CBK is the essential guide for those preparing for the CISSP exam.

Who Earns The CISSP?

According to the official ISC2 website, CISSP is ideal for experienced security practitioners, managers, and executives interested in proving their knowledge across a wide array of security practices and principles, including those in the following positions:

  • Chief Information Security Officer (CISO)
  • Chief Information Officer (CIO)
  • Director of Security
  • IT Director/Manager
  • Security Systems Engineer
  • Security Analyst
  • Security Manager
  • Security Auditor
  • Security Architect
  • Security Consultant
  • Network Architect

Cybersecurity certifications can be a great way of fast-tracking your career. The right course can get you that promotion you want. However, they require an investment of both time and money, and you don’t want to waste either of these on the wrong course. This is why it’s worth taking some time to choose carefully.

Are you looking for a definitive list of the best Cyber Security Certifications in 2020?  Ranging from the most basic certifications (ITIL foundation, CompTIA A+) up until the most recognized within the cybersecurity industry (CISSP)? Below is a list of over 200 accredited certifications, detailing their tracks and distinct categories for year 2020

2020-CyberSecurity-Certification-Chart

How Passwords are stolen – Cheatsheet

While having one of your accounts breached is a scary occurrence, you might wonder how it could actually happen. Chances are that a hacker wouldn’t target your account since you’re not famous or rich, right?

Well, hacking isn’t the only way to steal passwords. There are several other methods someone could use to discover and steal the password to an online account, your phone, or other important credentials. Let’s look at some of the most common.

Here is a reference sheet showing the most common ways passwords are stolen.

How passwords are stolen

OWASP API Security Top 10 2019

A foundational element of innovation in today’s app-driven world is the API. From banks, retail and transportation to IoT, autonomous vehicles and smart cities, APIs are a critical part of modern mobile, SaaS and web applications and can be found in customer-facing, partner-facing, and internal applications. By nature, APIs expose application logic and sensitive data such as Personally Identifiable Information (PII) and because of this have increasingly become a target for attackers. Without secure APIs, rapid innovation would be impossible.

API Security focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs)

Download the OWASP API Security Top 10 2019 today!

OWASP Top 10

Ransomeware Hostage Rescue Manual

What is Ransomware?

Ransomware can take different forms, but in its essence, it denies access to a device or files until a ransom has been paid.
In this manual, we discuss ransomware as PC or Mac-based malicious software that encrypts a user or company’s files and forces them to pay a fee to the hacker in order to regain access to their own files.

The hackers primarily use the following vectors to infect a machine: phishing emails, unpatched programs, compromised websites, poisoned online advertising, and free software downloads.

Download full document addressing Ransomeware Hostage today.

Rescue Manual

2019 Hacker-Powered Security Report – Hackerone

Read and download Hackerone’s official 2019 Hacker-Powered Security report, focusing on the latest industry-wide cybersecurity tactics and events from the hacker’s perspective.

With hacker-powered security testing, organizations can identify high-value bugs faster with help from the results-driven ethical hacker community.

This Hacker-Powered Security Report 2019 is the most comprehensive report on hacker-powered security, having the largest repository of hacker activity and vulnerability data on display in one comprehensive report.

Inside you will find:

  • Year over year bug bounty program growth by industry
  • Vulnerabilities by type found across different industries
  • Average time to resolution and reward
  • Percentage of bounties found by severity level
  • Bug bounty payout trends and highest awarded bounties ranked by industry
  • Customer success highlights and hacker quotes and motivations

2019 Hacker Powered Security report - Hackerone

The CVE or Common Vulnerabilities and Exposures, a platform aimed at sharing details about  Zero-day and disclosed vulnerabilities.

Webopedia also defines CVE as a dictionary-type list of standardized names for vulnerabilities and other information related to security exposures. CVE aims to standardize the names for all publicly known vulnerabilities and security exposures.

Useful tips about CVE:

  • It is run by the MITRE Corporation, a non-profit organization. (attack.mitre.org)
  • The CVE aims to share vulnerability information easily and provide a standard for naming them.
  • The CVE IDs are in the format ‘CVE-YYYY-NNNNN’, where YYYY stands for the year the vulnerability was made public or the CVE ID was assigned.
  • It also provides the Common Vulnerability Scoring System (CVSS) that defines the severity of a disclosed security flaw. The CVSS score ranges from 0.0 to 10.0; a higher score indicates a higher severity level.
  • The common vulnerabilities and exposures (CVE) program has been around for quite some time now, helping organizations improve their cybersecurity posture by providing a wealth of knowledge about vulnerabilities and exposures.
  • It creates a standardized identifier for every vulnerability or exposure disclosed, so they can be accessed easily across multiple sources.

In this article, we’ll explore the basics of CVE. But before that let’s quickly recap what vulnerabilities and exposures are.

Vulnerability

Vulnerability is a security flaw that may be exploited to perform cyber attacks. Criminals use a number of ways including SQL injection, cross-site scripting, and buffer overflows to look for vulnerabilities to exploit.

Many organizations invest in specialized teams that test for vulnerabilities and provide security patches. The causes of vulnerability include weak passwords, operating system flaws, unintentional development bugs, and unchecked user input, among others.

Exposure

Exposures are unintentional issues or errors that allow unauthorized access to a network or system.

Some of the massive data breaches are the result of exposures. A recent example of this is a record showing data breaches and cyber attacks in October 2019  alone, where 421 million records were breached.

These attacks usually come in form of Cyber attacks, Ransomeware, Data breaches, Financial information or PII data leaks,  malicious insiders and miscellaneous incidents

CVE: Weighing the benefits and risks

CVEs are publicly available and may be exploited by malicious actors to launch cyberattacks. However, the benefits overshadow this risk.

  • CVE only lists publicly disclosed vulnerabilities and exposures. This allows individuals and organizations to be aware of the security flaws and available patches.
  • While organizations need to take care of several vulnerabilities to ensure security, a hacker needs to find just one flaw to exploit. This reinforces the importance of sharing details about vulnerabilities and exposures.

This article provides an elemental outline of CVE. For more details, you can refer to the official CVE website.

Bitcoin, The world’s most popular cryptocurrency sank to $6,558.14 on Monday, its lowest level since May, according to industry site CoinDesk. It lost $3,000 in value in just a month as China accelerated a crackdown on businesses involved in cryptocurrency operations, a reversal from President Xi Jinping’s previous signal to be more open to the blockchain technology. The coin last traded at $7,150.79.

Bitcoin jumped to above $10,000 briefly last month after Xi sang the praises of blockchain in a speech and called on his country to advance development in the field. However, on Friday, China’s central bank, the People’s Bank of China, pledged to continue to target exchanges and asked investors to be wary of digital currencies.

Beijing has taken a tough stance on cryptocurrencies, banning a fundraising exercise known as an initial coin offering and forcing local trading platforms to shut down in 2017.

“This was one of the worst weeks in the history of digital assets,” Jeff Dorman, chief investment officer of Arca, told CNBC. “The market is clearly in contraction, with no new money coming in to soak up the supply.”

Still, bitcoin has doubled in price since the beginning of the year, marking a significant turnaround from last year, when the digital coin tanked to as low as $3,122. It got a boost this summer after Facebook announced its own planned libra cryptocurrency, which analysts say has contributed to positive sentiment around bitcoin and boosted its price.

Bitcoin has a history of strong comebacks from big sell-offs, Dorman noted. The cryptocurrency gained 70% in the four months following a 16% loss in 2016 and similarly an 89% gain in the four months after a 22% sell-off in 2015, Dorman said.

Bitcoin is nowhere near its all-time high, near $20,000 in December 2017 or following any specific pattern as predicted by elf acclaimed cryptocurrency experts in recent years.

Source: CNBC

The median annual pay for information technology professionals was about $84,000 as of 2017, according to the U.S. Bureau of Labor Statistics. This is more than double the median annual pay for all professions combined. Computers play a part in multiple functions for nearly all professions, and somebody has to take care of them all, making the IT profession a growing one. BLS projects the industry to add more than half a million jobs during the decade ending in 2026.

Most of the highest paying IT jobs require some form of certification, though, so it’s important to know what type of training will be necessary depending on the specific IT career you are pursuing.

1 CRISC: Certified in Risk and Information Systems Control

According to the Information Systems Audit and Control Association (ISACA), this certification ensures that the holder is well-versed in risks to information systems, then designing/implementing solutions. This certification, according to the IT Skills and Salary Report, has an average salary of $119,227 per year and is a good certification for those interested in Information Systems Security positions.

2. CISM: Certified Information Security Manager

Another ISACA certification, the CISM certification recognizes proficiency in information security management, as someone who manages, designs, and assesses information security for a given organization. This certification has some prerequisites, such as existing certifications like GIAC. According to the Skills and Salary Report, holders of this certification earn an average of $118,348 per year.

3. Certified Information Systems Security Professional (CISSP)

Like CRISC and CISM above, this certification recognizes proficiency in security and risk management, as well as software development security. The average annual reported salary for holders of this certification is $110,603.

4. PMP: Project Management Professional

With an average annual salary of $109,405, the PMP certification from the Project Management Institute (PMI) ensures that, according to the PMI, “you speak and understand the global language of project management.”

5. CISA: Certified Information Systems Auditor

Another IASCA certification, the CISA ensures that Information Systems auditors have the skills necessary to evaluate systems and follow best practices to “support trust in and value from information systems.” The average salary of CISA holders is $106,181.

6. CCDA: Cisco Certified Design Associate

The CCDA is Cisco’s certification for network design. Make sure you’re certified with another Cisco certification (such as CCNP Routing and Switching or any CCIE certification), as it’s a requirement for the CCDA. The average income of a CCDA holder is $99,701. This certification, along with the CCNP, is good to have if you’re interested in becoming a network engineer

7. CCNP Routing and Switching

At $97,038 per year average annual salary, the CCNP Routing and Switching certification is good for someone with at least one year of networking experience and ensures that the holder can implement and maintain wide-area networks and work with specialists on solutions.

8. MCSE: Microsoft Certified Systems Engineer

Microsoft has changed the nature of the Microsoft Certified Solutions Expert to be more of a wide-ranging certification focusing on implementing technology over a wide variety of versions instead of one focused on specific disciplines. However, an MCSE is still a highly respected certification to obtain, and the average salary for MCSE holders is $96,215 per year.

9. ITIL v4 Foundation

The updated ITIL v4 certification—the ITIL Master—recognizes those who can apply ITIL concepts of quality IT solutions in real-world situations. The average annual salary for ITIL Master certification holders is $95,434.

10. Certified Ethical Hacker (CEH)

CEH is a vendor-neutral (not tied to any brand) certification for information technology workers who wish to specialize in “legally” hacking malicious hackers, using the same knowledge and tools that malicious hackers use. Two years of security-related experience is preferred before receiving a CEH. The average annual salary for CEH holder is $95,155.

11. CompTIA Security+

The CompTIA Security+ which has come to stay for  very long time stands at an average salary that  varies according to the designation, experience and background. According to PayScale, the average salary range of a network engineer with this cert varies from$42,128 – $95,829.