Activity
Mon
Wed
Fri
Sun
Dec
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
What is this?
Less
More

Memberships

CISSP Study Group

Public • 909 • Free

36 contributions to CISSP Study Group
P.Q
In order to successfully prosecute an intruder: a.A point of contact should be designated to be responsible for communicating with law enforcement and other external agencies b.Collection of evidence has to be done following predefined procedures c.A proper chain of custody of evidence has to be preserved d.To avoid inadvertently tamping with evidence, a replica of the compromised resource should be analyzed rather than the original.
3
16
New comment Sep 11
0 likes • Sep 1
I thought C but I think it's B because you have to ensure the evidence you collect is done without anyone to compromise the evidence inadvertently because then you don't have a case.
P.Q
A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle? a.system design specification phase b.development & documentation phase c.acceptance phase d.project initiation and planning phase
3
7
New comment Sep 5
0 likes • Sep 1
I agree C is the answer
Topic of the Day: Input Validation vs. Output Encoding
Input validation and output encoding are two important security practices in software development that help protect applications from various threats. Here is how they differ: Input Validation · Input validation ensures that the data entering an application meets the expected criteria. This means verifying that the input is safe, well-formed, and adheres to the expected format (e.g., correct data type, length, value range, etc.). · It protects against malicious input and ensures data integrity before processing. · It mitigates risks like injection attacks (e.g., SQL injection, command injection). Output Encoding · Output encoding ensures that data is safely rendered in its intended destination, particularly when outputting to HTML, JavaScript, or other content that might be interpreted by a browser. This means converting special characters into a safe form such that the content is displayed as plain text rather than being executed as code. · It protects against the execution of malicious content in the output. · It mitigates risks like cross-site scripting (XSS) and injection attacks that target the output layer. Test your knowledge: Which of these secure software development techniques (input validation or output encoding) provides the best protection against a buffer overflow attack?
5
4
New comment Sep 1
1 like • Sep 1
input validation
message encryption
Okay, I'm pulling my hair out with encrypted message sending. At a base level, Bob wants to send an encrypted message to Alice, he uses her public key to encrypt and she uses her private to decrypt. As base as that, there is no non-repudiation going on. Correct? For non-repudiation to take place, Bob would have to digitally sign, using his private key, correct? I've heard that most IMAP email systems now transport messages encrypted. Is this different/separate from users who want to send encrypted messages? I noticed that Outlook/Hotmail, now has an option to encrypt messages. Is this above and beyond Outlook/Hotmail's standard encryption? I hope my question makes sense. Am I overanalyzing a simple process? ------Update 8/26 Hopefully a better understanding for myself and others interested in possible clarification. Twenty-Five years ago,(general/home/public) email and communication through BBS's and chat apps, messages in general were sent in clear text, not encrypted. Over time, "Standards, hope I'm using the correct word OR Internet Current Best Practices as per RFC 6838", have implemented some security, like TLS (Transport Layer Security). I want to state again that English is one of my worst subjects. For so long, if I heard the word Encryption, I would think of Security which would have me think of the CIA Triad. For the CISSP, these words do not mean the same. For me, this now means that Encryption is an intentional additional effort between two or more Subjects/Objects to exchange information with additional algorithms to safely exchange information safely in secret.
0
3
New comment Aug 27
0 likes • Aug 27
I think PGP as it offers non repudiation, integrity and encryption. And yes Bob would have to digitally sign with his key, the digital signature provides the hash the non repudiation
PII data in Cloud
Which cloud deployment model should be preferred to securely host PII data, while balancing the need for strong security and budget constraints?
Poll
14 members have voted
4
10
New comment Aug 27
0 likes • Aug 27
@Alex Akyuz I agree as Private is very costly you could get the same security in an Hybrid Cloud for less the cost. Private cloud is more secure and more expensive.
1-10 of 36
@dee-dee-9676
I have been in security for a number of years and now I have been actively preparing for the CISSP. I'd like to take the exam in October.

Active 59d ago
Joined Aug 9, 2024
powered by