Feeds:
Posts
Comments

Archive for the ‘ISO 27K’ Category

As I’ve said before, one of the main things I love about information security is the need to keep learning ~ the field keeps expanding, Big Bang-like and it behooves one to stretch themselves, out of their comfort zones and in new directions.

Friends of mine had been recommending I learn more about IT auditing, to gain a better perspective on how controls are applied, and why.  To that end, I took a three-day Certified Information Systems Auditor (CISA) training course from CertTest in early November.

Wow, that was pretty cool!  I learned a lot of new stuff and reviewed things like NIST SP-800-53 and ISO 27002 that I knew something about, but not in the same depth.  So, I’m now embarked on a study cruise towards the June 2010 CISA exam from ISACA.  Maybe I’ll work as an IT auditor, maybe not, but either way, I’ll know a lot more about the business side of the proverbial ‘house’ and it’s GRC drivers.

All this dovetails with my ongoing study of CobIT 4.1, NIST SP-800-53, and the ISO 27K series ~ I’m focused on becoming the best Governance, Risk Management & Compliance professional I can be!

If you have any helpful hints, suggestions, study advice, please ping me.

Shouts-out and props to Dave Cannon at CertTest for being an awesome and inspiring instructor!

And, I ate some Serious ‘Que at the Hard Eight in Irving TX with my CertTest classmates…

Later friends!

Read Full Post »

One of the main reasons I love information security is that there’s always something new to learn, or re-learn.  I got started around 2001 when, working as a systems manager with a db full of SSNs, realized I needed to know more about breaking into my systems if I was going to defend them.  This led to some serious SANS Institute training, earning my CISSP cert, and having a great time swimming in a sea of knowledge!

So what do I do to keep up?  I read and re-read the monthly ISSA journals,  Secure Computing magazine, Information Security magazine, and the ISC2.org Journal of Information Security.  I joined ISACA earlier this year, so am adding their publications to my nightstand.  There are various and sundry email subscriptions like SearchSecurity, TechTarget, and Shadowserver.  The Association for Computing Machinery journal arrives quarterly.

As part of my ongoing gap-analysis and searching for a new safe harbor, I work on learning more about my profession and focus on certain elements in it.  Among them:

Books I’ve been reading:

The first book is by Fyodor himself, so I had to give it a read and use it as a desktop reference.  The second is by Ed Skoudis & Tom Liston; I’d read it a few years ago, but turn to it for refreshers.

Then there are blogs!  Some of my favorites are:

I think if I don’t make time to keep reading and doing, I’ll fall behind – our industry is still young and growing fast as the threat horizons expand.  It’s hard to keep up, but I’m tryin’…

Peace y’all.

Read Full Post »