certification

Free (ISC)² Exams flash cards all in one place (*)

(*) with respect for your privacy, no login, nor mail required for

CISSP

CSSLP

CCSP

SSCP

CAP

HCISSP

Sorry, (free) registration still required for:

CISSP-ISSAP:https://enroll.isc2.org/product?catalog=CISSP-ISSAP-FC

CISSP-ISSEP: https://enroll.isc2.org/product?catalog=CISSP-ISSEP-FC

CISSP-ISSMP:https://enroll.isc2.org/product?catalog=ISSMP-FC-2019

Signing a PDF with Belgian eID – step-by-step for beginners (a bit more then what they tell you on the official page)

On the website for the Belgian eID, you can find some basic hints & tips to sign PDF documents with the Belgian identity card and the Acrobat reader application….

But there are other PDF applications than Acrobat Reader DC and the guide on the eID signing doesn’t detail the prerequisites in the signing manual to make it work.

Technical tip: the tech prerequisites and how to validate them are explained in the technical manual (over here: https://eid.belgium.be/nl/technische-documentatie#7389)

Acrobat Reader DC may be the most prominent PDF reader, it’s certainly not the only one and certainly not the most performant one.

Furthermore, the document signing in Acrobat Reader is pretty confusing as you must select the “Certificates” module and NOT “Fill & Sign”.

Difference between Authentication & Signing

When you, as verified user, want to put a digital signature on documents, this is called “signing”, confirming the document content.

In this circumstances, the “authentication” part is not relevant. Authentication is used to prove your identity.

For your information: the Belgian eID is NOT designed to provide encryption (which is the 3rd option to use a certificate). So you cannot use the BE eID for encryption of documents, sadly enough.

More info (NL, also EN version available): https://eid.belgium.be/nl/aanmelden-met-eid#7559 (EN, https://eid.belgium.be/en/log-eid#7559)

Prerequisites

Certificates in user certificate store

You need to have the user certificates installed on your user account on the local pc (actually the personal user certificate store) to make the document signing work in the applications.

If you haven’t used the eID certificates before, or in the case of a new computer, you’ll need to install the user certificates on your computer.
The easiest and official way to install them, is using the eID viewer application.

eID Software

Note on Language

The eID website is supporting NL, FR, DE and EN as language, I’ll only refer to NL and EN as main languages but FR and DE are supported too.

Download

Download and install the eID software from this source: https://eid.belgium.be/nl (for NL. Also available: EN, FR and DE).
It includes the eID middleware and the eID viewer we’ll use to read and install the eID certificaties on your computer (actually your user account).

Install

The manual to install the eID software is here:

(NL) https://eid.belgium.be/nl/hoe-installeer-ik-de-eid-software

(EN) https://eid.belgium.be/en/technical-documentation

Verifying the presence of the user certificates (Signing)

When you use the certificates and/or the eID software, the certificates should be installed in the user certificates store automatically, but that is not always the case, depending the configuration and security of your computer.

Technical hint: there is a “Certificate Propagation Service” troubleshooting article on the eID website that helps you: https://eid.belgium.be/nl/technische-documentatie#7256

To sign PDF documents with a certificate, most PDF readers will check for certificates in the user certificate store on the local computer, not directly from the card reader.

Steps

1. MMC

Via the Windows button, run the mmc (Microsoft Management Console), you’ll need to run it in elevated mode (so consent the UAC popup)

2. Add snap in : Certificates

Via menu “File”, “Add/Remove Snap-in”, add the “Certificates” snap in.
Choose “My User Account” (as the eID certificates are injected in your user account, not your computer or service account)

Finish and click ok.

3. Open the personal certificate store

In the “certificates – current user” > Personal > Certificates, check the list of certificates available.

You should see something like:

If ok, then you’re ready to sign documents, using eID.

If NOT, then you’ll need to add the certificates manually.

Manual installation of the eID certs

1. Insert your eID

Attach a supported card reader and insert your eID smart card.

2. open the eID viewer > Certificates tab

Right click the “Signature” certificate (you can do the same for the Authentication certificate. Select “Detailed Information”.

Then, click the “install certificate…” button:

Then run the default option steps: click next, next next … next… finish.

Import the certificate to the current user certificate store

Click Finish and you should be set to go for signing documents.

Signing PDF docs

Adobe Acrobat DC

This is explained on the eID website:

(NL) https://eid.belgium.be/nl/digitale-handtekeningen#7261

(EN) https://eid.belgium.be/en/digital-signatures#7261

IMPORTANT

Select the “Certificates” module and NOT “Fill & Sign”.

The “Fill and Sign” is used for graphical signatures, replacing the manual signing of paper copies, and eliminates the need of rescanning.

eID is a “qualified” and legally support signature.

If your counterpart (the other signing party) doesn’t require a qualified signature, this is a good alternative for eID (as there is some sensitive data like social security number, incl birthday and gender mentioned in the eID signature)

Foxit PDF

Open the PDF file you want to sign.

Verify the presence of the Signature certificate

It should be popping up from the certificate store, which we fixed earlier. (if not present, go back and fix it)

Signing a document

When the certificate is correctly installed, go to the “Protect” menu, then click the “Sign & certify” button in the ribbon.

Then drag an area to mark a signing area and choose the signature options.

Done!

References

Digitale handtekeningen:

(NL) https://eid.belgium.be/nl/digitale-handtekeningen

(EN) https://eid.belgium.be/en/digital-signatures

And also

Add or remove a digital signature in Office files: https://support.microsoft.com/en-us/office/add-or-remove-a-digital-signature-in-office-files-70d26dc9-be10-46f1-8efa-719c8b3f1a2d

Useful GDPR resources (Working doc)

Certification

IAPP article: 4 GDPR-certification myths dispelled (EN)

EDPB (European Data protection Board)

GDPR docs: https://edpb.europa.eu/node/28

Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation – version adopted after public consultation

ENISA

Interplay between standardisation and the General Data Protection Regulation: https://www.enisa.europa.eu/events/enisa-cscg-2017/presentations/kamara

Recommendations on European Data Protection Certification

 

 

Note-to-self: CCSK vs CCSP

Just for easy, future reference… the difference between CSA CCSK and (ISC)² CCSP, quickly explained:

https://blog.cloudsecurityalliance.org/2018/04/24/ccsk-vs-ccsp-unbiased-comparison/

http://www.confidis.co/cloud-security-certifications-ccsk-vs-ccsp/

 

CCSK – DOMAIN 4 (Compliance and Audit Management) reference material

CCSK

Preparation tool kit (with registration): https://cloudsecurityalliance.org/artifacts/ccskv4_exam_prep_kit

Separate downloads:

(ISC)² Belux Chapter

2019-04-04 meeting presentation on CCSP-CCSK

ISC2-Belux-Chapter-20190404-Event

Additional Reading

PCI-DSS

Download PCI-DSS  without registration: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf

Documentation library: https://www.pcisecuritystandards.org/document_library

SOC1/SOC2/SOC3

https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/sorhome.html

Microsoft Azure – Cloud Security Compliance (Trust center)

https://www.microsoft.com/en-us/trustcenter/compliance/compliance-overview

Documents download: https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3

https://servicetrust.microsoft.com/ViewPage/MSComplianceGuide

Regional & country compliance: https://www.microsoft.com/en-us/trustcenter/compliance/regional-country-compliance

Google Cloud Security Compliance

Google Cloud security compliance – general

ISO27001: https://cloud.google.com/security/compliance/iso-27001/

CSA STAR

ISO Standards

ISO27001

ISO27002

ISO27017 (Cloud security)

ISO27018 (Personal data)

ISO27032 (Cybersecurity)

CSA STAR

https://cloudsecurityalliance.org/star/#_overview

Other

Interesting collection of documents & references on compliance and standards: here,  including, HIPAA, PCI-DSS, ISO27001/27002, …

 

 

 

Note-to-self: prepping for CSA CCSK v4 upgrade

Note-to-self: extended reprint of a LinkedIn post…

I might have mentioned it already, but if you have passed the CCSK exam before, better logon to your CCSK profile on the CSA website and check if you still have an exam token left.

By default you get 2 tokens each exam registration, so…

If you pass your exam the first time, the “second try” backup token is left unused in your profile.

And (if not yet expired) you can use it to upgrade your CCSK to v4.

Tokens stay valid for 2 years after purchase.

More info: https://ccsk.cloudsecurityalliance.org/en/faq

On that page you can also find the required study material for the exam.

You can download the CCSK v4 prep kit from : https://downloads.cloudsecurityalliance.org/ccsk/CCSKv4_Exam_Preparation_Kit.zip

It’s an online exam and thus open book exam, using the below reference guides.

But realise:  60 questions in 90 minutes still is hard work, so better do some prep work up front to maximize your chances.

Once you pass this one, you can go for the (ISC)² CCSP with more confidence…

Note-to-self: MVA Learning Path – Security for the Chief Security Officer (CSO)

From a LinkedIn connection (thx Jeff and congratz on the achievement) I received an interesting pointer to a set of courses on MVA, Microsoft Virtual Academy.

An MVA ‘learning path’ is a combination of learning courses.
Just recently MVA published the ‘Security for the Chief Security Officer (CSO)’ learning path.

Check it out at : https://mva.microsoft.com/learning-path/security-for-the-chief-security-officer-cso-21

It combines 6 courses (better make sure to access them from the learning path):

  1. How to Harden Your Enterprise in Today’s Threat Landscape
  2. Cybersecurity Reference Architecture
  3. Cloud Security from the Field

BTW: have a look on the ‘security’ based content on Microsoft Virtual Academy, you’ll be surprised how much you can (continue to) learn.

See: https://mva.microsoft.com/search/SearchResults.aspx#!q=security

Note-to-self: MVA course – Getting Started with Azure Security for the IT Professional

Source: https://www.microsoftvirtualacademy.com/en-US/training-courses/getting-started-with-azure-security-for-the-it-professional-11165

From the course description:

“Course information

Earning Trust in the Microsoft Cloud

Join Scott Edwards and Rick Claus for a look at the Microsoft commitment to earn customer and partner trust in its Cloud Services, with a focus on privacy controls, compliance, and certification.
 

Inside a Microsoft Datacenter

Have you ever wondered what “cloud scale” looks like? Take a virtual tour of a datacenter (designed, built, and operated by Microsoft), and learn about defense in depth, access, and cloud security.
 

Architecting Secure Compute Solutions on Azure

Explore ways to design solutions that will be secure and well architected for availability within your Azure subscription. Learn about security boundary implementation and ways to minimize downtime.
 

Virtual Appliances and Security

​ ​This session covers various elements of the network virtualization stack with emphasis on virtual networks, network security, and user defined routing.
 

Understanding Virtual Appliances

You will learn how to deploy virtual appliances in Azure Virtual Network. The key focus is on security appliances (firewall, gateway), ADC (application delivery controller), and WAN optimization.​ ​
 

Extend Your Network to the Microsoft Cloud

Learn about how Microsoft Azure ExpressRoute enables you to extend your network to Microsoft and enable Hybrid Scenarios for your Enterprise.
 

How to Manage Encryption Keys for Your Cloud Apps with Azure Key Vault

With the new Azure Key Vault service, customers of cloud applications can manage their keys and secrets consistently across their cloud applications. This is part 1 covering background and theory.
 

Demos: How to Manage Encryption Keys for Your Cloud Apps with Azure Key Vault

Managing cryptographic keys and secrets is an essential part of safeguarding data in the cloud. This is part TWO covering all the demos of the Azure Key Vault service​.
 

Disk Encryption with Key Vault

​Disk Encryption has been something that our customers have been asking about since Azure IaaS has been available. Learn what options are available to your Azure IaaS VMs now with Azure KeyVault.
 

Antivirus Options in Azure

AntiVirus extensions are available in Azure and can be included in your Virtual Machine images. Learn what options are available and how to leverage them in your solutions.
 

Encryption for SQL Server on Azure Virtual Machines

This talk will cover how customers can use the SQL Server Connector to use Azure Key Vault as an Extensible Key Manager in implementing SQL Server encryption on Azure Virtual Machines.
 

Azure SQL Database Security

This talk will cover 2 new security features for Azure SQL DB, Transparent Data Encryption and Azure Active Directory integrated authentication.”

Note-to-self: SearchSecurity.com’s IT security certifications guide

From: http://searchsecurity.techtarget.com/tip/SearchSecuritycom-guide-to-information-security-certifications (you need to register to free access).

“This special report offers a comprehensive review of information security industry certifications, highlighting which ones can best help you achieve goals specific to your information security career path”

I assume this report will get an 2014 update, but still the 2013 version is a valuable resource for planning security certification.