Free (ISC)² Exams flash cards all in one place (*)

(*) with respect for your privacy, no login, nor mail required for

CISSP

• Domain 1: Security and Risk-Management
• Domain 2: Asset Security
• Domain 3: Security Architecture and Engineering
• Domain 4: Communication and Network Security
• Domain 5: Identity and Access Management
• Domain 6: Security assessment and testing
• Domain 7: Security Operations
• Domain 8: Software Development Security

CSSLP

• Domain 1: Secure Software Concepts
• Domain 2: Secure Software Requirements
• Domain 3: Secure Software Design
• Domain 4: Secure Software Implementation – Coding
• Domain 5: Secure Software Testing
• Domain 6: Software Acceptance
• Domain 7: Software Deployment, Operations, Maintenance and Disposal
• Domain 8: Supply Chain and Software Acquisition

CCSP

• Chapter 1: Cloud Concepts, Architecture, and Design
  • https://www.isc2.org/training/self-study-resources/flashcards/ccsp/chapter-1
• Chapter 2: Cloud Governance – Legal Risk, and Compliance
  • https://www.isc2.org/training/self-study-resources/flashcards/ccsp/chapter-2
• Chapter 3: Cloud Data Security Domain
  • https://www.isc2.org/training/self-study-resources/flashcards/ccsp/chapter-3
• Chapter 4: Cloud Platform and Infrastructure Security
  • https://www.isc2.org/Training/Self-Study Resources/Flashcards/CCSP/chapter-4
• Chapter 5: Cloud Application Security
  • https://www.isc2.org/Training/Self-Study-Resources/Flashcards/CCSP/chapter-5
• Chapter 6: Cloud Security Operations
  • https://www.isc2.org/Training/Self-Study-Resources/Flashcards/CCSP/chapter-6

SSCP

• Chapter 1: Introducing Security and Aligning Asset Management to Risk Management
  • https://www.isc2.org/training/self-study-resources/flashcards/sscp/chapter-1
• Chapter 2: Understand Risk Management Options and the use of Access Controls to protect Assets
  • https://www.isc2.org/training/self-study-resources/flashcards/sscp/chapter-2
• Chapter 3: Cryptography
  • https://www.isc2.org/training/self-study-resources/flashcards/sscp/chapter-3
• Chapter 4: Securing Software, Using Security Protocols and Securing Remote Users
  • https://www.isc2.org/training/self-study-resources/flashcards/sscp/chapter-4
• Chapter 5: Networking and Role of the Hypervisor
  • https://www.isc2.org/training/self-study-resources/flashcards/sscp/chapter-5
• Chapter 6: Wireless Networking, Telecoms, Cloud Configuration, Monitoring Systems and Endpoint Security
  • https://www.isc2.org/training/self-study-resources/flashcards/sscp/chapter-6
• Chapter 7: Security Testing and Incident Handling
  • https://www.isc2.org/training/self-study-resources/flashcards/sscp/chapter-7
• Chapter 8: Physical Security Managing Change and Personnel Training
  • https://www.isc2.org/training/self-study-resources/flashcards/sscp/chapter-8

CAP

• Domain 1: Information Security Risk Management Program
  • https://www.isc2.org/Training/Self-Study-Resources/Flashcards/CAP/Domain-1
• Domain 2: Categorization of Information Systems (IS)
  • https://www.isc2.org/Training/Self-Study-Resources/Flashcards/CAP/domain-2
• Domain 3: Selection of Security Controls
  • https://www.isc2.org/Training/Self-Study-Resources/Flashcards/CAP/Domain-3
• Domain 4: Implementation of Security Controls
  • https://www.isc2.org/Training/Self-Study-Resources/Flashcards/CAP/Domain-4
• Domain 5: Assessment of Security Controls
  • https://www.isc2.org/Training/Self-Study-Resources/Flashcards/CAP/Domain-5
• Domain 6: Authorization of Information Systems (IS)
  • https://www.isc2.org/Training/Self-Study-Resources/Flashcards/CAP/Domain-6
• Domain 7: Continuous Monitoring
  • https://www.isc2.org/Training/Self-Study-Resources/Flashcards/CAP/Domain-7

HCISSP

• Chapter 1: Risk Management and Risk Assessment Domain
  • https://www.isc2.org/Training/Self-Study-Resources/Flashcards/HCISPP/chapter-1
• Chapter 2: Regulatory and Standards Environment Domain
  • https://www.isc2.org/Training/Self-Study-Resources/Flashcards/HCISPP/chapter-2
• Chapter 3: Third-Part Risk Management Domain
  • https://www.isc2.org/Training/Self-Study-Resources/Flashcards/HCISPP/chapter-3
• Chapter 4: Healthcare Industry Domain
  • https://www.isc2.org/Training/Self-Study-Resources/Flashcards/HCISPP/chapter-4
• Chapter 5: Information Governance: Legal, Risk and Compliance Domain
  • https://www.isc2.org/Training/Self-Study-Resources/Flashcards/HCISPP/chapter-5
• Chapter 6: Information Technologies in Healthcare Domain
  • https://www.isc2.org/Training/Self-Study-Resources/Flashcards/HCISPP/chapter-6
• Chapter 7: Privacy and Security in Healthcare Domain
  • https://www.isc2.org/Training/Self-Study-Resources/Flashcards/HCISPP/chapter-7

Sorry, (free) registration still required for:

CISSP-ISSAP:https://enroll.isc2.org/product?catalog=CISSP-ISSAP-FC

CISSP-ISSEP: https://enroll.isc2.org/product?catalog=CISSP-ISSEP-FC

CISSP-ISSMP:https://enroll.isc2.org/product?catalog=ISSMP-FC-2019

Powershell starter – learning material

Just got a question for learning material for ramping up with powershell.

Some quick links below (and growing, update when finding more useful stuff…)

Microsoft Docs – Tech Reference & learning

https://docs.microsoft.com/en-us/powershell/scripting/getting-started/getting-started-with-windows-powershell?view=powershell-7

https://docs.microsoft.com/en-us/powershell/scripting/learn/understanding-important-powershell-concepts?view=powershell-7

https://docs.microsoft.com/en-us/powershell/scripting/learn/more-powershell-learning?view=powershell-7

Powershell Starter guide

http://powershelltutorial.net/

https://github.com/PowerShell/PowerShell/blob/master/docs/learning-powershell/powershell-beginners-guide.md

https://blog.netwrix.com/2018/02/21/windows-powershell-scripting-tutorial-for-beginners/

https://www.guru99.com/powershell-tutorial.html

Technet Wiki

https://social.technet.microsoft.com/wiki/contents/articles/19425.powershell-voor-beginners-nl-nl.aspx

Latest version of Powershell (Powershell 7)

https://devblogs.microsoft.com/powershell/announcing-powershell-7-0/

Free
learning sources : Microsoft Learning

https://docs.microsoft.com/en-us/search/?search=powershell&category=All

https://docs.microsoft.com/en-us/learn/browse/?term=powershell

Azure
powershell (Cloud)

https://docs.microsoft.com/en-us/learn/modules/automate-azure-tasks-with-powershell/

Powershell community

Free Resources

Books

http://freecomputerbooks.com/Mastering-PowerShell.html

https://powershell.org/category/books/

Ebooks

https://leanpub.com/u/devopscollective

Microsoft Blog archive: ebooks Give-Away

Videos

Youtube

https://www.youtube.com/powershellorg

Channel 9

https://channel9.msdn.com/Search?term=PowerShell

https://channel9.msdn.com/Blogs/MVP-Windows-and-Devices-for-IT/PowerShell-for-Beginners

Linkedin

https://www.linkedin.com/posts/alex-rodrick-60330b123_powershell-for-beginners-ugcPost-6672878146351620096-yIQw

Note-to-self: CCSK vs CCSP

Just for easy, future reference… the difference between CSA CCSK and (ISC)² CCSP, quickly explained:

https://blog.cloudsecurityalliance.org/2018/04/24/ccsk-vs-ccsp-unbiased-comparison/

http://www.confidis.co/cloud-security-certifications-ccsk-vs-ccsp/

 

CCSK – DOMAIN 4 (Compliance and Audit Management) reference material

CCSK

Preparation tool kit (with registration): https://cloudsecurityalliance.org/artifacts/ccskv4_exam_prep_kit

Separate downloads:

• CSA Guidance (DO NOT pay with your privacy): https://cloudsecurityalliance.org/download/security-guidance-v4/
• Cloud Controls Matrix: (DO NOT pay with your privacy): https://cloudsecurityalliance.org/download/artifacts/cloud-controls-matrix-v3-0-1/
• ENISA (no privacy issue): https://www.enisa.europa.eu/publications/cloud-computing-risk-assessment/at_download/fullReport

(ISC)² Belux Chapter

2019-04-04 meeting presentation on CCSP-CCSK

ISC2-Belux-Chapter-20190404-Event

Additional Reading

PCI-DSS

Download PCI-DSS  without registration: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf

Documentation library: https://www.pcisecuritystandards.org/document_library

SOC1/SOC2/SOC3

https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/sorhome.html

Microsoft Azure – Cloud Security Compliance (Trust center)

https://www.microsoft.com/en-us/trustcenter/compliance/compliance-overview

Documents download: https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3

https://servicetrust.microsoft.com/ViewPage/MSComplianceGuide

Regional & country compliance: https://www.microsoft.com/en-us/trustcenter/compliance/regional-country-compliance

Google Cloud Security Compliance

Google Cloud security compliance – general

ISO27001: https://cloud.google.com/security/compliance/iso-27001/

CSA STAR

ISO Standards

ISO27001

ISO27002

ISO27017 (Cloud security)

ISO27018 (Personal data)

ISO27032 (Cybersecurity)

CSA STAR

https://cloudsecurityalliance.org/star/#_overview

Other

Interesting collection of documents & references on compliance and standards: here,  including, HIPAA, PCI-DSS, ISO27001/27002, …

 

 

 

PECB KATE 3.2 : Log on / Log Off / Switch user

PECB offers an application (called KATE, stands for Knowledge management Application for training and education), you can use for online/electronic learning.

From the KATE page, you see there are various versions to use (iOS, Android, Windows, Mac OS, …)

The access to the course content is user based, and is based on the access to the linked course content on your PECB profile.

On the PECB support site, you can find the manuals for all types and version. For this post I refer to the Windows version: https://pecb.com/help/index.php/manuals/kate-for-windows/

The manual explains how to create an account, how to enroll and access the course.

The footnote manual also explains that you can only consult the content on 1 device, one.

“One course can only be linked with one device. If you want to open the course using a different device, click the Link course button using the secondary device.“

It also explains how you can ‘unlink’ the content, see chapter 11.

11. Unlinking Account

When you decide not to use a device for accessing PECB course materials, please click the About option at the top menu, and then click Yes to unlink KATE from your current device. Once unlinked, you will no longer be able to access any course from this device.

What it does NOT explain is how to “log off” as user or how to switch user account.

THAT option is pretty well hidden in the application.

But as I mentioned, the content is USER based, so you CAN switch accounts.

Let me show you.

For your information, in my case I have 2 accounts, 1 user and 1 trainer account. Which is very handy to show how it works.

To run this scenario, you must have these prerequisites met:

• have active user accounts
• course content linked in your online profiles

This is what I’ve got (*)

My user account (course I’m learning, or have learned)	My Trainer account (courses I teach)

How do you switch between both of them?

First logon (eg after fresh install or log out) with one of both accounts

Of course enter your password (I won’t show mine).

Then you get the view on your course content, choose one of the views from the start, (*)

How to log out and log on again?

Here’s the trick.
Once logged in, click the about menu.

Then you’ll get a special button , asking you to “unlink this account”.
Please read: “Log off”.

When you hit that button you get a message that sounds bizar on first sight: 

“Are you sure you want to unlink your KATE account from this device? If you choose OK, this device will be unlinked from your PECB account and will no longer have access at course materials assigned to it. You can link back this device anytime using your PECB account credentials.”

Well, that’s not really clear …

To put is simple, you can  log on again. Just hit the yes button to log off (log out).

If you hit the yes button, the application shuts down, instead of showing the logon screen again.

If that happens, restart the application and we’re back at the beginning of the procedure. Now you can logon with the other account.

 

 

 

Note-to-self: MVA Learning Path – Security for the Chief Security Officer (CSO)

From a LinkedIn connection (thx Jeff and congratz on the achievement) I received an interesting pointer to a set of courses on MVA, Microsoft Virtual Academy.

An MVA ‘learning path’ is a combination of learning courses.
Just recently MVA published the ‘Security for the Chief Security Officer (CSO)’ learning path.

Check it out at : https://mva.microsoft.com/learning-path/security-for-the-chief-security-officer-cso-21

It combines 6 courses (better make sure to access them from the learning path):

1. How to Harden Your Enterprise in Today’s Threat Landscape
2. Cybersecurity Reference Architecture
3. Planning for a Security Incident
4. Cloud Security from the Field
5. Securing Privileged Access
6. Introduction to Azure Security Center

BTW: have a look on the ‘security’ based content on Microsoft Virtual Academy, you’ll be surprised how much you can (continue to) learn.

See: https://mva.microsoft.com/search/SearchResults.aspx#!q=security

Last Updated: 2020-12-29

Note-to-self: free MS Press eBooks on Microsoft Virtual academy

Looking for some Azure reference material, planning for Azure certification exams, …? Have a look at the eBooks section on Microsoft Virtual Academy (MVA)…
Short url: http://aka.ms/freemspress

It has a quite interesting collection of free eBooks you can download…

 

And while you’re there, also check the learning stuff for identity:

http://www.microsoftvirtualacademy.com/Studies/SearchResult.aspx?q=identity

And bookmark this link for security related learning material:

http://www.microsoftvirtualacademy.com/Studies/SearchResult.aspx?q=security

 

Happy learning!

 

Note-to-self: 2014 MCT Program changes, Requirements, Software & Services, Fee Changes

Source: http://www.microsoft.com/learning/en-us/mct-certification.aspx

From the recent Microsoft Learning newsletter to MCTs, I would like to share some news about the changes to the MCT program.
You’ll find more information, more details on the link I mentioned above.

Effective March 1, 2014, there are imporant changes / updates the the MCT certification requirements.
The new MCT Program Guide will be available soon. The guide provides detailed information regarding MCT program requirements.
Please find the details at: http://www.microsoft.com/learning/en-us/mct-certification.aspx#item-ID0ECAAAAACA (Section: Requirements effective March 1, 2014)

As the Technet Subscription has been retired, there is also an important change to the MCT benefits, software & services availability.
Read more at: MCT Software & Services available March 1, 2014 (http://www.microsoft.com/learning/en-us/mct-certification.aspx#item-ID0EEAAAAACA)

“In recognition of the role MCTs play in actively training   students worldwide on Microsoft products, starting March 1st, 2014 MCTs who   renew or enroll in the MCT Program will receive a subscription for MCT   Software & Services. This is a uniquely tailored subscription that   utilizes software and services offerings across Microsoft to provide   exclusive access to resources that help MCTs further develop technical   expertise and training skills.

Two subscriptions are available based on the MCT’s specific   training focus and provide MCTs with enhanced resources including non-time  bombed software and Windows Azure monthly credits.”

Note-to-self: An Overview of Modern Cryptography on Data Encryption Summit (by BrightTalk)

Encryption, certificates and PKI become more and more import in current day to day operations.

If you got some spare time for learning online, the items below might be of interest.

10 interactive webcasts on Modern Cryptography are now available to view on-demand at BrightTalk.

Recorded 5/may/2011

About this Data Encryption summit

“With the ever-increasing volume of data and the adoption of new devices used to access it, effective security is becoming more challenging than ever. Encryption remains one of the best tools to protect sensitive personal and corporate data, but is implemented with varying degrees of success. Our presenters will discuss best practices for using encryption to achieve maximum security by exploring different products, solutions and use cases.

Over 1000 global attendees enjoyed the expert line-up of speakers discussing “modern cryptography“, “protecting corporate assets“, “encryption and social media“, “data leakage-WikiLeaks” and many more. As encryption remains one of the best tools to protect sensitive personal and corporate data, is it implemented with varying degrees of success? Review the topics below and hear our presenters discuss the best practices for using encryption to achieve maximum security by exploring different products, solutions and use cases”

The list of webinar includes:

• An Overview of Modern Cryptography
• Scorecard: How Web Sites are Protecting Users From Firesheep
• Encryption & Tokenisation: Friend or Foe?
• It’s Not Just About IT Security..But About Data Security Now!
• Epic Battle: Compliance vs. Security
• Stopping the WikiLeaks Scenario
• Encryption & the New Social Media
• Social Media Security: Adoption, Adaptation and Adversaries
• Protecting Corporate Assets: Best Practices for Data Encryption
• Using Encryption in a Safe Manner

Keep in mind, you need to be registered with BrightTalk to watch the sessions.

Enjoy !