Planting Seeds of Success
The CompTIA Advanced Security Practitioner (CASP) certification is a newer certification from CompTIA that is starting to get more attention. It was recently approved as one of the certifications by Department of Defense (DoD) and is listed on the same level as the CISSP certification in some categories. I have written about the (CASP) certification in the past [...]
If you’re planning on taking the Security+, SSCP, or CISSP exam you should understand the common risk management methods used by security professionals. As an example, Objective 2.1 “Explain risk related concepts” for the CompTIA Security+ exam lists risk-avoidance, transference, acceptance, mitigation, and deterrence. Risk management is the practice of identifying, monitoring, and limiting risks to a manageable level. It [...]
If you’re planning on taking the Security+, SSCP, or CISSP exam you should know about many of the attack types such as the smurf attack. As an example, Objective “3.2 Analyze and differentiate among types of attacks” for the CompTIA Security+ exam lists several common types of attacks including the smurf attack. A smurf attack spoofs [...]
If you’re seeking a security certification such as the Security+, SSCP, CISSP, or even one of the Microsoft certifications, you’ll be glad to hear that your expertise is needed. If you’re seeking one of these certifications, check out this page for some study resources. The GBS Group is Hiring Brian Trees at The GBS Group [...]
If you’re preparing for the Security+ SY0-301 exam, you should have a basic understanding of a certificate, a certificate revocation list (CRL) and a certificate authority (CA). A reader recently sent me a query on these. I answered him directly but expanded my answer here to provide a little more detail. Certificate A certificate is [...]
I’ve been busy with several projects recently, including putting together the Darril Gibson website so I haven’t been able to post as often as I would have liked. However, on this Memorial Day I thought I’d jot down a few notes letting people know what I’ve been up to. CISSP: Certified Information Systems Security Professional [...]
If you’re studying for one of the security certifications like CISSP, SSCP, or Security+ you’ll come across intrusion detection systems and intrusion prevention systems. An intrusion detection system can detect and alert on potential intrusions, and an intrusion prevention system goes a step further and can block an attack. There’s a lot of depth to [...]
Denial of service (DoS) attacks such as smurf and fraggle attacks are important to understand when studying for any security certification including Security+, SSCP, or CISSP. Smurf and fraggle attacks are similar but they have subtle differences. DoS Attack A DoS attack comes from a single entity and is intended to make a computer’s resources [...]
If you’re studying for one of the security certifications like CISSP, SSCP, or Security+ it’s important to understand the different factors of authentication, and how they can be intertwined as multifactor authentication. These are commonly known as something you know (such as a password), something you have (such as a smart card), and something you [...]
If you’re studying for one of the security certifications like CISSP, SSCP, or Security+ it’s important to understand the difference between identification, authentication, and authentication. These concepts are intertwined, but have specific differences. When looking at these topics, especially for the SSCP and CISSP exams, it’s important to understand the differences between subjects and objects. [...]
