Certified Information Systems Security Professional

(ISC)2 supports and provides two primary certifications: CISSP and SSCP. These certifications are designed to emphasize the knowledge and skills of an IT security professional across all industries. CISSP is a certification for security professionals who have the task of designing a security infrastructure for an organization. System Security Certified Practitioner (SSCP) is a certification for security professionals who have the responsibility of implementing a security infrastructure in an organization. The CISSP certification covers material from the 10 CBK domains:

1. Access Control Systems and Methodology
2. Telecommunications and Network Security
3. Security Management Practices
4. Applications and Systems Development Security
5. Cryptography
6. Security Architecture and Models
7. Operations Security
8. Business Continuity Planning and Disaster Recovery Planning
9. Law, Investigations, and Ethics
10. Physical Security

The SSCP certification covers material from 7 CBK domains:
- Access Controls
- Administration

- Audit and Monitoring
- Cryptography
- Data Communications
- Malicious Code/Malware
- Risk, Response, and Recovery

The content for the CISSP and SSCP domains overlap significantly, but the focus is different for each set of domains. CISSP focuses on theory and design, whereas SSCP focuses more on implementation. This book focuses only on the domains for the CISSP exam.

CISSP All-in-One Exam Guide, 6th Edition - Shon Harris

CISSP - Certified Information Systems Security Professional Study Guide, Third Edition.pdf 

Certified Information System Security Professional (testking CISSP).pdf 

CISSP Study Guide 2010.pdf 

Practice CISSP

Read more »

Introduction to Public Key Technology and the Federal PKI Infrastructure

Public Key Infrastructures (PKIs) can speed up and simplify delivery of products and services by providing electronic approaches to processes that historically have been paper based. These electronic solutions depend on data integrity and authenticity. Both can be accomplished by binding a unique digital signature to an individual and ensuring that the digital signature cannot be forged. The individual can then digitally sign data and the recipient can verify the originator of the data and that the data has not been modified without the originator’s knowledge. In addition, the PKI can provide encryption capabilities to ensure privacy.

As with all aspects of information technology, introducing a PKI into an organization requires careful planning and a thorough understanding of its relationship to other automated systems. This document provides a brief overview of issues related to the emerging Federal public key infrastructure, and its implementation within government agencies. It also reviews the risks and benefits of various PKI components, and some of the tradeoffs that are possible in the implementation and operation of PKIs within the Federal government.

 

GOALS
This publication was developed to assist agency decision-makers in determining if a PKI is appropriate for their agency, and how PKI services can be deployed most effectively within a Federal agency. It is intended to provide an overview of PKI functions and their applications. Additional documentation will be required to fully analyze the costs and benefits of PKI systems for agency use, and to develop plans for their implementation. This document provides a starting point and references to more comprehensive publications.

Download:
https://mega.co.nz/#!5xIDlSLS!RRIyMD45hDj3732bO2kV1Sw1M5szMGVBl9Y73TPQ5fM

Read more »

Risk Management Guide for Information Technology Systems

This guide describes the risk management methodology, how it fits into each phase of the SDLC,
and how the risk management process is tied to the process of system authorization (or
accreditation).

IMPORTANCE OF RISK MANAGEMENT

Risk management encompasses three processes: risk assessment, risk mitigation, and evaluation and assessment. Section 3 of this guide describes the risk assessment process, which includes identification and evaluation of risks and risk impacts, and recommendation of risk-reducing measures. Section 4 describes risk mitigation, which refers to prioritizing, implementing, and maintaining the appropriate risk-reducing measures recommended from the risk assessment process. Section 5 discusses the continual evaluation process and keys for implementing a successful risk management program. The DAA or system authorizing official is responsible for determining whether the remaining risk is at an acceptable level or whether additional security controls should be implemented to further reduce or eliminate the residual risk before authorizing (or accrediting) the IT system for operation.

Risk management is the process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the IT systems and data that support their organizations’ missions. This process is not unique to the IT environment; indeed it pervades decision-making in all areas of our daily lives. Take the case of home security, for example. Many people decide to have home security systems installed and pay a monthly fee to a service provider to have these systems monitored for the better protection of their property. Presumably, the homeowners have weighed the cost of system installation and monitoring against the value of their household goods and their family’s safety, a fundamental “mission” need.

Download:

https://mega.co.nz/#!Q5hxkJRD!V6cEbUuH8y-hjz2D8O8jPywwXsMPIkdnlz-dbpFzm9k

Read more »

Active Directory

Welcome to the Windows Server 2008 Active Directory Resource Kit, your complete source for the information you need to design and implement Active Directory in Windows Server 2008. The Windows Server 2008 Active Directory Resource Kit is a comprehensive technical resource for planning, deploying, maintaining, and troubleshooting an Active Directory infrastructure in Windows Server 2008. While the target audience for this Resource Kit is experienced IT professionals who work in medium-sized and large-sized organizations, anyone who wants to learn how to implement and manage Active Directory in Windows Server 2008 will find this Resource Kit invaluable. One of the new features in Windows Server 2008 Active Directory is that the term Active Directory now covers a lot more territory than it did in previous iterations of this directory service. What was previously called Active Directory in Windows 2000 and Windows Server 2003 is now called Active Directory Domain Services (AD DS), and several more directory service components have been included under the Active Directory umbrella. These include Active Directory Lightweight Directory Services (AD LDS), Active Directory Certificate Services (AD CS), Active Directory Rights Management Services (AD RMS), and Active Directory Federation Services (AD FS).

Within this Resource Kit you’ll find in-depth technical information on how Active Directory works in Windows Server 2008. In addition, you will find detailed task-based guidance for implementing and maintaining the Active Directory infrastructure. You’ll also find numerous sidebars—contributed by members of the Active Directory product team, other directory experts at Microsoft, and directory services MVPs—that provide deep insight into how Active Directory works, best practices for designing and implementing Active Directory, and invaluable troubleshooting tips. Finally, the companion CD includes deployment tools, templates, and many sample scripts that you can use and customize to help you automate various aspects of managing Active Directory in enterprise environments.

What’s New in Active Directory Domain Services
 

Although much of what you will need to know in order to manage an Active Directory domain remains the same from previous versions of the directory service implementation, such as Windows 2000 and Windows Server 2003, several new and compelling features will offer the administrator greater control and security over the domain environment. This chapter will review six enhancements to the Active Directory Domain Service (AD DS), as well as four new roles that Active Directory can and will play in your enterprise.

Link E-Book:

https://mega.co.nz/#!lpgxVZxR!d0htN0PYCLRWnPjQgrcC_hSxkCBDIgU7OBRy-esNzSY

Slide Presentation Active Directory:

https://mega.co.nz/#!V0YWURbS!a7YIEikbPjFbis4hPpiJ43jlY0hgd2ltNDawTkqzVfw

Template Active Directory:

https://mega.co.nz/#!AlYDkC4S!YXwULAi9nItxru9__I2sszGbTcZT7fZwBKf8qqJW_nU

https://mega.co.nz/#!0oAk0LwK!MlOrzVmDXnzgIAnEN7krHRgONGYbq0V-s_wOx3RFcXw

Read more »

ITIL Version 3

Service providers are increasingly focusing on service quality while adopting a more business and customer oriented approach to delivering services and cost optimization. Many organizations deliver significant change through formal projects, and the failure to ensure that projects address the full Service Management and operational requirements as well as the functional requirements can be a costly, or even fatal, mistake to an organization. Service Transition ensures that the transition processes are streamlined, effective and efficient so that the risk of delay is minimized. 

It establishes assurance of the expected and actual service deliverables, and integrated elements that each service depends on to deliver and operate the service successfully. These elements include applications, infrastructure, knowledge, documentation, facilities, finance, people, processes, skills and so on. Where there is major change there will be complexity and risk. There are usually many interdependencies to manage and conflicting priorities to resolve, particularly as new and changed services transition and go live. 

Service Transition takes into consideration aspects such as organizational change and adaptation of the wider environment in which they operate that would influence an organization’s use of the services and the associated risks. More is required than merely receiving a design containing detailed Acceptance Criteria, implementing according to that design and measuring against the criteria. This would be the case if stability could be assured but in the real world the design and Acceptance Criteria may be affected by changes to IT, other services, the business or other external factors. 

Observation, interpretation and manipulation of the broader services environment are often necessary to deliver the benefits from the services required by the customer and envisaged by design. At all stages the likelihood of success is balanced against the consequences of failure and the costs (financial and other). The assessment and prediction of performance and risk is therefore an essential and day-to-day element of the Service Transition process. Successful Service Transition rests on effective understanding and application of Change Management, quality assurance, and risk management and effective programme and project management. This makes it possible, at every stage through the Service Transition process, to plan, track and confirm progress against current requirements, not just for one service but across all services in transition.

Download ITIL Version 3:

https://mega.co.nz/#!dt5VxDKR!Pp4IniOPsVyZkJXC5WcFFhxbRbBHev2G-Ohhdr4v4A8

Read more »

ISO/IEC 27000

 

Abstract

ISO/IEC 27000:2009 provides an overview of information security management systems, which form the subject of the information security management system (ISMS) family of standards, and defines related terms. As a result of implementing ISO/IEC 27000:2009, all types of organization (e.g. commercial enterprises, government agencies and non-profit organizations) are expected to obtain:

1. an overview of the ISMS family of standards;
2. an introduction to information security management systems (ISMS);
3. a brief description of the Plan-Do-Check-Act (PDCA) process; and
4. an understanding of terms and definitions in use throughout the ISMS family of standards.

The objectives of ISO/IEC 27000:2009 are to provide terms and definitions, and an introduction to the ISMS family of standards that:

1. define requirements for an ISMS and for those certifying such systems;
2. provide direct support, detailed guidance and/or interpretation for the overall Plan-Do-Check-Act (PDCA) processes and requirements;
3. address sector-specific guidelines for ISMS; and
4. address conformity assessment for ISMS. 

ISO 27001 This is the specification for an information security management system (an ISMS) which replaced the old BS7799-2 standard	ISO 27002 This is the 27000 series standard number of what was originally the ISO 17799 standard (which itself was formerly known as BS7799-1)..
ISO 27003 This will be the official number of a new standard intended to offer guidance for the implementation of an ISMS (IS Management System) .	ISO 27004 This standard covers information security system management measurement and metrics, including suggested ISO27002 aligned controls..
ISO 27005 This is the methodology independent ISO standard for information security risk management..	ISO 27006 This standard provides guidelines for the accreditation of organizations offering ISMS certification.

ISO 27000

Source : http://rungga.blogspot.com/2013/03/download-iso-27000.html

Read more »

Exam CEH

EC-Council’s Ethical Hacking and Countermeasures (CEH) is the most advanced ethical hacking and security assessment course available today. The program covers extensive skills on exploiting systems, networks, devices and operating platforms and hacking concepts such as vulnerability assessment, network intrusion, advance viruses, Trojans, and other malware, reverse engineering, defacing websites, damaging network appliances, launching distributed denial-of-service attacks, massive worm propagation, breaking passwords, bruteforcing authentication systems, cracking encryption, exploiting systems, etc.

The program is a massive encyclopedia of hacking technologies and immerses students with advanced attack knowledge.

If you try for Exam Simulation, you can try this Link :
Sofware  
https://mega.co.nz/#!c9QDACIR!OItPGVN5O1MhFwOThM6C_lI2wt5E9hmgQ7gbr5sddYQ

Database Exam CEH
EC1-350 Ethical Hacking

EC1-350 other version



Please Rate and Comments

Read more »

Ebook and Simulation CCNA

Goal for Course is “To provide you with the knowledge and skills necessary to install, operate, and troubleshoot a small network”.

What Is the Lifecycle Services Framework?

The Cisco Lifecycle Services Framework defines the minimum set of activities needed to deploy, operate, and optimize Cisco technologies successfully throughout the lifecycle of a network.

There are six phases in the network lifecycle: Prepare, Plan, Design, Implement, Operate and Optimize. Each phase has a set of service components comprising activities and deliverables to help ensure service excellence. A network service is performed when a service component item is completed.

Link Ebook: 
https://mega.co.nz/#!stIgRAxb!dGKsVDEsDTSvzHtEacjvbSP01pR3fU73-kYZp1O17GU
https://mega.co.nz/#!o0xwFZzR!d0Tfr0jFg5E4r7X4-53YoUUnk8QyFGMiIcogw_vomUY


Simulasi CCNA Test:
https://mega.co.nz/#!01IRTRhb!czj2inroDMrrXg305Vmu0RcZDSM8bTwLsRsKAIzitTc
https://mega.co.nz/#!AkIxFaxB!AAcTkRRNUNt5hDX8BJNrGyKm4g5-uWv3dq1nWjo4Iw0



Software Simulasi:
https://mega.co.nz/#!c9QDACIR!OItPGVN5O1MhFwOThM6C_lI2wt5E9hmgQ7gbr5sddYQ



Selamat menikmati dan isi konten ini sepenuhnya tanggung jawab anda. Mohon di comment dan di Like

Read more »

Certified in Risk and Information Systems Control (CRISC)

 CRISC is the only certification that prepares and enables IT professionals for the unique challenges of  IT and enterprise risk management, and positions them to become strategic partners to the enterprise.

CRISC Impacts Your Career and Your Organization

CRISC is the most current and rigorous assessment available to evaluate the risk management proficiency of IT professionals and other employees within an enterprise or financial institute.Those who earn CRISC help enterprises to understand business risk, and have the technical knowledge to implement appropriate IS controls.

CRISC Certification:   

• Denotes a prestigious, lifelong symbol of knowledge and expertise as a risk professional
• Increases your value to your organization as it seeks to manage IT risk 
• Gives you a competitive advantage over peers when seeking job growth
• Gives you access to ISACA's global community of knowledge and the most up-to-date thinking on IT risk management
• Helps you achieve a high professional standard through ISACA’s requirements for continuing education and ethical conduct

Why Employers Hire CRISCs 

CRISCs bring additional professionalism to any organization by demonstrating a quantifiable standard of knowledge, pursuing continuing education, and adhering to a standard of ethical conduct established by ISACA.
CRISC employees:

• Build greater understanding about the impact of IT risk and how it relates to the overall organization
• Assure development of more effective plans to mitigate risk
• Establish a common perspective and language about IT risk that can set the standard for the enterprise

ISACA draws on a global network of leading professionals to develop its certification programs. With access to experts around the world, ISACA is defining how IT risk is managed in current and future business environments.

Read more »

CSCU

The purpose of the CSCU training program is to provide students with the necessary knowledge and skills to protect their information assets. This class will immerse students into an interactive environment where they will acquire fundamental understanding of various computer and network security threats such as identity theft, credit card fraud, online banking phishing scams, virus and backdoors, emails hoaxes, sex offenders lurking online, loss of confidential information, hacking attacks and social engineering.  More importantly, the skills learnt from the  class helps students take the necessary steps to mitigate their security exposure.

The age requirement for attending the training or attempting the exam  is restricted to any candidate that is at least 18 years old.

If the candidate is under the age of 18, they are not eligible to attend the official training or eligible to attempt the certification exam  unless they provide the accredited training center/EC-Council  a written consent of their parent/legal guardian and a supporting letter from their institution of higher learning. Only applicants from nationally accredited institution of higher learning shall be considered.




EC-Council reserves the right to impose additional restriction to comply with the policy. Failure to act in accordance with this clause shall render the authorized training center in violation of their agreement with EC-Council. EC-Council reserves the right to revoke the certification of any person in breach of this requirement.

Read more »

CHFI

CHFI v8 Program certifies individuals in the specific security discipline of computer forensics from a vendor-neutral perspective. The C|HFI certification will fortify the application knowledge of law enforcement personnel, system administrators, security officers, defense and military personal, legal professionals, bankers, security professionals, and anyone who is concerned about the integrity of the network infrastructure. 

Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks.

Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. Computer forensic investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information. 

Link download CHFI v8:

https://mega.co.nz/#!coplgBgZ!vtQr-8b9PaA-jz-KMxbslY022orLFju8M3H0eU_CUXI  (PPT)

Mirror:
http://uptobox.com/qtdp7jxr6b4b (PPT)
http://uptobox.com/8aejd7apa7z9 (Lab ISO)

Thanks to:

basir_batagor (Kaskuser)

Read more »

CEH

This is the worlds most advanced ethical hacking course with 19 of the most current security domains any ethical hacker will ever want to know when they are planning to beef up the information security posture of their organization. The goal of this course is to help you master an ethical hacking methodology that can be used in a penetration testing or ethical hacking situation. You walk out the door with hacking skills that are highly in demand, as well as the internationally recognized Certified Ethical Hacker certification! This course prepares you for EC-Council Certified Ethical Hacker exam 312-50. Learn more

Read more »

CISM

CISM means higher earning potential and career advancement. Recent independent studies consistently rank CISM as one of the highest paying and sought after IT certifications. 

Enhance your competitive advantage

Demonstrate your information security management expertise. The uniquely management-focused CISM certification promotes international security practices and recognizes the individual who manages designs, and oversees and assesses an enterprise’s information security.


Key Exam Registration Dates:

6 September 2014 Exam*
14 April 2014     Registration Opens
21 July 2014     Final Registration Deadline

register for the September exam

13 December 2014 Exam
15 May 2014     Registration Opens
20 August 2014     Early Registration Deadline
24 October 2014     Final Registration Deadline

register for the December exam

Read more »

How to Become CISA Certified

The CISA designation is awarded to individuals with an interest in Information Systems auditing, control and security who meet the following requirements:

1. Successful completion of the CISA Examination

The examination is open to all individuals who have an interest in information systems audit, control and security. All are encouraged to work toward and take the examination. Successful examination candidates will be sent all information required to apply for certification with their notification of a passing score. For a more detailed description of the exam see CISA Certification Job Practice. Also, CISA Exam Preparation resources are available through the association and many chapters host CISA Exam Review Courses (contact your local chapter).

2. Submit an Application for CISA Certification

Once a CISA candidate has passed the CISA certification exam and has met the work experience requirements, the final step is to complete and submit a CISA Application for Certification. A minimum of 5 years of professional information systems auditing, control or security work experience (as described in the CISA job practice areas) is required for certification. Substitutions and waivers of such experience, to a maximum of 3 years, may be obtained as follows:

• A maximum of 1 year of information systems experience OR 1 year of non-IS auditing experience can be substituted for 1 year of experience.
• 60 to 120 completed university semester credit hours (the equivalent of an 2-year or 4-year degree) not limited by the 10-year preceding restriction, can be substituted for 1 or 2 years, respectively, of experience.
• A bachelor's or master's degree from a university that enforces the ISACA-sponsored Model Curricula can be substituted for 1 year of experience. To view a list of these schools, please visit www.isaca.org/modeluniversities. This option cannot be used if 3 years of experience substitution and educational waiver have already been claimed.
• A master's degree in information security or information technology from an accredited university can be substituted for 1 year of experience.

Exception: 2 years as a full-time university instructor in a related field (e.g., computer science, accounting, information systems auditing) can be substituted for 1 year of experience.
As an example, at a minimum (assuming a 2-year waiver of experience by substituting 120 university credits), an applicant must have 3 years of actual work experience. This experience can by completed by:

• 3 years of IS audit, control, assurance or security experience

OR

• 2 years of IS audit, control assurance or security experience and 1 full year non-IS audit or IS experience or 2 years as a full-time university instructor.

It is important to note that many individuals choose to take the CISA exam prior to meeting the experience requirements.
This practice is acceptable and encouraged although the CISA designation will not be awarded until all requirements are met.
The work experience for CISA certification must be gained within the 10-year period preceding the application date for certification or within 5 years from the date of originally passing the exam. The CISA Application for Certification is available at www.isaca.org/cisaapp. Note that candidates have 5 years from the passing date to apply for certification.

3. Adherence to the Code of Professional Ethics

Members of ISACA and/or holders of the CISA designation agree to a Code of Professional Ethics to guide professional and personal conduct.

4. Adherence to the Continuing Professional Education (CPE) Program 

The objectives of the continuing education program are to:

• Maintain an individual's competency by requiring the update of existing knowledge and skills in the areas of information systems auditing, control or security.
• Provide a means to differentiate between qualified CISAs and those who have not met the requirements for continuation of their certification
• Provide a mechanism for monitoring information systems audit, control and security professionals' maintenance of their competency
• Aid top management in developing sound information systems audit, control and security functions by providing criteria for personnel selection and development

Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours is required during a fixed 3-year period.
View the complete Continuing Professional Education Policy.

5. Compliance with the Information Systems Auditing Standards 

Individuals holding the CISA designation agree to adhere to the Information Systems Auditing Standards as adopted by ISACA.
Please note that decisions on applications are not final as there is an appeal process for certification application denials. Inquiries regarding denials of certification can be sent to certification@isaca.org.

Read more »

Certified Information Systems Auditor (CISA)

The CISA designation is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to manage vulnerabilities, ensure compliance and institute controls within the enterprise.

Key Exam Registration Dates:
6 September 2014 Exam*
 

14 April 2014     Registration Opens
21 July 2014     Final Registration Deadline

register for the September exam

 *ISACA is offering the September 2014 CISA exam at limited locations worldwide.

13 December 2014 Exam
 

15 May 2014     Registration Opens
20 August 2014     Early Registration Deadline
24 October 2014     Final Registration Deadline

register for the December exam

Read more »