Self-Assessment Guide Using COBIT 5

COBIT Self-Assessment Guide: Using COBIT 5 is a "stand-alone" publication, which can be used by organisations to perform a less rigorous assessment of the capability of their IT processes. This may be a precursor to undertaking more rigorous, evidenced-based assessment. The approach is based on the COBIT Process Assessment Model (PAM): Using COBIT 5 in the COBIT assessment programme, but does not require evidentiary requirements in support of the self-assessment, nor does it require use of the COBIT PAM. Sufficient information from the COBIT PAM and a full self-assessment template have been provided to simplify the process, eliminating the need to reference the other two publications in the COBIT assessment programme. However, users are encouraged to refer to the COBIT PAM and the COBIT Assessor Guide: Using COBIT 5.

The COBIT Self-Assessment Guide: Using COBIT 5:

• Details how to perform a basic self assessment of an organization’s current IT process capability levels against COBIT 5
• Is based on the COBIT Process Assessment Model (PAM): Using COBIT 5 but is a stand-alone guide supporting the basic self assessment approach
• Defines roles and responsibilities for performing assessments
• Provides options for the scoping of assessments
• Defines the types of evidence that should be gathered
• Provides guidance on how to determine the capability level of an IT process

https://mega.co.nz/#!Bk41xCKQ!JGdiFlNKolZGuBm5cOMxTBVzf9ATeDsxOKQRKDUrc6Q

Read more »

ANSI TIA-942 (Telecommunications Infrastructure Standard for Data Centers)

The Telecommunications Industry Association's TIA-942 Telecommunications Infrastructure Standard for Data Centers is an American National Standard that specifies the minimum requirements for telecommunications infrastructure of data centers and computer rooms including single tenant enterprise data centers and multi-tenant Internet hosting data centers. The topology proposed in the standard was intended to be applicable to any size data center. The standard was first published in 2005, following on the structured cabling work defined in TIA/EIA-568, and is often cited by companies such as ADC Telecommunications and Cisco Systems. The standard was updated with an addendum ANSI/TIA-942-A-1 in April 2013 from the TR-42.1 engineering subcommittee.

The TIA-942 specification references private and public domain data centre requirements for applications and procedures such as:

• Network architecture
• Electrical design
• File storage, backup and archiving
• System redundancy
• Network access control and security
• Database management
• Web hosting
• Application hosting
• Content distribution
• Environmental control
• Protection against physical hazards (fire, flood, windstorm)
• Power management

ANSI TIA-942:
https://mega.co.nz/#!JhAH0BZJ!BRwKlqS36SVycFhia4T7HfK0HXaeXuaNxOmNwkihthc

Slide Presentation:
https://mega.co.nz/#!RkgDQaSB!HFTFmiv5wQ6OBD_rwrD4fnqGjNhRFRDfjPuxDLFn0I8

Read more »

Download Certified Ethical Hacker Version 8

To beat a hacker, you need to think like one! This is exactly what this class will teach you. It is the pinnacle of the most desired information security training program any information security professional will ever want to be in. To master the hacking technologies, you will need to become one.

The definition of an Ethical Hacker is very similar to a Penetration Tester. The Ethical Hacker is an individual who is usually employed with the organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods and techniques as a Hacker.   

The Certified Ethical Hacker class will immerse the students into a hands-on environment where they will be shown how to conduct ethical hacking. They will be exposed to an entirely different way of achieving optimal information security posture in their organization; by hacking it! They will scan, test, hack and secure their own systems.

This is the worlds most advanced ethical hacking course with 19 of the most current security domains any ethical hacker will ever want to know when they are planning to beef up the information security posture of their organization. The goal of this course is to help you master an ethical hacking methodology that can be used in a penetration testing or ethical hacking situation. You walk out the door with hacking skills that are highly in demand, as well as the internationally recognized certified ethical hacker certification! This course prepares you for EC-Council Certified Ethical Hacker exam 312-50.

The most advanced ethical hacking course in the world that covers cutting edge of hacking technology. EC-Council researchers go deep underground covertly to extract advanced attacks and exploits. They analyze how hackers operate and present detailed illustrated hacking methodologies to defense community. The certified ethical hacker courseware is over 3,000 pages, covering 20 modules with comprehensive advanced hacking concepts, techniques, tips, tools and countermeasures.

The certified ethical hacker training class deals with real life scenario and real threats by real life experts in the field. Learn real life ethical hacking methodology beyond automated vulnerability scans and simple information security tests. The class is weaved around real-time information security incident and cases to inculcate a capability of making knowledgeable decisions while defending your organizations’ information resources.  

Gain global recognition as being a certified member of a globally recognized institution and attain the skills of a professional ethical hacker/penetration tester. The certified ethical hacker program provides you an industry standard information security curriculum and is accompanied by a highly sought-after certified ethical hacker certification that helps establish your career as an information security expert. 

Play with hacking tools that are used by the real attackers. The certified ethical hacker Tools DVDs included in the certified ethical hacker courseware kit contain over 24 GB of underground hacking and security tools that are not found in any other training course anywhere in the world. The EC-Council researchers report and update advanced hacking tools every day on the members portal and www.hackerjournals.com.

Get your hands dirty with actual hands on labs under the guidance of some of the best information security professionals in this space. The certified ethical hacker lab environment simulates a real time information infrastructure and facilitates an objective and modular learning. The result oriented, descriptive and analytical labs are designed by industry experts to reinforce the learning and demonstrate your proficiency in handling real time information security threats. 

Unlike other classes that provide courseware tightly coupled with the presentation and somewhat useless outside of that environment, EC-Council has always sought to provide reference material that continues to be valuable long after the course has concluded. The certified ethical hacker references to valuable resources including whitepapers, tools and videos are updated continuously and delivered across multiple channels to facilitate a comprehensive learning. To know more, visit our Resources page.

Download CEH Version 8

 

Read more »

Certified Information Systems Security Professional

(ISC)2 supports and provides two primary certifications: CISSP and SSCP. These certifications are designed to emphasize the knowledge and skills of an IT security professional across all industries. CISSP is a certification for security professionals who have the task of designing a security infrastructure for an organization. System Security Certified Practitioner (SSCP) is a certification for security professionals who have the responsibility of implementing a security infrastructure in an organization. The CISSP certification covers material from the 10 CBK domains:

1. Access Control Systems and Methodology
2. Telecommunications and Network Security
3. Security Management Practices
4. Applications and Systems Development Security
5. Cryptography
6. Security Architecture and Models
7. Operations Security
8. Business Continuity Planning and Disaster Recovery Planning
9. Law, Investigations, and Ethics
10. Physical Security

The SSCP certification covers material from 7 CBK domains:
- Access Controls
- Administration

- Audit and Monitoring
- Cryptography
- Data Communications
- Malicious Code/Malware
- Risk, Response, and Recovery

The content for the CISSP and SSCP domains overlap significantly, but the focus is different for each set of domains. CISSP focuses on theory and design, whereas SSCP focuses more on implementation. This book focuses only on the domains for the CISSP exam.

CISSP All-in-One Exam Guide, 6th Edition - Shon Harris

CISSP - Certified Information Systems Security Professional Study Guide, Third Edition.pdf 

Certified Information System Security Professional (testking CISSP).pdf 

CISSP Study Guide 2010.pdf 

Practice CISSP

Read more »

Introduction to Public Key Technology and the Federal PKI Infrastructure

Public Key Infrastructures (PKIs) can speed up and simplify delivery of products and services by providing electronic approaches to processes that historically have been paper based. These electronic solutions depend on data integrity and authenticity. Both can be accomplished by binding a unique digital signature to an individual and ensuring that the digital signature cannot be forged. The individual can then digitally sign data and the recipient can verify the originator of the data and that the data has not been modified without the originator’s knowledge. In addition, the PKI can provide encryption capabilities to ensure privacy.

As with all aspects of information technology, introducing a PKI into an organization requires careful planning and a thorough understanding of its relationship to other automated systems. This document provides a brief overview of issues related to the emerging Federal public key infrastructure, and its implementation within government agencies. It also reviews the risks and benefits of various PKI components, and some of the tradeoffs that are possible in the implementation and operation of PKIs within the Federal government.

 

GOALS
This publication was developed to assist agency decision-makers in determining if a PKI is appropriate for their agency, and how PKI services can be deployed most effectively within a Federal agency. It is intended to provide an overview of PKI functions and their applications. Additional documentation will be required to fully analyze the costs and benefits of PKI systems for agency use, and to develop plans for their implementation. This document provides a starting point and references to more comprehensive publications.

Download:
https://mega.co.nz/#!5xIDlSLS!RRIyMD45hDj3732bO2kV1Sw1M5szMGVBl9Y73TPQ5fM

Read more »

Risk Management Guide for Information Technology Systems

This guide describes the risk management methodology, how it fits into each phase of the SDLC,
and how the risk management process is tied to the process of system authorization (or
accreditation).

IMPORTANCE OF RISK MANAGEMENT

Risk management encompasses three processes: risk assessment, risk mitigation, and evaluation and assessment. Section 3 of this guide describes the risk assessment process, which includes identification and evaluation of risks and risk impacts, and recommendation of risk-reducing measures. Section 4 describes risk mitigation, which refers to prioritizing, implementing, and maintaining the appropriate risk-reducing measures recommended from the risk assessment process. Section 5 discusses the continual evaluation process and keys for implementing a successful risk management program. The DAA or system authorizing official is responsible for determining whether the remaining risk is at an acceptable level or whether additional security controls should be implemented to further reduce or eliminate the residual risk before authorizing (or accrediting) the IT system for operation.

Risk management is the process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the IT systems and data that support their organizations’ missions. This process is not unique to the IT environment; indeed it pervades decision-making in all areas of our daily lives. Take the case of home security, for example. Many people decide to have home security systems installed and pay a monthly fee to a service provider to have these systems monitored for the better protection of their property. Presumably, the homeowners have weighed the cost of system installation and monitoring against the value of their household goods and their family’s safety, a fundamental “mission” need.

Download:

https://mega.co.nz/#!Q5hxkJRD!V6cEbUuH8y-hjz2D8O8jPywwXsMPIkdnlz-dbpFzm9k

Read more »

Active Directory

Welcome to the Windows Server 2008 Active Directory Resource Kit, your complete source for the information you need to design and implement Active Directory in Windows Server 2008. The Windows Server 2008 Active Directory Resource Kit is a comprehensive technical resource for planning, deploying, maintaining, and troubleshooting an Active Directory infrastructure in Windows Server 2008. While the target audience for this Resource Kit is experienced IT professionals who work in medium-sized and large-sized organizations, anyone who wants to learn how to implement and manage Active Directory in Windows Server 2008 will find this Resource Kit invaluable. One of the new features in Windows Server 2008 Active Directory is that the term Active Directory now covers a lot more territory than it did in previous iterations of this directory service. What was previously called Active Directory in Windows 2000 and Windows Server 2003 is now called Active Directory Domain Services (AD DS), and several more directory service components have been included under the Active Directory umbrella. These include Active Directory Lightweight Directory Services (AD LDS), Active Directory Certificate Services (AD CS), Active Directory Rights Management Services (AD RMS), and Active Directory Federation Services (AD FS).

Within this Resource Kit you’ll find in-depth technical information on how Active Directory works in Windows Server 2008. In addition, you will find detailed task-based guidance for implementing and maintaining the Active Directory infrastructure. You’ll also find numerous sidebars—contributed by members of the Active Directory product team, other directory experts at Microsoft, and directory services MVPs—that provide deep insight into how Active Directory works, best practices for designing and implementing Active Directory, and invaluable troubleshooting tips. Finally, the companion CD includes deployment tools, templates, and many sample scripts that you can use and customize to help you automate various aspects of managing Active Directory in enterprise environments.

What’s New in Active Directory Domain Services
 

Although much of what you will need to know in order to manage an Active Directory domain remains the same from previous versions of the directory service implementation, such as Windows 2000 and Windows Server 2003, several new and compelling features will offer the administrator greater control and security over the domain environment. This chapter will review six enhancements to the Active Directory Domain Service (AD DS), as well as four new roles that Active Directory can and will play in your enterprise.

Link E-Book:

https://mega.co.nz/#!lpgxVZxR!d0htN0PYCLRWnPjQgrcC_hSxkCBDIgU7OBRy-esNzSY

Slide Presentation Active Directory:

https://mega.co.nz/#!V0YWURbS!a7YIEikbPjFbis4hPpiJ43jlY0hgd2ltNDawTkqzVfw

Template Active Directory:

https://mega.co.nz/#!AlYDkC4S!YXwULAi9nItxru9__I2sszGbTcZT7fZwBKf8qqJW_nU

https://mega.co.nz/#!0oAk0LwK!MlOrzVmDXnzgIAnEN7krHRgONGYbq0V-s_wOx3RFcXw

Read more »