Frequently discussed issues

One of the purposes of the Wiki is to retain knowledge and make it easliy retrievable. Not only does this Wiki have index and search capability, which is part of the capabilities of web engines, but it also the very nature of a Wiki makes it suitable for knowledge based forums.

Experience with the CISSP Forum on Groups.Yahoo  has shown that each wave of new CISSPs asks roughly the same set of questions, and that some topics keep recurring each year. It seems to be like the old "Time is a Spiral" idea; it sort-of goes in a circle while moving forward.

A Wiki makes the previous cycle instantly part of the present.

Yes, you can search the archives at Groups.Yahoo , but you are dealing with individual messages and you have to reconstruct the thread of questions and response the hard way. With the Wiki, the thread is all on one page.

So what have been some of the issues that keep coming back?

"I Am Not A Lawyer (IANAL), but ..."

Many topics with a legal subtheme keep coming back.

• E-Mail Disclaimers

The ROI of Security

• Protagonists: AntonAylward, JayHeiser? who say the issue isn't ROI but LossAvoidance? ; LaurieMcQuillan and others who say it is an investment and it is a return.

Is Risk Analysis feasible or is Baseline Security a better approach?

• Protagonists: DonnParker, JamesMolini? , AleshireRick? and others

NIST has quite a bit at www.csrc.nist.gov.

The Number of CISSPs

• By country, how the ID numbers are assigned, rate of growth

The CISSP ID numbers are assigned as soon as someone interested in achieving any certification contacts (ISC)² There is no relation to the actual amount of certified persons.

How to gain CPEs, what is valid for CPEs?

• Most of those question can be answered by looking at the (ISC)² website.
• I've formed a group of InfoSec professionals that meet monthly and keep each other up to date with one or two small talks about an infosec related topic of their choice. I've never had any problems. ISSA chapter meetings work well for this, too.

Information Security Standards

• Where to get copies, what they specify, what they don't cover, when you should use them, certification issues surrounding them.

Ethical Hacking and Ethical Hacking Courses?

• Is it an oxymoron or not?
• Are Ethical Hacking Courses? worth while?
• Should universities teach hacking?

YahooGroups Problems

• The E-mail forum for CISSPs is hosted on the Groups.Yahoo  site. This not only handles the mailing list, but also polls and file archives. Many people have problems with it.

The CBK

• About the CBK in general and each of it's 10 domains.

Spam , Phishing  and other Malware 

• Products, vendors, stategies, reviews

Spam

• Tools
  • DNS Based Blacklists (DNSBL)
    • Commercial
      • Kelkea, formerly Mail-Abuse.Org/Com (or short: MAPS), recently acquired by Trend Micro,
    • Free
      • SpamHaus
      • ...
  • Filters
    • Commercial
      • BrightMail, now Symantec
      • TrendMicro Spam Prevention
      • ...
    • Open Source
      • SpamAssassin
      • dspam
      • bogofilter
      • ...
• Email Service Providers
  • BlackSpider
  • FrontBridge
  • MessageLabs

Phishing

• http://www.antiphishing.org a place to start fishing for a solution
• Why phishing works , a paper from Researchers at Harvard University and UC Berkeley.

Malware

Other Certifications

• SANS?
  See http://www.sans.org for details
• CISA? and CISM
  See http://www.isaca.org and the CISA Forum web
• Security+
• Other certifications from (ISC)²

Security risks associated with the ICMP protocol

• ICMP Handling
• ICMP Tunneling?
• ICMP Flooding
  • Denial of Service