CMM and CMMI

CMM and CMMI Maturity Levels Comparison
CMM and CMMI Maturity Levels Comparison

Software Engineering Institute (SEI), 1984

Software Engineering Institute (SEI) was established in 1984 at Carnegie Mellon University as a federally funded research and development center (FFRDC) dedicated to advancing the practice of software engineering and improving the quality of systems that depend on software. (JUNE 21, 2000 • SEI PRESS RELEASE)

Continue reading

The Effective CISSP: Security and Risk Management

The CISSP exam tests not only your technical foundation but also your management concepts. Many CISSP aspirants fail in Domain 1, 2, 6, or 7. It can be an indicator that they may not have connected the dots, e.g., information security governance, risk management, strategic management, project/program management, business continuity, etc.

My book, The Effective CISSP: Security and Risk Management, introduces those concepts that can help you build a solid foundation of information security from the perspective of information systems, business processes, and the organization.

If you have just started your CISSP or CISM (yes, CISM) journey, lost in the jungle of knowledge, or even failed in any of the domains mentioned above, The Effective CISSP: Security and Risk Management will make it straight.

Click the following book to get a copy to kill the beast!

The Effective CISSP: Security and Risk Management
The Effective CISSP: Security and Risk Management

Security Operating Modes

System Security Mode of Operation

Security Modes

“Security Modes” is a shorthand for Security Operating Modes or Security Modes of Operations. DoD Directive 5200.28 on Security Requirements for Automated Information Systems (AISs), published on March 21, 1988, defines Security Mode as follows:

E2.1.41. Security Mode. A mode of operation in which the DAA accredits an AIS to operate. Inherent with each of the four security modes (dedicated, system high, multilevel, and partitioned) are restrictions on the user clearance levels, formal access requirements, need-to-know requirements, and the range of sensitive information permitted on the AIS.

Continue reading

為什麼CISSP在台灣不被重視?

CISSP CBK
CISSP CBK

很多人考過CISSP後,不但沒有升官、也沒有加薪;甚至沒有得到公司應有的重視,反而平白增加不少資安相關的工作負擔,因此感嘆CISSP在台灣不被重視。想要換工作,卻發現雇主都是猴園主人,只拿得出香蕉。更傷人的是,沒有人知道什麼是CISSP! 回過頭,才驚覺CISSP只是自己跟資安圈內人自high的一場遊戲…

Continue reading