ISC2 Official Resources

1. CSSLP – Certified Secure Software Lifecycle Professional (ISC2 Official Certification Web Page)
2. *CSSLP Certification Exam Outline (Effective September 15, 2023)
3. CSSLP Study Tools and Resources
4. *CBK Suggested References

The Network Mapper (Nmap) utility can do the following tasks:

1. Target Enumeration (-sL): Enumerating a target specification (simply listing targets to scan).
2. Host Discovery (-sn): Discovering live hosts
3. Port Scan: Identifying services provisioned

If none is specified, nmap will do all the above.

$ nmap 10.10.10.100/30         
Starting Nmap 7.93 ( https://nmap.org ) at 2024-02-18 06:34 PST
Nmap scan report for kali-01.lab.wuson.org (10.10.10.100)
Host is up (0.00034s latency).
Not shown: 999 closed tcp ports (conn-refused)
PORT   STATE SERVICE
22/tcp open  ssh

Nmap scan report for 10.10.10.101
Host is up (0.00040s latency).
Not shown: 999 closed tcp ports (conn-refused)
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 4 IP addresses (2 hosts up) scanned in 1.31 seconds

References

• Booting
• Bare Bones
• x86 Assembly/X86 Architecture
• NASM – The Netwide Assembler
• Writing An Operating System – The Boot Process (Part 1)
• Welcome to QEMU’s documentation!
• Kali-Meta
• Debian Packages
• The Linux Kernel
• What are .S files?
• Kernel subsystem documentation
• Beginning x64 Assembly Programming: From Novice to AVX Professional (Amazon)
• The Linux Programming Interface: A Linux and UNIX System Programming Handbook (Amazon)

New CISSP Exam Outline

Please Note: Effective April 15, 2024, the CISSP exam will be based on a refreshed exam outline. Please refer to the CISSP Exam Outline and our FAQs for more information.

Source: CISSP Certification Exam Outline Summary

New CISSP CAT Exam Changes

Effective April 15, 2024, the time limit for the CAT exam will be a maximum of three (3) hours. Candidates taking the CAT version of the exam will see a minimum of 100 and a maximum of 150 items.

The linear exam length will remain 6 hours for 225 scored items. Candidates taking the linear version of the exam will receive 225 total items.

Source: CISSP Computerized Adaptive Testing

New CISSP Exam Languages Availability

Effective 15 April 2024, the following exams will only be delivered in the listed languages:
CC – English, Chinese, German, Japanese
CCSP – English, Chinese, German, Japanese
CISSP – English, Chinese, German, Japanese, Spanish
For Chinese, please see notice at top of this page
SSCP – English, Japanese, Spanish

Source: ISC2 Exam Languages Availability

Related Links

1. CPU jumps to the reset vector when the power is turned on.
2. CPU executes the BIOS code to start the Power On Self Test (POST).
3. BIOS loads the Master Boot Record (MBR) and executes the bootstrapper code.
4. The bootstrapper determines the active partition and loads the OS kernel.

• Unix was developed by Ken Thompson at Bell Laboratories, a division of AT&T, in 1969.
• Linus Torvalds was born in a Swedish-speaking family in Helsinki, Finland, in 1969.
• C programming language was created by Dennis Ritchie in 1970.
• Unix 7th edition was released in January 1979.
• 3BSD (Berkeley Software Distribution), the first full distribution of BSD, was released in December 1979.
• System III, produced by AT&T’s Unix Support Group, was released in 1981.
• System V followed in 1983.
• Richard Stallman founded the Free Software Foundation (FSF) to support the GNU (GNU is not UNIX) project.
• System V Release 4 (SVR4) was released in 1989.
• Unix variants in the 1980s: Sun’s Solaris, IBM’s AIX, HP’s HP-UX, NeXT’s NeXTStep, Apple’s A/UX, and SCO’s XENIX.
• Minix, as a tool for teaching OS, was developed in 1987 by Andrew Tanenbaum, a university professor in Holland.
• The initial Linux Kernel 0.02 was announced in the comp.os.minix Usenet newsgroup by Linux Torvalds on October 5, 1991.
• The first release of Linux Kernel version 1.0 was in March 1994.
• The latest release of the Linux Kernel is 6.7.1 as of January 25, 2024.

References

• List of Linux distributions
• Linux Distributions
• CentOS Linux is going End of Life, What does that mean for me?
• What’s the difference between Fedora and Red Hat Enterprise Linux?
• Ubuntu
• BackTrack
• Kali Linux
• Proxmox Virtual Environment
• Linux distros tree.png

With 20 study hours or so, I passed the ISC2 CGRC (formerly known as CAP) exam today (Jan 9, 2024). As a CISSP, I was reluctant to pursue the entry-level exam CC and US government-specific CGRC/CAP because CISSP covers job practices well enough. However, as a CISSP instructor, I must wear the same shoes to prove to my students that CC is a fantastic starter and a significant milestone in the CISSP journey. Moreover, CGRC is a good personal goal for learning and growth in 2024.

Having completed the exam today, I’d like to thank Nancy Allen, also a CGRC holder, who inspired me to push forward to both CGRC and CC. She is quite active in the community and passionate about sharing and helping people. Thank you so much for your contributions and advancing the profession!

I’m thankful for Prabh Nair‘s valuable sharing, How to Prepare for CGRC 2024. He summarized key points for CGRC aspirants and provided effective guidance.

I am grateful to Fadi Sodah (aka Madunix), author of the CISSP Process Guide, for his ongoing quality write-ups. Even though Fadi is undergoing a disease recovery, he keeps writing and helping people. He inspired and motivated me a lot when I was suffering challenges. Thank you, Fadi!

A business is an entity with the capability of performing various functions that add value by transforming incoming things into outgoing results to deliver products and services. A business function comprises one or more processes, which can be broken down into minor activities and tasks. Activities can be assigned to the role level and tasks at the individual level.

An individual takes actions, step by step, per the standard operating procedure (SOP) to complete a task. The term operations means that a business exercises its capabilities to perform a combination of business functions to deliver products and services continuously.

References

• What is a task, an activity, a process?
• Assigning Activities to Users as Tasks
• business capability
• Business Capability Definition and Examples
• Capabilities vs. Business Functions: Same Difference?
• How do you differentiate between a Business Function and a Capability?
• Business Functions vs Business Capabilities
• Business functions vs services vs capabilities: a short guide
• What is a Business Function? | Examples & Definition of Business Functions

Many CISSP exam candidates in Taiwan received an email from ISC2 today that the linear CISSP exam is not available in simplified Chinese until further notice due to irregularities in candidates’ results. Their exam appointments are either canceled or rescheduled. I’m unsure if it is a system malfunction or an exam irregularity problem. Suppose it’s an exam irregularity in the simplified Chinese exam. In that case, I’m glad to see the mitigation actions, as ISC2 has been doing a great job maintaining the integrity of the CISSP exam.

However, I hope ISC2 can make simplified Chinese available in Taiwan soon after the investigation. People in Taiwan use traditional Chinese daily and feel more comfortable with simplified Chinese than English. Taking English exams is more challenging for most Taiwanese than doing Simplified Chinese ones.

Taiwan and China are two independent countries. If something goes wrong in China, I hope treatments applied to Taiwan can be considered separately.