• What is Cloud Computing?
  • NIST SP 800-145: The NIST Definition of Cloud Computing
• Overview and Vocabulary
  • ISO/IEC 17788: Overview and Vocabulary
  • NIST SP 500-291: NIST Cloud Computing Standards Roadmap
  • NIST SP 500-292: NIST Cloud Computing Reference Architecture
• Cloud Security
  • NIST SP 800-144: Guidelines on Security and Privacy in Public Cloud Computing
• Cloud Stacks
  • CloudStack Versus OpenStack Versus Eucalyptus: Lightning Strikes the IaaS Private Cloud
• Audit Report
  • Google SOC3 2017
  • AWS SOC, SOC3 2018
•  References
  • ISO-IEC 17789 2014
  • Technical Reports from ITU-T’s Cloud Computing Focus Group are available

• Scenarios
  • Secure communication: HTTPS/802.11i WPA2
  • Encrypting files on disk: EFS, TrueCrypt
  • Content protection: DVD/CSS, Blue-ray/AACS
  • User Authentication
• Building blocks
  • Plain-text and cipher-text
  • Algorithm: publicly known, never use a proprietary cipher
  • Key: one-time key/many-time key(dynamic key)
• Series Videos
  1. What is cryptography
  2. History of cryptography
  3. Discrete probability Crash course
  4. Discrete probability crash course cont
  5. Information theoretic security and the one time pad
  6. Stream ciphers and pseudo random generators
  7. Attacks on stream ciphers and the one time pad
  8. Real world stream ciphers
  9. PRG Security Definitions
  10. Semantic Security
  11. Stream ciphers are semantically secure
  12. What are block ciphers
  13. The Data Encryption Standard
  14. Exhaustive search attacks
  15. More attacks on block ciphers
  16. The AES block cipher
  17. Block ciphers from PRGs
  18. Review PRPs and PRFs
  19. Modes of operation one time key
  20. Security for many time key
  21. Modes of operation many time key CBC
  22. Modes of operation many time key CTR
  23. Message Authentication Codes
  24. MACs Based On PRFs
  25. CBC MAC and NMAC
  26. MAC padding
  27. PMAC and the Carter Wegman MAC
  28. Introduction (Collision Resistance)
  29. Generic birthday attack
  30. The Merkle Damgard Paradigm
  31. Constructing compression functions
  32. HMAC
  33. Timing attacks on MAC verification
  34. Active attacks on CPA secure encryption
  35. Definitions (Authenticated Encryption)
  36. Chosen ciphertext attacks
  37. Constructions from ciphers and MACs
  38. Case study TLS
  39. CBC padding attacks
  40. Attacking non atomic decryption
  41. Key Derivation
  42. Deterministic Encryption
  43. Deterministic EncryptionSIV and wide PRP
  44. Tweakable encryption
  45. Format preserving encryption

CISA Cleared!

After another 50-hour study in 2 weeks (from 2018/08/14 to 2018/08/28), I cleared the ISACA CISA exam today. The following is what I used to prepare for this exam:

• CISA Certified Information Systems Auditor All-in-One Exam Guide, Third Edition
• English: CISA Review Manual, 26th Edition
• English: CISA Review Questions, Answers & Explanations Database – 12 Month Subscription

Milestone Achieved!

It’s about time to declare I’ve achieved my second milestone for 2018.

• Milestone #2: ISACA
  • 2018/08/28 CISA
  • 2018/08/13 CRISC
  • 2018/07/24 CISM
• Milestone #1: PMI + CISSP
  • 2018/07/10 RMP
  • 2018/06/19 CISSP
  • 2018/04/27 PBA
  • 2018/04/09 ACP

Long Way to Go!

I am still on my way to build my profession on information security and the coming milestones are as follows:

• Milestone #3: ISC2
  • 2018/09/14 CSSLP
  • 2018/09/28 CCSP
• Milestone #4: EC-Council
  • 2018/10/15 CEH
  • 2018/10/29 ECSA

To pass the CRISC exam, I spent around 50 hours in 3 weeks (from 2018/07/24 to 2018/08/13) studying the following materials:

• English: CRISC Review Manual, 6th Edition
• English: CRISC Review Questions, Answers & Explanations Database – 12 Month Subscription

Candidates have 4 hours to complete the 150-question exam; It takes me 3 hours to nail it, 2 hours for answering questions and 1 hour for review.

The risk management discipline is still evolving and it takes time to get yourself acquainted with the terminologies used in CRISC. There are even some conflicts or inconsistencies between risk management methodologies.

Just follow the official CRISC review manual and questions from ISACA. It would be the most efficient way to pass this exam.

As a coach for the ACP16 class pursuing the PMI-ACP certification, I would propose a vision statement as follows and invite your commitment to:

The Shared Vision and Common Goals

1. To succeed in the PMI-ACP exam by 2018/09/30 and help others do
2. To continue learning and cultivate this profession on an ongoing basis

The Ground Rules

1. Get prepared
2. Be on time

Please get prepared and be on time to show up for the study group meetings. To be prepared, you have to study the specified materials as best as you can and it is highly expected that you finish the 20 assessment questions for each exam domain and learn by test-driven and top-down approach.

It is the key to the success of you and the whole team acknowledging the value of the ACP16 partnership, actively participating in the class activities and study group meetings.

Your coach,
Wentz Wu
2018/08/01