I have found that most of my customers are trying to assign metrics to things that are still dynamic and moving. I see metrics thrown all over the place that end up being useless and adds more to the confusion when trying to understand the true health of a company’s security position. In my opinion, [...]

Another piece that contributes to the thinking that you have to learn security incorrectly for the exam is the INSTRUCTORS. I cannot tell you how livid I have become over the years where I hear instructors tell students that they just need to memorize the CISSP type of answers, even though that is not really [...]

The other common statement is just as crucial to understand, which is that you have to learn security how (ISC)2 sees security. I have heard this a million times when teaching CISSP courses and from e-mails to me, CISSP forums, etc. Again, I do not like and cannot fully support the way the CISSP exam [...]

So to get back to the crux of this message, I still hear people complain about having to learn things that they don’t have to know for their jobs and that they have to learn topics the way that (ISC)2 defines them. When I am teaching a class, I cover these complaints in-depth because students [...]

When I took my CISSP exam, I was like most people who take it – I knew just enough to pass the exam, but I had to memorize things because I did not fully understand them. This made me very disappointed. My goal has never been to get as many certifications following my name as [...]

For years I have heard people complain about having to learn things for the CISSP exam that they would never use in their life. When I was studying for this exam several years ago, I said the same types of things. I also hear people saying that they have to learn security through (ISC)2’s view [...]

By Shon Harris http://www.LogicalSecurity.com I have been in the "CISSP world" for over 10 years now. I have taught it for 8 years around the world for corporate and government agencies. I have written books on it, developed products, webinars, study materials, etc. Over the years I have noticed that the students who are attempting to achieve their [...]

Evolving technologies, security, software updates, and regulatory compliance continue to drive training services, but Harris has witnessed a distinctive shift during the past three years from a brick-and-mortar model to online learning. "Everyone agrees that doing an online class just isn’t the same as in person; that’s where we’ve gone because it’s easier, and we [...]

by Norm Beznoska, Directory of Enterprise Security, Infiniti Systems Group During a recent discussion with a valued friend and business associate, Don Heestand, CEO of e-Merging Technologies Group, Don posed a very interesting question, which demands an answer from every organization that outsources many of its Application Development activities to Off Shore Programming firms. “What is [...]

When it comes to the Internet and web-based applications, many situations are unique to this area. Rarely are threats of vandalism an issue in typical computing environments. Also, the potential risk for fraud is higher due to the universal availability of these applications over the Internet. The reason we are using the Internet is to [...]