Yeah, I have a small checklist, collected from a friend.

As you know it is an iterative process and you will visit this document many time while preparing DRP/BCP Strategy.

HTH.

Hi  H1t M0nk3y,

First thing first. Identify assets, carry out risk assessment then carryout Business Impact Analysis (BIA). Through process analysis measure Recovery Time Objective (RTO) and Recovery Point Objective (RPO).

Then prepare strategies for DR and BCP.

I hope i am on the track.

HTH.
 

Man, man, man!!!

Age is mere a number. don't worry and go ahead. Though I am 50 now, I feel very young with younger member of this group!!

Enjoy.

I agree with eth3real. As you would be using it as an attacking machine, many tools at many times, it is advisable to keep a swap partition. You never know when you need it. May be any new utility may require more memory. Then swap partition can come handy.

@Seen,

In old days, when memory cost was sky high, we used to have double-the-ram size swap partitions. Now as they are cheaper, swap size is not of concern. I had seen server with 64GB Ram running Unix flavors with very small swap partition. However, it entirely depends on what you are going to do with system. If it is a dbserver or something heavy, then we need to consider swap size.

@cd1zz

I hope you must have read, at least once, the official study guide for CISSP CBK book. Cccure.org has good quizzes on CISSP. Content is very wide, covering most the technologies, as you might be aware. I cleared it some 4 years back and I do not expect it to change drastically. Exam would be around 250 questions and it gives you sufficient time of 6 hours to complete it!! How long were you preparing for this exam?

wishing you all the best.

Congratulations to all who has passed the exam.

Do not forget the CPEs now. I got recertified 15 days back. fortunately, I had enough CPEs. So, pay attention to CPEs.

Wishing you all the best.

Hi COm_BOY,

Download Damn Vulnerable Web Application from
http://www.dvwa.co.uk/

HTH

Immediate response could be "deploy a honeypot". I hope over a period of time, honeypots must have evolved from plain TCP/IP windowing feature to something more sophisticated.

However, you have to understand the legal implications based on your location country.

It is a fraud company. I had posted about it here in our forum.

It was titled "Beware of Frauds" under "Career Central". I think the magazine owner/editor and this company are going hand in hand to fleece people of their $$.
I have received their DVD and I want to check for IPR and copyright violations. But very busy in routine work.

All the best

As I understood, the ISP site itself does not host any TOR proxies, but would like to figure out the effects of allowing staffs/users to use TOR proxies.

TOR proxies are basically used to obfuscate the source IP address. Generally, TOR proxies are hosted in countries without much regulations and without answerability. Primarily they are used to carry out illegal activities/cyber crimes to evade tracing to the real initiator. Hence, we will see more single users would be using them, not corporate like any ISP. Further more, these TOR Proxies itself might push back Malware to users. Or it may record the activities being carried out and either mis-use it or use it for cyber ransom. 

First of all the need to use TOR proxies. If business need does not require it to be used, policy should be created to that effect.

It is meant only for the hardware level RAID which is faster than a Software based RAID implementation. Later is slower because of operating at Layer 7.


In hardware based RAID implementation, you need to have similar capacity, RPM etc. Software based implementation does not need them because it operates at block level of a file system, block of an NTFS from one drive to another drive. So, it does not tax drive electronics leading to a failure. Failure could be because of other reasons, not because of software RAID implementation.

My 2 cents.

Probably, ISO document may provide you the details of 134 controls.

Devesh,

As mentioned earlier, I just browsed through the contents. Print material is "Glossy" trash. I scanned DVD and searched for cracks, rather than browsing all folder, and I found many cracks. As I got busy in normal activities, I could not revert back to our group, as promised, with list of companies whose IPR is being violated. But I will find some time and submit the list.

meanwhile, I got a phone call from its Jaipur, India office about their displeasure of reporting the matter on internet. Subsequently, I got emails from them with an attached exe which installs a malicious software which records passwords. They sell this software also!! They also send me details about US office registration no. etc.. and its announcement of opening an office in Czechoslovakia!!

I have also informed Jaipur Chapter chief of Data Security Council of India and he has promised me to help, if needed.

Let us not stop our crusade against rogues.

Regards.
 

Congratulations, Manu.

We all feel proud to have you as a member who is a source of information and knowledge. ISLA award is meant for persons like you.

All the best.