Tuesday, April 1, 2025
"Security for ordinary folks": Lessons from Signalgate - 4 - Cell phones, info capture, attack and breach
Monday, March 31, 2025
"Security for ordinary folks": Lessons from Signalgate - 3 - Signal, Identity and authentication
Friday, March 28, 2025
"Security for ordinary folks": Lessons from Signalgate - 2 - Cell phones and SCIFs
Thursday, March 27, 2025
"Security for ordinary folks": Lessons from Signalgate - 1 - Rules
Wednesday, March 26, 2025
CISSPForum FAQ
1.4 Is there an official CISSPforum FAQ?Not any more. There used to be one but, in its infinite wisdom one dark day in 2018, (ISC)² decided to can the original (ISC)²-managed CISSPforum on! Yahoo! groups! While CISSPforum members collectively sighed with relief at the! end! of! Yahoo!’s nonsense!, the shutdown decision was made unilaterally without consulting CISSPforum members. In fact, we consider ourselves fortunate to have found out about it moments before the plug was pulled. We were lucky! We used to dream of being informed by (ISC)². In the final few hours before its ultimate demise, Yahoo!’s archive! of! CISSPforum! messages! was shamelessly plundered and preserved for all eternity. In years to come, wave after wave of new CISSPs will discover the wealth of insightful commentary and accumulated wisdom that lies therein, thanks to the historic messages having been uploaded to Groups.IO. Simply browse or search and enjoy. 1.5 DisclaimerThe information provided in this FAQ is not guaranteed <full stop> The information provided here is often the curious opinion of one deluded person and, however unlikely this may seem to them, there may conceivably be valid opposing views. Use the information in this FAQ at your own risk. Your mileage may vary. Do not run with scissors. Do not pass Go. This is not legal advice. The legal buck doesn’t even think about wandering through this quiet turnpike on the information souperhighway while charging its time by the second. The unofficial FAQ is neither promulgated nor endorsed by (ISC)2, its officers or its affiliates, nor by any government, nameless government agency or religion. It is technology-neutered and sexless. This is an independent unofficial and decidedly cranky work by a tiny albeit vocal and rather cynical minority of CISSPforum members with this particular version having been heavily modified by self-acknowledged beards-of-colour who are clearly disturbed, senile or ‘under the influence’, and possibly all of the above. GM-free. Ford-free too. No cute cuddly animals were harmed in its production, only nasty slimy ones. A number of electrons were mildly inconvenienced, and a few photons have been seen to change direction. This FAQ is so environmentally friendly, it is likely to slip quietly away to hug yet another tree or kiss a whale the very instant your back is turned. Please don’t print it out, especially if you have an evil printer from hell. 1.6 Other versions of this FAQThe original plain text FAQ was available only to CISSPforum members. It was very plain and really only of value/interest to those who already knew all about CISSPforum, being members thereof. It was extensively updated, worked over and generally roughed up a bit by Rob Slade and assorted elves in 2005/6. The sexy HTML web version now appearing on a screen near you was conceived by Gary Hinson in October 2006 and is updated when inspiration happily coincides with a spare hour, which frankly is hardly ever. Comments, further questions, answers and jokes are always welcome, via CISSPforum if possible. See the contact details towards the end whether you’d like to contribute something deep and meaningful, chuck rotten eggs or volunteer to take it over. Back to FAQ contents2 BASIC FORUM USE2.1 How do I post messages to CISSPforum?Any member of CISSPforum can post messages to CISSPforum simply by emailing cisspforum@groups.io . Messages can also be posted online by group members using the Groups.IO web interface. Either way, please be reasonably succinct and professional. CISSPforum automatically rejects messages posted by non-members, unless they have carelessly allowed their authentication credentials to be stolen by a spam bot (which happens occasionally - proving that CISSPS are only human). Nevertheless, this is still the most effective anti-spam system we have. Spammers who join the forum are soon shown the error of their ways and risk being “horse whipped with Cat5 cable” (according to one member’s email signature anyway). Identify yourself, please when you post messages . Your email address is seldom sufficient to identify you, at least until you have posted often enough that others will mutter under their breaths “Oh no, not him/her/it again!”. Simply end your posting with a standard business-like salutation including your name or else a nickname or some other term that you are happy for us to call you. Otherwise we will choose our own name, and it may not be to your liking. The being who posts under the pseudonym “/bpm”, for instance, probably does not appreciate being called “Slash” but thankfully he/she/it has a sense of humour. When asking a question or seeking advice, give us a clue about your context. Your situation is probably relevant to the advice you seek. Government practice is different from commercial, not-for-profit, finance, healthcare, SME .... If you are posting a long hyperlink, please either create and supply a shortened URL as well as the full link or simply enclose your long URL in angle brackets < and > which allegedly tells some email clients not to break the URL into little bits. Some of us can only afford little screens. We are pixel -challenged, N bits short of High Definition. Do your homework before posting to CISSPforum to avoid being soundly lampooned. This is a professional forum for qualified information security people. Some Forumites just love to show off their extensive knowledge at every available opportunity and you’ll often get a broad range of opinions from the Forum ranging from short snippets to extensive diatribes, sometimes unconventional, conflicting, of dubious value and/or sarcastic. However, we resent being used as the research mechanism of first resort. If a poster is too lazy to craft a simple Google search or two and follow up on the results before coming to us, some of us are not afraid to say so. It may help to demonstrate that you have already made an effort to answer your own question. By briefly describing your research and analysis so far, you can prove that you are not just an information leech. You will also give the experts here a chance to go directly for the deep dive without repeating the basics you already know. You might try Asking Questions The Smart Way and, whether you are a Microsofty or not, read this advice also. Finally (and this should really be the First Law Of Posting), please give your audience a moment’s consideration before hitting the <SEND> button . If you are sending or responding to an inflammatory or incendiary email, at least sleep on it first or read this. If you are pillorying someone for asking a question the wrong way or saying something dumb, or complaining to the entire mailing list about something that offends you, remember this sage advice: It is better to be thought a fool than to open your mouth and remove all doubt Please be tolerant of others. We are not all on your wavelength. Some of us barely even speak your language (and you’ve probably never even heard of ours). CISSPforum is a global melting pot, so please don’t post anything racist, sexist, elitist, alarmist or any other kind of mist and please don’t fan the flames. 2.2 Is it safe to post my first message?Of course! We’re all friends here! To the CISSPforum lurkers, we say: de-cloak and bathe us liberally in your knowledge and experience. Don’t be shy. Even a lame “me too” is marginally better than stony silence. But please re-read the tips just above before you dive right in. There’s a special CISSPforum rule for Those Who Have Never Posted (you know who you are - we call you the Forum Virgins). You have our full permission to make Your First Posting without fear of retribution, dissent or ridicule. The trick is to write “First posting” or similar in the subject line and include something interesting in the body of your message. The CUSses, beards-of-colour and others faithfully promise to be extra nice to you on your first posting. To be honest, we’re all generally nice people who don’t bite but occasionally bark a bit, albeit sometimes up the wrong tree. Hot discussions break out from time to time and create plenty of smoke but actual flames are very rare (see below for fire retardant advice). 2.3 How do I get people to respond positively and helpfully to my queries?Good question! We heartily recommend and endorse the excellent advice in How to ask questions the smart way. It’s also not bad, by the way, on how to reply smartly to questions ... 2.4 How do I reply to messages?CISSPforum has been set up so that, by default, replies are sent to the entire forum not just the originator of the message. That’s a load of information security professionals. If one day you accidentally reply to a forum message with a personal response without altering the To: line, be aware that your peers will see your ‘private’ message. The cranky ones will give you grief to add to your misfortune, no doubt ribbing you rotten for your mistake. If you wish your reply to go to only the original poster, use that person’s email address instead of cisspforum@Groups.IO. If you insist on sending ‘private’ messages to us all, please make them juicy if not defamatory, and prepare to be savagely lampooned. 2.5 Where have my messages gone?We have no idea. Check under the keyboard. If you shake it upside down, do your golden crumbs of knowledge fall out? Assuming you sent your messages to cisspforum@groups.IO, they will hopefully now be grazing happily in one or more of Groups.IO’s server farms. The will also, hopefully, have been distributed to all members of CISSPforum. If you are asking this question because your messages have not turned up in your email inbox, take a quick peek in your spam box. Rifle through the advertisements and other social engineering attempts for anything vaguely resembling a CISSPforum message, then teach your spam-bot the error of its ways. Smack its little robotty. 2.6 How do I turn down the volume?At times, CISSPforum can be a LOUD mailing list. Other mailing lists only go up to ten. CISSPforum sometimes reaches eleven. If it is too LOUD for you, here are seven volume-moderating techniques:
2.7 What do I do if (when) a posting upsets me?Unless you are extremely liberal and tolerant, someone is bound at some point to post something that you don’t like or that offends you in some way. Very often if you post a complaint, someone else will complain about your complaint and pretty soon we get into a huge and unedifying “discussion”. People telling other people to take their complaints offline will, of course, do that online, the irony escaping them. Personal attacks are more hurtful than helpful. While you might really want to say something along the lines of “You need a good kick to the head or an enema - in your case, those may end up being one and the same”, the following fire-retardant advice, originally posted on the forum by a wrinkly diplomat, sums up how to avoid fanning the flame wars: I’d recommend peace, love and understanding all round. Be tolerant and respectful of others on the forum. We have many The forum is self-moderated. Self restraint and tolerance are the watchwords. Count to twenty before responding to jibes. If someone has upset you, If someone complains to you about your behavior, consider their feelings. If someone asks a dumb question, remember that you too were dumb once This is a community of peers. There is room for humour and occasional Enjoy the variety of experience. Relish the challenge of If you think the emperor has no clothes, speak up. Some of the best threads start that way. And if all else fails, hit your <delete> key, chill out and move along. 2.8 Trolling and troll-baitingIf you are a troll, or if you feel compelled to point out that someone else is trolling, or to respond to a posting allegedly by a troll, or posting about someone else responding to a troll, or are defending or criticising a troll, troll allegations, or those who have previously defended or criticised a troll, or are in any other way referring to trolling, the trollees (not trolleys) or the trolls, please add [Troll] to the subject line of your message so that those of us with automated anti-troll filters have an easier time*. Better yet, before posting your message, please reconsider whether doing so will increase or decrease the signal-to-noise level for the majority of CISSPforum members or whether your spleen might be better vented against the alleged troll directly , off-list. On behalf of us who actually do have a life, thanks very much. * The more advanced CISSPs simply configure their systems to route all troll messages directly to Write Only Memory (WOM) devices installed at several highly redundant but totally secret locations on the intergalactic Interwebnet. It is alleged that one of these black holes has been found lurking within the (ISC)2 website but the last brave datagram we sent in there to check it out never surfaced, at least not in our galaxy. 2.9 Are there rules for the forum other than this FAQ?Yes - the universal rules for posting stuff to newsgroups and similar online discussion fora apply to CISSPforum too. In that respect, CISSPforum is not special at all. One simple rule trumps the lot: consider your audience. Just as it is considered socially unacceptable to shout FIRE! in a crowded cinema, spare a thought for those who receive and may be affected by your missives. Thanks to one of the more surreal CISSPforum Friday threads, it has been acknowledged that there are certain “unwritten” rules for the forum but, of course, they are undocumented, ephemeral and virtual. They may or may not still exist. They may or may not ever have existed. They may not, or may, come into existence at the point you post something. They are like Schroedinger’s kitty, only not quite as furry. 2.10 Can I distribute files via CISSPforum?No, at least not directly. Any file attachments sent to the mailing list will be summarily stripped. Members who post documents or other materials will be embarrassed at having posted, essentially, nothing. “Here it is!” they exclaim, triumphantly but here it is not. This is lame. However, any forum member can upload a file to the Groups.IO web interface and optionally announce it on CISSPforum. Be sure you have permission from the copyright holder before publishing anything in this manner: reaching a community of peers effectively places it in the public domain and we wouldn’t like to see you marched-off by the DMCA Gestapo... An even better idea if you want more than just casual feedback on your document is to write and upload a draft to Google Docs and post a forum message inviting CISSforumites to collaborate on writing/completing it. The combined brain power is awesome and we have yet to see a document that cannot be improved by the wider perspective. We’d encourage you to acknowledge all those who actively contribute and ideally publish the finished item to the CISSPforum files area or publicly under a Creative Commons license, but hey that’s the group’s choice. 2.11 Is this forum private?What do you think? The servers are probably in America, land of the free. Do we really need to spell it out for you? Ask Edward Snowden. Membership in the CISSPforum is allegedly restricted to those holding CISSP. Generally speaking, a number of respected CISSPforum members take the membership restriction to imply that it’s a discreet and exclusive private gentlepersons’ club. They hold that discussions on CISSPforum should not be discussed or reproduced elsewhere, outside the forum, believing that “what happens on the forum stays on the forum”. Restricting discussions to the CISSP community will hopefully result in a freer and franker exchange of ideas, the theory goes. That said, it is not entirely sensible for members to assume that the content of messages they post to the forum will remain restricted to the membership. Those concerned about privacy and confidentiality (and which of us isn’t?) should bear in mind the old adage that you should never send anything by plaintext email (or indeed by courier) that you would not want to see on the front page of the newspaper. Do your own risk assessment, folks. As a point of etiquette, if you wish to raise the issues discussed in CISSPforum elsewhere, it is best either to rewrite the salient points in your own words (sanitizing the identities and expunging the facts as appropriate) or to contact the original author/s for explicit permission, or both. Members contacted in this way are invariably flattered to be asked. You will almost certainly get the help you need to re-publish or at least plagiarize the salient parts from original piece, and make a new friend in the process. Back to FAQ contents3 FORUM CONTENT3.1 Is there an archive of CISSPforum postings?Yes: CISSPforum messages are preserved for all eternity on CISSPforum. Remember this if you are about to flame another member or post something private, off-topic or lame. The cream of CISSPforum postings may also be shamelessly plundered for FAQ content. 3.2 Is this the proper place to compare certifications?Probably not. The topic has been raised before and you are free to give it another go. You’ll get replies, some thoughtful, some not. Strangely enough, most CISSPs maintain that CISSP rocks. Many of us, having CISSP on our CVs and business cards, are curiously defensive of the certification’s integrity and value. We have something of a vested interest. That’s not to say it’s perfect, though. 3.3 Is this a good place to ask ethical questions?Yes if you like. Why not? It would be rude of us to refuse. 3.4 Is it OK to ask about topics previously covered?Everybody does it but please see the next section for information about zombie topics. 3.5 What is OT (off-topic)?Any forum posting containing “OT” in the subject line is considered off-topic and liable to be summarily deleted by those with More Important Things To Do. It is considered rude to post off-topic messages without the “OT”, and in fact slightly naughty to post on-topic messages with subject lines that just happen to contain those two specific letters in conjunction. As to exactly what is considered on- or off-topic, or at what point on- becomes off-topic or vice versa, well that’s a matter for your good judgement, or rather that of the majority of people on the list, or rather that of the vocal minority who feel compelled to tell us all whether something was on- or off-topic. To be fair, on/off-topic is not a binary choice when it comes to many discussion threads, but subjects such as US gun laws are likely to descend rapidly into the abyss of politics, religion or both, leaving information security for dust. The issue of moderation is a long-running joke on the forum: if you post a message asking why the moderator isn’t doing something, one of the long-time and vocal members (otherwise known as the Usual Suspects) will generally post a message claiming to be, or to nominate, the moderator of the week, and dispense moderation, in moderation. It is traditional for the moderator not to be informed of his/her/its status. For example, Rob Slade was moderator during the early part of December, while he was out of town, only finding out upon his return. There being no moderator at that point, he had nobody to complain to. The normal rules are relaxed slightly on Fridays but always beware going too far off-topic. 3.6 What topics are lame?We all say dumb things from time to time but asking genuinely lame questions or offering supremely lame answers on CISSPforum can be a character-building experience, unless it is your first post anyway. Before you ask a question, have you at least Googled it? Have you made even the slightest effort to search for the answer yourself? If so, great, go ahead and ask away. If not, be prepared to be told in no uncertain terms “Try looking at the first response on this Google query: ...”. Zombie topics, out-of-office messages and off-topics are also considered more or less lame. Responses can be lame too. It’s fair to assume, for starters, that being a member of this community means the original questioner has a modicum of intelligence and security expertise. To avoid cluelessness, take this classic response as a warning: “In order to attack your target, you should first recommend that your target gets an actual computer (www.dell.com or www.hp.com are two sites I’ve found useful for this), running Windows (www.microsoft.com, can be obtained at www.amazon.com). The attacker should of course know how to write an actual exploit (books at www.amazon.com, many sources to be found on the ‘Internet’, which you can recognize since it all starts with http). One thing that is often overlooked by junior hackers (explaining many failures to achieve desired goals) is that they do need a ‘computer’ for this (again, see www.dell.com, or for something more prestigious or esoteric try www.apple.com). I’m sure you realize all this, but one cannot be too careful.” 3.7 Where can I find thread summaries?Basically, you can’t. This situation was accurately predicted by a rather boring prophet: “There shall in that time be rumors of things going astray, erm, and there shall be a great confusion as to where things really are, and nobody will really know where lieth those little things with the sort of raffia-work base, that has an attachment. At that time, a friend shall lose his friend's hammer, and the young shall not know where lieth the things possessed by their fathers that their fathers put there only just the night before, about eight o'clock.” You may like to subscribe to the list using a Gmail account that automatically threads the responses. Or not. 3.8 When is Friday?Being an information security professional can be a stressful existence. Some of us feel alone and isolated under pressure ... but we’re not. As members of the CISSPforum extended family, we have peers, friends, fellow pro’s, oh and that “uncle” who always turns up at weddings and funerals but nobody admits to knowing or inviting. CISSPforum is our stress-relief valve. Sometimes, there is nothing better than a good rant. Fridays are reserved especially for that purpose. One of the unwritten rules of CISSPforum is that the normal rules (both written and unwritten) for posting messages are relaxed on Fridays in preparation for the weekend’s fun (the equivalent of dress-down-day, bad shirt day, or POETS day), within reason. Since “within reason” is itself part of the unwritten rules that are relaxed, even that is optional but please be sensible. This is a multicultural professional forum and we’re all pretty busy. OK perhaps not quite so frantic on Fridays. On Fridays, expect to see the usual sarcasm, irony, pathos (and bathos), poignancy and passion, anecdotes and hopelessness, delicacy and discernment, humour (sometimes without you) and satire, derision and hyperbole, alliteration and synecdoche turned up a notch, with the occasional deep and meaningful discussion on coffee, donuts, poutine and sushi. Have fun, just avoid turning up the heat. It has been alleged that some members literally dress down on Fridays. Whether this extends to nude posting is unknown at this point and none of us has the nerve to ask. It’s considered good security practice to cover your web cam lens though. Those CISSPforum members who have the benefit of living slightly West of the International Date Line start their Fridays in advance when other less fortunate members to the East are still living in the past. Therefore, Fridays start on Thursdays. What’s more, when the less fortunate Easterners post their Friday messages, it is already The Future for the very same Westerners. Although certain grammatical problems are created by this particular form of time travel, the Westerners enjoy Easterners’ Friday postings on Saturdays. So, to summarize, “Friday” = Thursday + Friday + Saturday. We got used to the delays in Yahoo! groups which meant that some postings were two days late, or more, so therefore postings made Tuesday and Wednesday = “Friday” and postings sent “Friday” may show up Sunday or Monday, thus all seven days of the week are now officially “Friday.” It has subsequently been suggested that “Friday” be celebrated only on days that begin with the letter "T" including Tuesday, Thursday, Today, Tomorrow, Thaturday and Thunday. We like Fridays on the Forum. Mental health is a serious business but please forgive us if, at first anyway, we take things lightly. Often we’re just trying to help you defuse your ticking time bomb. Which wire to cut? If you are in serious trouble and don’t appreciate our ‘help’, say so and we’ll cut the crap. There is an immense pool of wisdom collecting dripwise under the forum. Collectively and individually, forum members have generally been there, done that, and staggered back from the brink. Let us throw you a lifeline. Simply raise your hand and call out. We’re here for you and we care. Back to FAQ contents4 ZOMBIE TOPICS4.1 What are zombie topics?All manner of information security and other fascinating topics have been discussed on CISSPforum over the years. The following topics, however, have been discussed to death, several times, yet somehow they refuse to lie down and die. The forum is not moderated so you are welcome to raise these topics yet again (provided you have Something Important to say on the subject) but if you do, be prepared for a somewhat less than enthusiastic response and watch out for silver bullets, pointed wooden crosses or garlic around the door. 4.2 Zombie topic: reformed hackersBeen argued, no resolution. Some hold that, like Caesar’s wife, infosec professionals must be above suspicion, whiter than white (hats). Some hold that reformed hackers have “paid their debt to society” and have useful knowledge to contribute. The ensuing exchange is a bit like the Pope discussing religion with an atheist. The arguments are also trotted out when discussing whether to even appear on the same conference speakers’ platform as the likes of Messrs. Mitnick and Abagnale. Some of us will, some of us won’t. It all depends on the height of one’s horse. 4.3 Zombie topic: security ROI (Return On Investment) or ROSI (Return On Security Investment)This is undoubtedly an important topic but most of us are tired of seeing the same old same old. CISSPs have at various times challenged the “R” and “I” part of ROI, and the future is not so ROSI according to some. To make things still worse, the quantitative vs. qualitative vs. hocus pocus risk analysis thread often gets intertwined with the ROI zombie, making our lives a misery for a couple of weeks at a time. If you have something truly novel to say on justifying security or risk management expenditure to management - a new approach, a revolutionary investment model, a neat way to persuade management to lengthen the corporate purse strings (something like a metrics dashboard using blinkenlights maybe?) - go ahead but for your own sanity, please check that we have not already thrashed the life out of it. 4.4 Zombie topic: cissp.txtWe are really tired of this topic. One or more of the following zombies arise from their tombs every six to twelve months to haunt us with their blood-curdling cries: a) “There is a list of CISSPs at [someURL].cissp.txt. This is appalling!” b) “There is a list of CISSPs at [someURL].cissp.txt and my name is not on it! What gives?” c) “There is a list of CISSPs at [someURL].cissp.txt and my name is on it! Aaaiiieeee!” Yes, it’s true. There is a list that appears at various places around the net, usually named cissp.txt. This contains some names and contact information (a few of which, shock horror, are still valid!) of CISSPs who had listed themselves in the public directory at ISC2.org way back in circa 2003, others say early 2005 - eons ago in Internet time or web-years). At one time someone lame evidently mined the public directory, possibly for marketing purposes. Later, someone thought it would be a good joke to post the list on the web to see if they could get lots of people upset. They appear to have succeeded. Several times around. Oh, and a special note for posters in category (c). You have had your CISSP for a while and posted some info to the (ISC)2 public directory, so why are you so upset? Get real. 4.5 Zombie topic: terrorismTerrorism and indeed cyberwarfare/WWIII does have a relevance to security, of course, but please try and contribute some light to the discussion, not just more heat. Check out the archives and see what has already been said. Postings advocating violence against any persons or groups are DEFINITELY way off-topic. 4.6 Zombie topic: can I get CPEs with that?Every so often, someone asks “Can I get CPEs for [taking a prep course for something else | listening to my iPod | watching Sneakers | doing CISA/CISM homework | etc.]?”, sometimes with the rider “I’ve checked the (ISC)2 guidance but what do you think?” ... and the forum groans. Forum members can only give unofficial and generally unreliable advice on this point. Does the material in the [course | iPod | running shoe | etc.] pertain to the CBK domains of the CISSP certification? If the material is pertinent to the CBK, Jack Holleran for one would say “yes”. One hour of relevant infosec study earns you one CPE, provided it can be validated in some way. And that’s the crunch. For the definitive answer on CPEs, contact (ISC)2 directly. The official guidance is reasonably comprehensive and not too bad actually in terms of opportunities to earn CPEs for free. Remember also this point from (ISC)²: “As a professional who follows the (ISC)² Code of Ethics, please use your best judgment within these guidelines to select those activities which qualify for CPE credits and which will enhance your professional development.” In other words, be sensible and play nicely. FWIW, here’s a bunch of ways of continuing your professional education and, in many cases, earning CPEs as you do:
The bottom line: CISSPs who are truly committed to the information security profession have absolutely no trouble earning sufficient CPEs. If you are scratching around to find enough CPEs to clear the minimum hurdle of 120 CPEs per 3 year cycle (for CISSPs), step back and take a cold hard look at your commitment level. Is your personal development and career advancement really of so little concern to you? Are you in the right profession? Would you much rather be doing Something Else with your life? See also the notes on submitting CPEs, a lame topic. 4.7 Zombie topic: why are we still using Yahoo! Groups?Finally, in 2018, this zombie was finally put out of its misery when (ISC)² summarily pulled the plug on the Yahoo! forum. In addition to the official (ISC)² community, a replacement for CISSPforum was launched by the CUStards on Groups.IO. We’re still patiently waiting for the email from (ISC)² about this. It appears to be one of those infamous long!-delay! Yahoo! messages! that will materialize at some random point in the future, out of the blue, lacking all context. By the way, the official (ISC)² community claims to have 22,000 members, less than 10% of whom have ever posted. Even so, in terms of sheer volume, it wins hands-down over CISSPforum. It even has kudos and badges for posting stuff and giving out kudos! Rejoice! We’ll leave it to you to determine whether it generates sufficient interest and value to justify your involvement, or whether you’d be better off in CISSPforum or down the pub. Just remember that, sometimes, less is more, an approach the (ISC)² search functions take to the ultimate extreme. Whatever you seek, enjoy the pregnant pause while the inevitable “No search results found” is dragged kicking and screaming from the web server. It might as well read “Computer says no”. 4.8 Zombie topic: “We’ve been hacked - what do I do?”Luckily this zombie is not as frequent a visitor to the forum as some of the others but we do occasionally get someone hitting the big red panic button and emailing in, all red-faced, sweaty-browed and hair growing visibly more grey by the minute. A typical question might be “I’ve just had a call from the Help Desk. They have taken a call from a user in the business who says his PC is acting strangely. The network boys and girls tell me there is loads of traffic on the user’s LAN segment and it looks as if the machine is spewing forth spam like it’s going out of fashion. HELP! What do I do?”. The responses usually wander into various aspects such as which are the best forensics tools to analyze the system, how to analyze the live system before shutting it down, and why it is so important to brew up an incident management process BEFORE not DURING an incident, but the best immediate response to date on this sort of query is: “If you believe the system is compromised, and you don’t have the tools and skills to perform live (or any) forensic analysis, pull the network cable and get an expert. Don’t switch it off. Don’t even run a directory listing. Do not pass Go. Do not collect 200 Bitcoins.” If you are the expert, and you’re already on site and ready to go, IT forensics grab-bag in hand, underpants worn on the outside, things are different, obviously. Back to FAQ contents5 FORUM MEMBERSHIP OPERATIONS & SETTINGS5.1 How do I subscribe to CISSPforum?
If you get stuck, ask a fellow CISSP for help or contact the forum admins. They are open to bribery and corruption, but please don’t tell (ISC)². 5.2 How do I join CISSPforum if I’m not yet a CISSP?Easy: get yourself a coffee, turn off your phone and spend a merry hour or two absorbing the solid information and advice in an excellent Flash tutorial from ardent CISSPforum member and security evangelist Clement Dupuis. Become a CISSP and you will be welcome, if not compelled, to join the CISSPforum. For fans of the UK comedy series Little Britain, yes, CISSPforum is a local forum for local people. 5.3 Since this is “CISSP forum”, that means that everyone is a CISSP, right?Kind of. Lapsed CISSPies have been known to hang around like a bad smell long after their certifications have expired. You can usually tell actual CISSPies and especially the CUStards by how cranky they are, but not always: some remain stealthy. 5.4 Can I access the forum and files online?Yes, if you are a member. Be our guest. 5.5 How do I temporarily stop getting email from the forum or change to digest mode?Well done to you if you thought of this before shooting off on that extended vacation or business trip. Please read the next answer also. You’ll find the message delivery options in the Groups.IO web interface hidden in plain view under the Subscription tab. 5.6 How do I set up my Out-Of-Office message so I don’t spam the whole forum?Do not turn on “reply-to-messages-not-sent-directly-to-me” or “reply-to-all”. Your best bet is to RTFM for your email system or call your IT Help Desk. 5.7 How do I change the email address with which I subscribed to CISSPforum?I guess you’ll need to flounder around in that Groups.IO web interface thing, again. 5.8 How do I unsubscribe?
Flounder around in that Groups.IO web interface thing, again. Again. Back to FAQ contents6 (ISC)2 STUFF6.1 How do I receive regular communication from (ISC)2?Method 1: subscribe to the (ISC)2 newsletter. To do this, simply sign into the (ISC)2 website, then click on “Subscribe to (ISC)2 newsletter.” You will be taken to a bcentral.com partner site where you must provide your email address, name, city, state, country and company name, inside leg measurement, dental records and a cheek scraping - well, enough to satisfy the data entry validation routines anyway. You may also disclose your interests (very short list) and certifications (also a short list). Within a few minutes you will receive a confirmation message welcoming you to the (ISC)2 newsletter mailing list, or not if you did not supply a valid email address. Method 2: receive (ISC)2’s Infosecurity Professional magazine either as a free electronic softcopy by email or in print if you pay the postage and packing charge and don’t mind slaying trees. The magazine is just one of many benefits for “members” of (ISC)2. The first edition was released in April 2008 - search the CISSPforum archives for informed comment on the content. 6.2 How do I submit CPEs?Read the (ISC)2 instructions which contain lots of detail plus a helpful link to the submission form. Most questions about CPEs on the forum are lame since the (ISC)2 guidance generally answers them all. 6.3 How many CPEs can I get for that?The CISSPforum is just a bunch of guys and gals, you know. We are not (ISC)2. We don’t award CPEs. Most of us really don’t care much about CPEs because we are active infosec professionals who are awash with CPEs as a result of lots of reading, research, webinars, conferences, training courses and stuff. We don need no steenkin badges. Several of us teach, present to or write stuff for other CISSPs and CISSPwannabies to consume and claim their CPEs. (ISC)2 offers reasonable advice on how to earn CPEs, including the official CPE guidelines. If you need to find out precisely how many CPEs to claim for something, and what Type they are, just ask (ISC)2 not us. If you insist on asking us, expect a flatulent response. You could try setting up one of those web survey things and inviting us to vote. Just make sure you include the option “42”. 6.4 Where do I find anything on ISC2.ORG?Good question! Some have speculated that when the late Douglas Adams wrote the Hitchhikers Guide To The Galaxy, he was thinking of the (ISC)2 website ... Mr Prosser said: "You were quite entitled to make any suggestions or protests at the appropriate time you know." "Appropriate time?" hooted Arthur. "Appropriate time? The first I knew about it was when a workman arrived at my home yesterday. I asked him if he'd come to clean the windows and he said no he'd come to demolish the house. He didn't tell me straight away of course. Oh no. First he wiped a couple of windows and charged me a fiver. Then he told me." "But Mr Dent, the plans have been available in the local planning office for the last nine month." "Oh yes, well as soon as I heard I went straight round to see them, yesterday afternoon. You hadn't exactly gone out of your way to call attention to them had you? I mean like actually telling anybody or anything." "But the plans were on display ..." "On display? I eventually had to go down to the cellar to find them." "That's the display department." "With a torch." "Ah, well the lights had probably gone." "So had the stairs." "But look, you found the notice didn't you?" "Yes," said Arthur, "yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying Beware of the Leopard." We’re still looking for the “Beware of the Leopard” sign at the (ISC)2 website. If you find it, please post a message to CISSPforum and we’ll call off the hunt. Meanwhile try Google. 6.5 What do I get for my AMFs (Annual Mugging Fees)?Quite often the discussion about which activities do or do not qualify for CPEs and/or how difficult it is to find information on the (ISC)2 website ends up with someone asking “What does (ISC)2 do for us anyway?”. This is not unlike Monty Python’s “What have the Romans done for us?” in the Life of Brian. Even (ISC)2 accepts that it’s perfectly reasonable for CISSPs to ask “Do we get value for money for our Annual Maintenance Fees (AMFs)?”. (ISC)2’s official response mentions obvious member benefits such as security webinars and the career center, and talks about the wider benefits through various marketing efforts to promote the security profession in general and, by implication at least, CISSP holders in particular. It’s unfortunate that they neglected to mention the biggest benefit of all, CISSPforum, though! The bottom line is a personal value decision: will the benefits to you of CISSP qualification exceed the AMFs? If you are working for an employer who requires security qualifications, the answer should be obvious, especially if you are privileged enough to reclaim your AMFs and associated training/educational costs as legitimate business expenses. Likewise if you are searching for a new position and your qualifications will earn you a higher salary or land you a better job with a more enlightened employer/manager (not so obvious a benefit maybe but, believe me, job satisfaction is worth a lot). Finally, there is the Zen perspective. Will the effort to achieve and maintain your qualification make you a better person? Will it satisfy your inner drive to be good at information security? Do you value being part of the global professional infosec community? Do you maintain motorcycles? Back to FAQ contents7 MISCELLANY7.1 What is the 11th domain?The 11th CBK domain is an obscure reference to any topic that the membership of the forum currently considers clueless whether off-topic, misguided or just plain lame. It includes the old favorites “Out-Of-Office”, “Unsubscribe” and “Could have found it on Google in 2 µS.” Occasionally, it is a genuine proposal to extend the CBK to cover additional domains such as ‘human factors’ but such proposals seldom get anywhere due to conservatism, inertia and apathy, a terminal combination. 7.2 Who are the Usual Suspects?Never mind life, the universe, everything. Who or what are the Usual Suspects? That’s the Ultimate Question. The designation “Usual Suspects” arose in the dim and distant past from an accidental mis-posting to the CISSPforum of a private message from an (ISC)2 staffer to another regarding certain outspoken and unnamed CISSPforum members. The comment is alleged to have spawned a sinister (or is it dextral?) secret society within the inner sanctum of CISSPforum, the C ertified Usual S uspects (CUS), also known as the CUStards. Even the CUStards do not know precisely who the CUStards are nor what they have done to deserve the dubious distinction beyond being “outspoken” but rumors abound of special handshakes and blackballing, weird initiation ceremonies involving sushi and/or poutine, an unwritten but staunchly upheld code of honor, and a predilection for emitting well-aged bodily gases. There is no known method to join the CUStards, nor indeed to leave, although most members tend not to contribute quite as much volume post-mortem, though just as much value. 7.3 Who is responsible for this unofficial FAQ?The current By all means chuck rotten eggs at me but be warned: the more you throw, the greater the chances you’ll be “invited” (cosa nostra style) to become the new FAQ editor/maintainer ... 7.4 Can I submit new questions and answers or corrections to the FAQ?Absolutely! Send them directly to the current editor (pencil each one on a crisp $20 bill for the special express service) or better still post them to the CISSPforum for general discussion. All potential submissions are gratefully received. The best bits will be shamelessly plagiarized. 7.5 FAQ CreditsThanks to the following for their invaluable contributions to this FAQ: Chris Brown, the late lamented Laurie McQuillan, John McGuire, Matt Curtin, Jack “Hollerin” Holleran, Rob “Grandpa” Slade, Pat “Spring Bunny” McGregor, Anton “Cats in Context” Aylward, Les “G’day Jimmy” Bell, Karen “Stop”ford (head of the No Department), D. “Cragin” Shelton, Mim-The-Merciless (slayer of the humor impaired), and Gary “Passionate” Hinson. Other members of CISSPforum and CUStards have contributed to the FAQ either through insightful postings to the forum or by pestering the editors privately (i.e. in a private place). I’d like to thank my producer, the director, the investors, the NSA and of course the venerable Consortium without which this FAQ would not have been 7.6 What’s new here?
Back to FAQ contentsThe end of the unofficial CISSPforum FAQ is nigh. |