Hey, This is all good for network security assurance and auditing, but doesn't fix the basic security problems with using WLAN 802.11 technology. I suggest that we use a new security model for WLAN security:
1) Obscure SSID names and WEP should not be used on your WLAN just to provide management/users with a false sense of security;
2) Put the WLAN access point outside your firewall (layer 1 security);
3) Use firewall VPN technology for layer 2 security;
4) Use IPSec protocol for network layer 3 encryption;
5) Use digital certificates for layers 4-6 strong authentication;
6) Enforce Corporate security policy on WLAN deployment & use;
7) Regular audit and security assurance work to detect the addition of new WLAN points to your network.
There are good reasons for using WLANs, and you probably can't stop the keeners from adding access points, but you can try to mandate how they will be added in a secure and managable fashion.
Cheers, -wjc.
Re:WOMEN may conquer space, but not men...
on
Man Conquers Space
·
· Score: 2
You missed the point, and the rest of your reply was OFF TOPIC.
The finite, limited resources on a spaceship which is travelling, at minimum, for several lightyears need to keep multiple human generations alive. Wasting air, food and space on men just to guarantee reproduction of the species over that time period doesn't make any rational sense.
And your Feminist manure rant is just that - a rant. And by the way, I'm a man, not the feminist shrew you apparently have in your mind.
I echo the comment on boats - there are a LOT of "How To" manuals complete with schematics for designing your own 12V systems in boats, right down to the size of wire to use. [I will post a title and ISBN when I get home to check the bookshelf.] Same principles apply to cars.
I would be very afraid of the 12V coming out of the cigarette lighter adapter - I heard a story of someone working away on a laptop just fine using the car's 12V battery system and the car ignition turned off. However, they had their laptop fried when they turned the car ignition switch on. It send some crufty power through the cig lighter and into the equipment.
If the oceans phytoplankton give up the ghost, then you really won't want to stick around on planet earth for very much longer. Dead oceans will cause the entire planet's ecosystem to collapse. On the other hand, perhaps the plankton, being simple single cell life, can adapt to hight temperatures and pollution more easily than other life forms. But it's still something to worry about...
WOMEN may conquer space, but not men...
on
Man Conquers Space
·
· Score: 2
The only way that future "men" conquer space will be as frozen sperm in a tube, waiting to assist the female crew of intergalactic, multi-generational spacecraft. To save resources, and ensure the ability of the crew to replace themselves as needed, real men are not really needed - a plastic turkey baster should work just as well... *sigh*
Maybe if we had used a more scientific physics-based system of measurement, the Mars Explorer wouldn't have "missed" its insertion orbit by a few hogsheads, and instead hit Mars at about 10^7 rods per avogadros!
The alleged reason for the name change that I heard was that the "Kentucky Fried Chicken" brand name was trademarked by the original company. When "the Colonel" sold the company, he was unable to take the famous moniker with him. So his competing new company had to be called KFC, after Kentucky Fried Chicken sued him over his misuse of their trademarked name.
So the new KFC still has the Colonel's stylized image, but not the original name.
What might the "modern" world have been like if Queen Elizabeth I had been assassinated, the Protestant movement put down in England, and then subsequently across the European mainland and the New World?
Through a series of intertwining vignettes, author Roberts presents us with a present time England under papal dominance. Where steam locomotion is the norm (as the church has not sanctioned fossil fuel burning), the inquisition still reigns terror, where electric lights are forbidden as heresy and where individual spirit and idea are considered dangerous. Yet how long can the people be held down?
Roberts doesn't present the world at large as being negative, for their is a pastoral peace and simplicity to life, but he shows us how papal dominance can hold back both science and individuality.
Highly recommended!
PAVANE Keith Roberts Ace 1968 PB 285pgs ISBN 0-575-06103-0
-wjc.
...and I'm Starting up the new *ping* Channel!
on
G4: The Pong Channel?
·
· Score: 1
FOR IMMEDIATE RELEASE
(Hamilton, Bermuda). To further enhance the viewing pleasure of couch potatoes everywhere, the Military Industrial Entertainment Complex (MIEC) has announced a new TV channel aimed at exploring the depths of the Information Superhighway!
Called "*ping*", this innovative new entertainment channel will broadcast Internet ping responses to viewers 24/7, and will include commentary by noted experts and Hollywood stars!
An excerpt from an upcoming show is shown below: ___
Professor Farnsworth: Good news everybody...there's a news item on with some very bad news!
11 * * * Request timed out. Bender: Well I don't have anything else planned for today, let's get drunk!
12 10 ms 10 ms 20 ms g5-1.zur01b04.sunrise.ch [195.141.183.229] I'm gonna drink till I reboot!
13 111 ms 120 ms 120 ms p2-1.nyc02b01.sunrise.ch [193.192.225.22] If you don't have anything nice to say, say it often. -Ed the Sock
14 130 ms 131 ms 110 ms 500.POS1-1.IG2.NYC4.ALTER.NET [157.130.22.33] Fry: Who was that guy?
15 120 ms 120 ms 120 ms 589.at-5-0-0.XR4.NYC4.ALTER.NET [152.63.18.70] Bender: Your mama! Now shutup and drag me to work!
16 120 ms 130 ms 130 ms 0.so-2-0-0.XL2.NYC4.ALTER.NET [152.63.18.29] Professor Farnsworth: Everyone's always in favor of saving Hitler's brain, but when you put it in the body of a great white shark, oooooo suddenly you've gone too far.
17 120 ms 200 ms 110 ms 0.so-4-0-0.TL2.NYC9.ALTER.NET [152.63.23.129] Bender: Would you kindly shut your noise-hole?
18 150 ms 140 ms 130 ms 0.so-6-0-0.TL2.DCA8.ALTER.NET [152.63.3.193] Bender: I don't want people thinking we're robosexuals. So if anyone asks, you're my debugger.
19 120 ms * 120 ms 0.so-5-0-0.XL2.DCA8.ALTER.NET [152.63.35.250] Bender: There was nothing wrong with that food! The salt level was 10% less than the lethal dose.
20 110 ms 121 ms 110 ms 188.at-5-0-0.XR2.PHL1.ALTER.NET [152.63.42.130] Zoidberg: Uh oh, I shouldn't have had seconds!
21 110 ms 140 ms 131 ms POS7-0.GW6.PHL1.ALTER.NET [152.63.38.201] Bender: Bite my shiny metal ass!
22 140 ms 130 ms 141 ms telebermuda-gw.customer.alter.net [157.130.22.14] Bender (to phone): "Hello, Imperial Dragon restaurant? I've got a herd of 'you-know-what's' for sale.... Lemme check." (grabs a kid) "Owww, why you're a cutie!"... (to phone): "About 35 pounds." ____
Stay tuned for *ping* channel news as it happens!!! -Ocelot Wreak.
Re: "throw the outOfShampooException"
on
Deep Algorithms?
·
· Score: 2, Funny
And you could also throw an exception on sham poo and instantiate some REAL poo!
Hey, thanks! I'm getting old (or at least I'm the oldest fogie at this company), and I forgot about the distinction between Parc Place and Xerox PARC. Too bad that everyone (Jobs, Gates, et al) stole everything but the carpets on the floor at PARC. Xerox could have been the leader and made a bundle if they could have discovered how to commercialize all that wonderful research... *sigh*
Borrrrrring! I'm sure I saw an article in Scientific American like a bajzilllion eons ago (the annual mag devoted to computing?) on ubiquitous computing at Parc Place. It described all their prototype badges, flat panel scribblers, intelligent conference rooms, etc. that were going to change the way we work. Pretty much the same privacy concerns too...
Hi,
We run a secure datacentre and provide a Stratum-1 time source using a Lantronix Network Time Server (CoBox-NTP-E1) [about $1,500.]. It is a network-attached device with an IP that broadcasts the time to a second level time server. It has an attached cable that goes to a GPS antenna that receives the signal. The only problem with these devices is that the antenna obviously has to be _outside_ of the computer room to get a good signal, which can be a problem with some people who have already sealed up their Lampertz bunkers!
Anyways, it works great, no signal drift, and, as a previous poster mentioned, NTP is a MUST to ensure that the signals on all the Windows domains, firewalls, switches and anything else looking at the Stratum-2 server don't drift in their own merry direction with periodic "violent" recorrections to the correct time.
There are 3 excellent white papers from SUN detailing how NTP works, which is much more complex than you might initially think. See:
http://www.sun.com/blueprints/0701/NTP.pdf
http://www.sun.com/blueprints/0801/NTPpt2.pdf
http://www.sun.com/blueprints/0901/NTPpt3.pdf
for good info on how to do this properly. Lots of fun!
-wjc.
The 1940's radio case Macintosh is amazingly beautiful!
To all the other suggestions I would add a chunk of core memory from an old IBM 360 mainframe or a DEC pdp mini, and a morse code key like my late uncle used to DX shortwave around the world back in the 1930's to 50's. The use of core memory is self-explanatory, but the morse key might be nice as a special "numeric keypad data entry key" that you would have to learn the proper morse code equivalents for, in order to get the numbers into your system!
One direction that has picked up a lot of credibility and support from large software developers (for big.gov and.mil projects) is the Capability Maturity Model (CMM). It has been applied to software developement for applications, computer security engineering, etc. CMM allows the software development process to be more closely managed, observed, measured, and fixed _before_ it breaks, or where errors can cause big problems in critical systems. Several good books have been writen on it, and a lot is available on the web. See:
www2.umassd.edu/SWPI/processframework/cmm/cmm.ht ml for some general background on the process. From their web site:
SEI Capability Maturity Model
The CMM describes the principles and practices underlying software process maturity. It is intended to help software organizations improve the maturity of their software processes in terms of an evolutionary path from ad hoc, chaotic processes to mature, disciplined software processes. The focus is on identifying key process areas and the exemplary practices that may comprise a disciplined software process. The maturity framework provided by CMM establishes a context in which:
Practices can be repeated, if you don't repeat an activity there is no reason to improve it. There are policies, procedures, and practices that commit the organization to implementing and performing consistently.
Best practices can be rapidly transferred across groups. Practices are defined sufficiently to allow for transfer across project boundaries, thus providing some standardization for the organization.
Variations in performing best practices are reduced. Quantitative objectives are established for tasks; and measures are established, taken, and maintained to form a base-line from which an assessment is possible.
Practices are continuously improved to enhance capability (optimizing).
Structure of CMM
Maturity Levels
A layered framework providing a progression to the discipline needed to engage in continuous improvement (It is important to state here that an organization develops the ability to assess the impact of a new practice, technology, or tool on their activity. Hence it is not a matter of adopting these, rather it is a matter of determining how innovative efforts influence existing practices. This really empowers projects, teams, and organizations by giving them the foundation to support reasoned choice.)
Key Process Areas
Key process area (KPA) identifies a cluster of related activities that, when performed collectively, achieve a set of goals considered important.
Goals
The goals of a key process area summarize the states that must exist for that key process area to have been implemented in an effective and lasting way. The extent to which the goals have been accomplished is an indicator of how much capability the organization has established at that maturity level. The goals signify the scope, boundaries, and intent of each key process area.
Common Features
Common features include practices that implement and institutionalize a key process area. These five types of common features include: Commitment to Perform, Ability to Perform, Activities Performed, Measurement and Analysis, and Verifying Implementation.
Key Practices
The key practices describe the elements of infrastructure and practice that contribute most effectively to the implementation and institutionalization of the key process areas.
Good luck!
-wjc.
And what makes you think you'll be able to read the files off those old diskettes after all these years, even if you do find a 5 1/4" drive??? [But I DO hope you have success, even though your odds are not great. Please report back on your progress!]
HI,
I have a CISSP designation, and have found it to be VERY useful, both professionally and as a practical job door opener for consulting gigs. It covers a wide base of security knowledge, and also requires some dedication to "real" security work for a few years first, rather than just passing a test based on some memory work.
The "Certified Information Systems Security Professional" ® (CISSP) designation is a recently developed international designation for people involved in information security work. It is handled by the non-profit organization called "(ISC)2", the "International Information Systems Security Certification Consortium, Inc."
They administer, test, and have a trademark on CISSP®.
The first CISSP designations were conferred in 1994, and its numbers are increase rapidly.
With certification of computer professionals becoming more important, and the incursion of the Engineering field into computer-related work areas, it's a good idea to consider getting a formal designation.
The ISSA and CIPS organizations have also been very supportive in promoting professional certification among their members. I've discovered that certification makes a difference in getting consulting contracts, and provides a higher level of trust, ethics, and
expected professionalism in client relations. Recently, an incresing number of government
RFP's for INFOSEC-related services have requested that consultants preferably have CISSP
accreditation.
Applicants must subscribe to a formal code of ethics, and must have at
least three years of direct work experience in one or more of the ten information security
domains of the information systems security Common Body of Knowledge, in order to sit for
the examination.
The ten domain areas are:
Access Control;
Communications Security;
Risk Management & Business Continuity Planning;
Policy, Standards, and Organization;
Computer Architecture & Systems Security;
Law, Investigation, & Ethics;
Application Program Security;
Cryptography;
Computer Operations Security; and
Physical Security.
The exam questions are multiple choice, and are oriented towards knowledge gathered by experience. Someone who just read some text books would have a very hard time passing the exam. Exam preparation training seminars, and a study guide with sample questions are available from (ISC)2.
I recall some Cisco guru saying something about not using.0 A and B address ranges (e.g., 10.0.0.nnn) for your network, as the.0's could cause routing problems sometimes. Anyone recall why the zeros were Bad and Wrong???
It was called "Forever" for a [mythic] reason...
on
The Forever War
·
· Score: 1
I read it when it first came out, and it is still one of my favorite SF novels - the "disconnected" narration by the poor soldier watching and commenting on his tenuous connection to anything human slowly being eroded away as time continues to jump forward by hundreds and hundreds of years, is both chilling and heart-rending. We also see how the single-minded pursuit of "evil" by the military/government ended up destroying its own civilization, which is a philosophy that cold-war authors like Heinlein were not really in tune with.
This mythic, almost Odysseus-like epic journey through unthinkable death and destruction of all that we hold dear, and a believable redemption motif for humanity itself, puts this novel way above Ender's Game and Starship Trooper.
The best writers always read about myths and C. G. Jung's work first...
This goes to show that not only do we need to make it easy to sign our software packages, but we need easy ways to verify the package signature before installing, and also validate the certificate itself [it may be revoked, suspended, or have expired]. Do we trust a self-signed, or PGP-type certificate? Do you want to use onshore certs from US sources, or is it more appropriate to use offshore certs for legal jurisdiction or taxation reasons?
<shameless plug> If you think there are valid reasons to get an offshore certificate to sign your packages, then see www.quovadisoffshore.com which is an offshore trusted third party certificate authority.</shameless plug>
I personally think the offshore cert is "safer" from compromise by US legal and business interests...
I've never been able to read music, let alone play guitar... Do you mean that by learning Elvish, I'll be able to play the guitar just like Elvis???;-)
I have found that the "Certified Information Systems Security Professional" ® (CISSP) designation has been helpful for my consulting work in the information security field. When someone doesn't know how to properly evaluate an unknown consultant as a potential new hire, then a designation tells them that you have at least met some basic requirements that have been measured and are up to date. Then they can focus on finding out if you have the particular skills they need for the job at hand.
The "Certified Information Systems Security Professional" ® (CISSP) designation is a recently developed international designation for people involved in information security work. It is handled by the non-profit organization called " (ISC)2", the "International Information Systems Security Certification Consortium, Inc." They administer, test, and have a trademark on CISSP®. The first CISSP designations were conferred in 1994, and each year the numbers have increased.
With certification of computer professionals becoming more important, and the incursion of the Engineering field into computer-related work areas, it's a good idea to consider getting a formal designation. The ISSA and CIPS organizations have also been very supportive in promoting professional certification among their members. I've discovered that certification makes a difference in getting consulting contracts, and provides a higher level of trust, ethics, and expected professionalism in client relations. Recently, an incresing number of government RFP's for INFOSEC-related services have requested that consultants preferably have CISSP accreditation.
Applicants must subscribe to a formal code of ethics, and must have at least three years of direct work experience in one or more of the ten information security domains of the information systems security Common Body of Knowledge, in order to sit for the examination.
The ten domain areas are:
Access Control;
Communications Security;
Risk Management & Business Continuity Planning;
Policy, Standards, and Organization;
Computer Architecture & Systems Security;
Law, Investigation, & Ethics;
Application Program Security;
Cryptography;
Computer Operations Security; and
Physical Security.
The exam questions are multiple choice, and are oriented towards knowledge gathered by experience. Someone who just read some text books would have a very hard time passing the exam. Exam preparation training seminars, and a study guide with sample questions are available from (ISC)2.
For more details, see (ISC)2's new WWW site at: http://www.isc2.org/
If you have a chunk of core memory (you remember: little teeeny iron donuts strung on fine copper wires in a grid that would write and read the direction of the magnetic field on each iron magnet, manufactured by a woman handling a sewing needle peering through a microscope), and the donuts are still magnetized and thus the chunk of memory still has a "program" in it, does that count? Could it be said to be still "running?" [It's certainly "persistent!"]
I like to bring the panel of core memory out at geek parties and show it to the younger crowd and see the reaction - usually disbelief. I also have a DECtape with all my Algol and DECSYSTEM-10 assembler programs from 1969-74. [DECSYSTEM-10: world's first useful multiuser timesharing systems - one model of the 36-bit Digital Equipment Corporation (DEC) computers. Beautifully designed, giant cabinets w/cool colours, toggle switches, flashing lights - everything that made a computer the best-est toy in the whole world!] A DEC engineer once showed us how you could roll the tape out on the floor, jump on it, roll it back up and still read the data off it, there was so much redundancy built in. [The tape is about an inch wide.] Too bad there are no DECtape drives still in existence that I could use to copy the files... *sigh* CompuServe also ran on DEC-10s for many, many years.
Slashdot Mirror
Your odds of winning the lottery are probably about the same as being hit on the ground by one of these babies...
This is all good for network security assurance and auditing, but doesn't fix the basic security problems with using WLAN 802.11 technology. I suggest that we use a new security model for WLAN security:
1) Obscure SSID names and WEP should not be used on your WLAN just to provide management/users with a false sense of security;
2) Put the WLAN access point outside your firewall (layer 1 security);
3) Use firewall VPN technology for layer 2 security;
4) Use IPSec protocol for network layer 3 encryption;
5) Use digital certificates for layers 4-6 strong authentication;
6) Enforce Corporate security policy on WLAN deployment & use;
7) Regular audit and security assurance work to detect the addition of new WLAN points to your network.
There are good reasons for using WLANs, and you probably can't stop the keeners from adding access points, but you can try to mandate how they will be added in a secure and managable fashion.
Cheers,
-wjc.
The finite, limited resources on a spaceship which is travelling, at minimum, for several lightyears need to keep multiple human generations alive. Wasting air, food and space on men just to guarantee reproduction of the species over that time period doesn't make any rational sense.
And your Feminist manure rant is just that - a rant. And by the way, I'm a man, not the feminist shrew you apparently have in your mind.
I would be very afraid of the 12V coming out of the cigarette lighter adapter - I heard a story of someone working away on a laptop just fine using the car's 12V battery system and the car ignition turned off. However, they had their laptop fried when they turned the car ignition switch on. It send some crufty power through the cig lighter and into the equipment.
So the new KFC still has the Colonel's stylized image, but not the original name.
-wjc.
What might the "modern" world have been like if Queen Elizabeth I had been assassinated, the Protestant movement put down in England, and then subsequently across the European mainland and the New World?
Through a series of intertwining vignettes, author Roberts presents us with a present time England under papal dominance. Where steam locomotion is the norm (as the church has not sanctioned fossil fuel burning), the inquisition still reigns terror, where electric lights are forbidden as heresy and where individual spirit and idea are considered dangerous. Yet how long can the people be held down?
Roberts doesn't present the world at large as being negative, for their is a pastoral peace and simplicity to life, but he shows us how papal dominance can hold back both science and individuality.
Highly recommended!
PAVANE
Keith Roberts
Ace 1968
PB 285pgs
ISBN 0-575-06103-0
-wjc.
(Hamilton, Bermuda). To further enhance the viewing pleasure of couch potatoes everywhere, the Military Industrial Entertainment Complex (MIEC) has announced a new TV channel aimed at exploring the depths of the Information Superhighway!
Called "*ping*", this innovative new entertainment channel will broadcast Internet ping responses to viewers 24/7, and will include commentary by noted experts and Hollywood stars!
An excerpt from an upcoming show is shown below:
___
Professor Farnsworth: Good news everybody...there's a news item on with some very bad news! ... Lemme check." (grabs a kid) "Owww, why you're a cutie!"... (to phone): "About 35 pounds."
11 * * * Request timed out.
Bender: Well I don't have anything else planned for today, let's get drunk!
12 10 ms 10 ms 20 ms g5-1.zur01b04.sunrise.ch [195.141.183.229]
I'm gonna drink till I reboot!
13 111 ms 120 ms 120 ms p2-1.nyc02b01.sunrise.ch [193.192.225.22]
If you don't have anything nice to say, say it often. -Ed the Sock
14 130 ms 131 ms 110 ms 500.POS1-1.IG2.NYC4.ALTER.NET [157.130.22.33]
Fry: Who was that guy?
15 120 ms 120 ms 120 ms 589.at-5-0-0.XR4.NYC4.ALTER.NET [152.63.18.70]
Bender: Your mama! Now shutup and drag me to work!
16 120 ms 130 ms 130 ms 0.so-2-0-0.XL2.NYC4.ALTER.NET [152.63.18.29]
Professor Farnsworth: Everyone's always in favor of saving Hitler's brain, but when you put it in the body of a great white shark, oooooo suddenly you've gone too far.
17 120 ms 200 ms 110 ms 0.so-4-0-0.TL2.NYC9.ALTER.NET [152.63.23.129]
Bender: Would you kindly shut your noise-hole?
18 150 ms 140 ms 130 ms 0.so-6-0-0.TL2.DCA8.ALTER.NET [152.63.3.193]
Bender: I don't want people thinking we're robosexuals. So if anyone asks, you're my debugger.
19 120 ms * 120 ms 0.so-5-0-0.XL2.DCA8.ALTER.NET [152.63.35.250]
Bender: There was nothing wrong with that food! The salt level was 10% less than the lethal dose.
20 110 ms 121 ms 110 ms 188.at-5-0-0.XR2.PHL1.ALTER.NET [152.63.42.130]
Zoidberg: Uh oh, I shouldn't have had seconds!
21 110 ms 140 ms 131 ms POS7-0.GW6.PHL1.ALTER.NET [152.63.38.201]
Bender: Bite my shiny metal ass!
22 140 ms 130 ms 141 ms telebermuda-gw.customer.alter.net [157.130.22.14]
Bender (to phone): "Hello, Imperial Dragon restaurant? I've got a herd of 'you-know-what's' for sale.
____
Stay tuned for *ping* channel news as it happens!!!
-Ocelot Wreak.
-wjc.
I'm getting old (or at least I'm the oldest fogie at this company), and I forgot about the distinction between Parc Place and Xerox PARC.
Too bad that everyone (Jobs, Gates, et al) stole everything but the carpets on the floor at PARC. Xerox could have been the leader and made a bundle if they could have discovered how to commercialize all that wonderful research...
*sigh*
I'm sure I saw an article in Scientific American like a bajzilllion eons ago (the annual mag devoted to computing?) on ubiquitous computing at Parc Place. It described all their prototype badges, flat panel scribblers, intelligent conference rooms, etc. that were going to change the way we work. Pretty much the same privacy concerns too...
We run a secure datacentre and provide a Stratum-1 time source using a Lantronix Network Time Server (CoBox-NTP-E1) [about $1,500.]. It is a network-attached device with an IP that broadcasts the time to a second level time server. It has an attached cable that goes to a GPS antenna that receives the signal. The only problem with these devices is that the antenna obviously has to be _outside_ of the computer room to get a good signal, which can be a problem with some people who have already sealed up their Lampertz bunkers!
Anyways, it works great, no signal drift, and, as a previous poster mentioned, NTP is a MUST to ensure that the signals on all the Windows domains, firewalls, switches and anything else looking at the Stratum-2 server don't drift in their own merry direction with periodic "violent" recorrections to the correct time.
There are 3 excellent white papers from SUN detailing how NTP works, which is much more complex than you might initially think. See:
http://www.sun.com/blueprints/0701/NTP.pdf
http://www.sun.com/blueprints/0801/NTPpt2.pdf
http://www.sun.com/blueprints/0901/NTPpt3.pdf
for good info on how to do this properly. Lots of fun!
-wjc.
To all the other suggestions I would add a chunk of core memory from an old IBM 360 mainframe or a DEC pdp mini, and a morse code key like my late uncle used to DX shortwave around the world back in the 1930's to 50's. The use of core memory is self-explanatory, but the morse key might be nice as a special "numeric keypad data entry key" that you would have to learn the proper morse code equivalents for, in order to get the numbers into your system!
www2.umassd.edu/SWPI/processframework/cmm/cmm.h
SEI Capability Maturity Model
The CMM describes the principles and practices underlying software process maturity. It is intended to help software organizations improve the maturity of their software processes in terms of an evolutionary path from ad hoc, chaotic processes to mature, disciplined software processes. The focus is on identifying key process areas and the exemplary practices that may comprise a disciplined software process. The maturity framework provided by CMM establishes a context in which:
Practices can be repeated, if you don't repeat an activity there is no reason to improve it. There are policies, procedures, and practices that commit the organization to implementing and performing consistently.
Best practices can be rapidly transferred across groups. Practices are defined sufficiently to allow for transfer across project boundaries, thus providing some standardization for the organization.
Variations in performing best practices are reduced. Quantitative objectives are established for tasks; and measures are established, taken, and maintained to form a base-line from which an assessment is possible.
Practices are continuously improved to enhance capability (optimizing).
Structure of CMM
Maturity Levels
A layered framework providing a progression to the discipline needed to engage in continuous improvement (It is important to state here that an organization develops the ability to assess the impact of a new practice, technology, or tool on their activity. Hence it is not a matter of adopting these, rather it is a matter of determining how innovative efforts influence existing practices. This really empowers projects, teams, and organizations by giving them the foundation to support reasoned choice.)
Key Process Areas
Key process area (KPA) identifies a cluster of related activities that, when performed collectively, achieve a set of goals considered important.
Goals
The goals of a key process area summarize the states that must exist for that key process area to have been implemented in an effective and lasting way. The extent to which the goals have been accomplished is an indicator of how much capability the organization has established at that maturity level. The goals signify the scope, boundaries, and intent of each key process area.
Common Features
Common features include practices that implement and institutionalize a key process area. These five types of common features include: Commitment to Perform, Ability to Perform, Activities Performed, Measurement and Analysis, and Verifying Implementation.
Key Practices
The key practices describe the elements of infrastructure and practice that contribute most effectively to the implementation and institutionalization of the key process areas.
Good luck!
-wjc.
The "Certified Information Systems Security Professional" ® (CISSP) designation is a recently developed international designation for people involved in information security work. It is handled by the non-profit organization called "(ISC)2", the "International Information Systems Security Certification Consortium, Inc." They administer, test, and have a trademark on CISSP®.
The first CISSP designations were conferred in 1994, and its numbers are increase rapidly.
With certification of computer professionals becoming more important, and the incursion of the Engineering field into computer-related work areas, it's a good idea to consider getting a formal designation.
The ISSA and CIPS organizations have also been very supportive in promoting professional certification among their members. I've discovered that certification makes a difference in getting consulting contracts, and provides a higher level of trust, ethics, and expected professionalism in client relations. Recently, an incresing number of government RFP's for INFOSEC-related services have requested that consultants preferably have CISSP accreditation.
Applicants must subscribe to a formal code of ethics, and must have at least three years of direct work experience in one or more of the ten information security domains of the information systems security Common Body of Knowledge, in order to sit for the examination.
The ten domain areas are:
The exam questions are multiple choice, and are oriented towards knowledge gathered by experience. Someone who just read some text books would have a very hard time passing the exam. Exam preparation training seminars, and a study guide with sample questions are available from (ISC)2.
For more details, see (ISC)2's new WWW site at: http://www.isc2.org/
Regards,
-wjc.
This mythic, almost Odysseus-like epic journey through unthinkable death and destruction of all that we hold dear, and a believable redemption motif for humanity itself, puts this novel way above Ender's Game and Starship Trooper.
The best writers always read about myths and C. G. Jung's work first...
<shameless plug> If you think there are valid reasons to get an offshore certificate to sign your packages, then see www.quovadisoffshore.com which is an offshore trusted third party certificate authority.</shameless plug>
I personally think the offshore cert is "safer" from compromise by US legal and business interests...
The "Certified Information Systems Security Professional" ® (CISSP) designation is a recently developed international designation for people involved in information security work. It is handled by the non-profit organization called " (ISC)2", the "International Information Systems Security Certification Consortium, Inc." They administer, test, and have a trademark on CISSP®. The first CISSP designations were conferred in 1994, and each year the numbers have increased.
With certification of computer professionals becoming more important, and the incursion of the Engineering field into computer-related work areas, it's a good idea to consider getting a formal designation. The ISSA and CIPS organizations have also been very supportive in promoting professional certification among their members. I've discovered that certification makes a difference in getting consulting contracts, and provides a higher level of trust, ethics, and expected professionalism in client relations. Recently, an incresing number of government RFP's for INFOSEC-related services have requested that consultants preferably have CISSP accreditation.
Applicants must subscribe to a formal code of ethics, and must have at least three years of direct work experience in one or more of the ten information security domains of the information systems security Common Body of Knowledge, in order to sit for the examination.
The ten domain areas are:
Access Control;
Communications Security;
Risk Management & Business Continuity Planning;
Policy, Standards, and Organization;
Computer Architecture & Systems Security;
Law, Investigation, & Ethics;
Application Program Security;
Cryptography;
Computer Operations Security; and
Physical Security.
The exam questions are multiple choice, and are oriented towards knowledge gathered by experience. Someone who just read some text books would have a very hard time passing the exam. Exam preparation training seminars, and a study guide with sample questions are available from (ISC)2.
For more details, see (ISC)2's new WWW site at: http://www.isc2.org/
-Ocelot Wreak.
I like to bring the panel of core memory out at geek parties and show it to the younger crowd and see the reaction - usually disbelief. I also have a DECtape with all my Algol and DECSYSTEM-10 assembler programs from 1969-74. [DECSYSTEM-10: world's first useful multiuser timesharing systems - one model of the 36-bit Digital Equipment Corporation (DEC) computers. Beautifully designed, giant cabinets w/cool colours, toggle switches, flashing lights - everything that made a computer the best-est toy in the whole world!] A DEC engineer once showed us how you could roll the tape out on the floor, jump on it, roll it back up and still read the data off it, there was so much redundancy built in. [The tape is about an inch wide.] Too bad there are no DECtape drives still in existence that I could use to copy the files... *sigh* CompuServe also ran on DEC-10s for many, many years.
See URL:
http://www.columbia.edu/acis/history/pdp10.html
for some nice pics, history and links...
-Ocelot Wreak.