IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [certification]

We use the certification tag for questions about programs designed to vouch for an individual's competence in security-related work. Use the "compliance" tag for programs like PCI-DSS that assess the security of a server.

94 questions
2
votes
1 answer

Why is scanning considered a pre-attack and not reconnaissance?

I am studying for a CEH certificate. I have a question about a simple quiz and a book that I am reading. In the CEH book, it states that: We can scan for a target using network tools (e.g. tarcert, nslookup and etc).. Scanning happens in the…
Sherlocker
  • 113
  • 1
  • 7
2
votes
1 answer

Career path: Is going for PMP along with having a rich experience in the InfoSec field a good career move?

I think the title pretty says it all. Do you think that if one has experience in implementations of security and network solutions, and then gets to become a PMP, will that be an added value to his career? One way I can think of it, is that…
Franko
  • 1,530
  • 5
  • 18
  • 30
2
votes
2 answers

Conflicting requirements in FIPS 140-2 regarding manual key entry

Requirement 1 All output data exiting the cryptographic module via the "data output" interface shall only pass through the output data path. The output data path shall be logically disconnected from the circuitry and processes while performing…
Shashank V
  • 183
  • 1
  • 4
2
votes
2 answers

How to ensure that a program is implemented as per your recommendation?

I have an security protocol whose implementation will be done by many third parties developers (lets call them as 'manufacturers') which in turn will be programmed in the embedded hardware designed by them. There are some mandatory guidelines (e.g.…
mk09
  • 21
  • 3
2
votes
0 answers

HIPAA/FISMA certification for IT audits

I currently work for an IT security company that is looking to expand our services offered to clients. Two avenues we are looking at is reviewing FISMA and HIPAA compliance for our clients. I have been tasked with looking at getting our auditors…
POSH Geek
  • 330
  • 1
  • 3
  • 10
1
vote
1 answer

Security certification of software products: what about libraries or third-party services?

How the security certification works if the software uses third party libraries or services? E.g., if someone would like to certify a software product following Common Criteria standard (let's say, CC EAL1). And the software uses: 1) authentication…
Andrey Sapegin
  • 260
  • 1
  • 2
  • 16
1
vote
4 answers

What is the difference between active reconnaissance and scanning/enumeration

I have just started studying for CEH exam v8 and I am trying to get the core of so called hacking phases. I could not totally understand the practical difference between the first two phases. In recon a pentester should get all available info from…
Marcos Valle
  • 162
  • 1
  • 4
  • 12
1
vote
2 answers

Ways to certify a SaaS for security

Is it common for small companies to get security certificates/compliance from audit agencies for their SaaS to present to customers for their assurance? If so what are the suggested certifications?
iCode
  • 323
  • 1
  • 2
  • 7
1
vote
0 answers

Best way to get "into the security industry"?

Possible Duplicate: What are the career paths in the computer security field? I've been called a "jack of all trades" guy, who has been working in health care and finance for about seven years. Most of my positions, including my current one of…
mbrownnyc
  • 333
  • 2
  • 8
1
vote
1 answer

Worthy security related certifications for a software engineer

I am a software engineer with an interest in expanding my knowledge in the security field. In addition to security.stackexchange and OWASP, I am currently reading the book "The web application hacker's handbook". My question is; based on your…
ccot
  • 197
  • 1
  • 6
1
vote
3 answers

Reading to Decide on a career switch

I have a strategy consulting and sales background, but what I read about IT and IT Security sounds fascinating as an outsider. I'm considering a career switch, but would need to know quite a bit more. IT Security is what interests me the most, but…
Vic Charlotte
  • 13
  • 2
1
vote
1 answer

ISO 27001 and Subsidaries

I'm trying to write and implement an ISO 27001 compliant information security management system (ISMS) for the company I work for. Currently we have our HQ the UK (2 office locations plus a test site) and an additional office in Europe. Currently…
user282603
  • 11
  • 1
1
vote
2 answers

Does certutil -delkey actually delete the certificate and private key?

I am trying to delete a certificate and it's private key using certutil -csp "Microsoft Enhanced Cryptographic Provider v1.0" -delkey "the key container". This gave me a command completed successfully message. I then check what is in the store again…
lee23
  • 131
  • 2
1
vote
0 answers

Get original text of Common Criteria protection profile

In translated from an English profile, combined from a couple of profiles (I found that one is Protection Profile for Application Software v1.2 of NIAP) I have something like "TOE security functions must provide for the preliminary initialization…
Displayname
  • 11
  • 1
1
vote
1 answer

What are the (two?) definitions of SOC?

On one hand "Security Operations Centre", but SOC is seemingly used in the reporting and certification domain, where does this come from? Is there another (or more) definitions of SOC in Information Security Compliance Certification, or do these…
PlasticCasio
  • 93
  • 7
1 2 3
4
5 6 7