|
fyallm posted:We have O365 but for some reason the beta of teams at our place doesnt have a mobile option? Wtf? No phone app? Unless you guys still have blackberries there are apps for all modern phone platforms... It sound like your o365 team hosed up something...
|
#
?
Jul 14, 2019 22:11
|
|
|
|
| # ? Apr 19, 2024 14:16 |
|
|
fyallm posted:We have O365 but for some reason the beta of teams at our place doesnt have a mobile option? Wtf? No phone app?
|
|
#
?
Jul 14, 2019 22:27
|
|
|
Harik posted:Sedative, does this jive with your memory of how this all played out? Hey, my historyposts are boring but that’s a little much. SGC sounds familiar, but I never had to deal with it. As a Canadian I could actually see the crypto code, unlike other foreigners at Netscape pre-1999 who just saw code:
|
|
#
?
Jul 14, 2019 23:48
|
|
|
LOL https://twitter.com/Asher_Wolf/status/1150526669477695488
|
|
#
?
Jul 15, 2019 13:32
|
|
|
Its Coke posted:What's the best way to encrypt a thumb drive? Hammer. Unless you want to decrypt it too.
|
|
#
?
Jul 15, 2019 18:01
|
|
|
It was apparently a joke anyway, if that wasn't immediately obvious https://medium.com/@fightfortheftr/introducing-the-juggalizer-6c87c631d1ca
|
|
#
?
Jul 15, 2019 18:10
|
|
|
That article is worth a read for sure.
|
|
#
?
Jul 15, 2019 18:13
|
|
|
terrenblade posted:Hammer. The only correct answer.
|
|
#
?
Jul 15, 2019 18:23
|
|
|
Its Coke posted:What's the best way to encrypt a thumb drive? BitLocker
|
|
#
?
Jul 16, 2019 14:24
|
|
|
Lock those bits up with a hammer
|
|
#
?
Jul 16, 2019 14:34
|
|
|
I've been asked to create some kind of repository/system to document exceptions to our data protection agreement policy, and I'm wondering if anyone here has a more novel idea than a folder in Google Drive. Example: we want to deploy Slack, but my university has not yet been able to get Slack to sign a DPA, so using Slack goes against our security policy. The DPA exception is essentially a CYA for my department so that in case we get audited or bad poo poo happens, we can point to the sheet and say that so-and-so overrode our concerns and approved it anyway.
|
|
#
?
Jul 16, 2019 15:51
|
|
|
Sirotan posted:I've been asked to create some kind of repository/system to document exceptions to our data protection agreement policy, and I'm wondering if anyone here has a more novel idea than a folder in Google Drive. Example: we want to deploy Slack, but my university has not yet been able to get Slack to sign a DPA, so using Slack goes against our security policy. The DPA exception is essentially a CYA for my department so that in case we get audited or bad poo poo happens, we can point to the sheet and say that so-and-so overrode our concerns and approved it anyway. Sorry to break the news but that’s exactly what a share point document library offers/is designed for ... Condolences 
|
|
#
?
Jul 16, 2019 16:57
|
|
|
How many documents will you realistically be creating / storing?
|
|
#
?
Jul 16, 2019 17:34
|
|
|
Volmarias posted:How many documents will you realistically be creating / storing? Honestly no idea at this point. Dozens? My boss just came to me last Friday and said create this thing, so I've been reaching out to our Information Assurance and Software Procurement groups to see what their take is on it. We actually have an internal Sharepoint site for security but I'm new in this job (~6 weeks) and have not even used it myself, in a meeting a few weeks ago where the team was trying to reorg the Google Drive, I got laughed at for even suggesting it as a place to store poo poo... I guess maybe it doesn't matter as long as we're CYA'd?
|
|
#
?
Jul 16, 2019 17:42
|
|
|
Sirotan posted:I guess maybe it doesn't matter as long as we're CYA'd? As long as the documents exist, are backed up, and the people that matter know where to find them when they need them. My only recommendation would be to find a place for them that already exists, rather than creating a new thing that someone will have to check on and maintain.
|
|
#
?
Jul 16, 2019 17:52
|
|
|
Yeah sounds like I was probably completely other thinking this. Guess I'll chat with my boss a bit more, Sharepoint might end up being the best option in this case.
|
|
#
?
Jul 16, 2019 18:08
|
|
|
Do you not have issue/change management software that can take attachments?
|
|
#
?
Jul 16, 2019 18:24
|
|
|
I'm cross-posting this from the Windows Enterprise thread since I'd like perspective from a wider security-focused group too I'm in the process of migrating off our ancient single tier Windows PKI setup. My initial thought was the standard offline root with online subordinate CA, but the more I think about it the more I'm considering just doing a single tier deployment. Our certs are generally only issued to domain-joined machines via auto-enrollment, and they're only used for internally-facing resources. In the event of the online CA getting compromised, it seems like it'd be quicker to remove the singler-tier CA's cert from Trusted Root CA's via GPO than it would be to online the offline root, revoke the subordinate CA's cert, publish the new CRL, and trust the clients to check the updated CRL - especially considering the CRL expiration on an offline root CA is typically pretty long (weeks or months). Am I missing anything here?
|
|
#
?
Jul 16, 2019 18:28
|
|
|
evil_bunnY posted:Do you not have issue/change management software that can take attachments? We do but it's ServiceNow and I don't hate my users that much.
|
|
#
?
Jul 16, 2019 19:22
|
|
|
Sirotan posted:We do but it's ServiceNow and I don't hate my users that much. You will eventually, so why not skip to the endgame? :<
|
|
#
?
Jul 16, 2019 22:13
|
|
|
Zorak of Michigan posted:You will eventually, so why not skip to the endgame? :< Maybe, but killing half of all her users seems a little extreme
|
|
#
?
Jul 17, 2019 05:51
|
|
|
Sirotan posted:We do but it's ServiceNow and I don't hate my users that much.
|
|
#
?
Jul 17, 2019 09:58
|
|
|
Does the CISSP test as easy as it looks?
|
|
#
?
Jul 17, 2019 13:04
|
|
|
Sickening posted:Does the CISSP test as easy as it looks? Finding the "hurr i am buziness person beep boop" answer is sometimes hard flip though some flash cards and you'll do fine
|
|
#
?
Jul 17, 2019 13:18
|
|
|
Sickening posted:Does the CISSP test as easy as it looks? Assuming you have prior IT experience, it will be mostly be memorization of terms and maybe a bit of brush-up on basic algebra for the risk quantification questions. It is an adaptive test, so if you get something wrong on a section it will start hammering on that to punish you. I'd give yourself at minimum a weekend plus weeknight evenings to prep.
|
|
#
?
Jul 17, 2019 13:29
|
|
|
Sickening posted:Does the CISSP test as easy as it looks? It is very non-technical, but might ask things about specific crypto algorithms and such. Nothing vendor/product specific. Just filled with BEST or FIRST or MOST type questions. Typically 2 bad answers and then 2 correct answers that you've gotta know enough about to suss out which one is "more" correct.
|
|
#
?
Jul 17, 2019 17:14
|
|
|
AlternateAccount posted:It is very non-technical, but might ask things about specific crypto algorithms and such. Nothing vendor/product specific. Just filled with BEST or FIRST or MOST type questions. Typically 2 bad answers and then 2 correct answers that you've gotta know enough about to suss out which one is "more" correct. I took it the year they switched over to the new questions (but before the prep materials were refreshed) so we crammed our asses off memorizing block sizes and modes for des/rc/aes only to end up finding out they don't ask you anything more involved than "is single-DES bad?" and "what are valid block sizes for aes?"
|
|
#
?
Jul 17, 2019 17:38
|
|
|
AlternateAccount posted:It is very non-technical, but might ask things about specific crypto algorithms and such. Nothing vendor/product specific. Just filled with BEST or FIRST or MOST type questions. Typically 2 bad answers and then 2 correct answers that you've gotta know enough about to suss out which one is "more" correct. Your DICK is on FIRE. Which of these is the MOST correct way to resolve this issue? A) Call the Fire Department B) Run outside and stick your dick in the snow C) Stop, drop and roll D) Beat the fire out using your hands E) Use the powershell cmdlet Set-DickCombustibility to make your dick fireproof Why yes, I did recently do a Microsoft cert!
|
|
#
?
Jul 17, 2019 17:43
|
|
|
BangersInMyKnickers posted:I took it the year they switched over to the new questions (but before the prep materials were refreshed) so we crammed our asses off memorizing block sizes and modes for des/rc/aes only to end up finding out they don't ask you anything more involved than "is single-DES bad?" and "what are valid block sizes for aes?" I got mine in 2003 and it was still a "show up to a hotel conference room on a Saturday and take a scantron test". It had a ton of those fiddly technical details across all the domains. The current test is a whole lot easier now.
|
|
#
?
Jul 17, 2019 18:54
|
|
|
Proteus Jones posted:I got mine in 2003 and it was still a "show up to a hotel conference room on a Saturday and take a scantron test". It had a ton of those fiddly technical details across all the domains. The current test is a whole lot easier now. I did have a friend complain that he thought it was too easy. Dweeb. I think it's just better focused now. I am not sure why there's an entire domain devoted to Business Continuity, though. But I guess I do see often that that role falls under the security umbrella, sooooo...
|
|
#
?
Jul 17, 2019 19:57
|
|
|
 CISSP exam costI was going to book it to force me to finish the course material... I assumed it was going to be near CCNA/CCNP exam prices.
|
|
#
?
Jul 17, 2019 20:37
|
|
|
AlternateAccount posted:I did have a friend complain that he thought it was too easy. Dweeb. A big part of security is accepting that something bad will eventually happen and planning for it. The investment you put in to business continuity is dictated by your quantitative risk assessment; there's no point in investing $500k in a DR plan if an outage is only going to cost you $50k. Biggz posted:
always make your employer pay for it
|
|
#
?
Jul 17, 2019 20:44
|
|
|
BangersInMyKnickers posted:always make your employer pay for it That was always the plan, but I'd have booked it before having that conversation if it was cheaper.
|
|
#
?
Jul 17, 2019 20:52
|
|
|
If you thought the CISSP fee was high, check out the CEH lol. $1200 for that piece of poo poo. I didn't think the exam was particularly tough although I might have barely passed and I'll never know since they dont tell you your score. I spent about a month studying 11th Hour CISSP and the Official ISC2 Practice Tests book. Just pull the trigger. It's a good/great resume signal.
|
|
#
?
Jul 17, 2019 20:59
|
|
|
The CISSP is 699 USD? That's not bad. Companies don't even blink at spending that.
|
|
#
?
Jul 17, 2019 21:28
|
|
|
CLAM DOWN posted:The CISSP is 699 USD? That's not bad. Companies don't even blink at spending that. Unless it's reimbursing you for something
|
|
#
?
Jul 17, 2019 22:51
|
|
|
Diva Cupcake posted:If you thought the CISSP fee was high, check out the CEH lol. $1200 for that piece of poo poo. It does seem overpriced but I can’t figure out what the better alternative is?
|
|
#
?
Jul 17, 2019 23:24
|
|
|
AlternateAccount posted:It does seem overpriced but I can’t figure out what the better alternative is? A good alternative is nothing because certifications don't really matter at all
|
|
#
?
Jul 17, 2019 23:38
|
|
|
xtal posted:A good alternative is nothing because certifications don't really matter at all Look at this guy who’s figured out how to beat the system.
|
|
#
?
Jul 17, 2019 23:42
|
|
|
|
| # ? Apr 19, 2024 14:16 |
|
|
xtal posted:A good alternative is nothing because certifications don't really matter at all I wish we lived in a world where this was always true.
|
|
#
?
Jul 17, 2019 23:44
|
|