Friday, December 11, 2015

CISSP Study Guide 3E - Shipping Now

Just a note to say the CISSP Study Guide 3E is in stock and shipping from Amazon.

Electronic editions should be available in January. We are working on the 11th Hour CISSP Study Guide update now, chapters are due by April (but I hope to have it done before then).

Monday, November 23, 2015

CISSP Study Guide 3E is Complete

Lots of people have asked me for the release date of the CISSP Study Guide 3E. Amazon (now) lists December 29th, but it will be sooner.

I can confirm the book done and is at the printers now. I ordered copies as a surprise Christmas gift for students of my MGT 414 class coming up at SANS CDI in 3 weeks, and Syngress has confirmed the books will ship by then.

Tuesday, April 21, 2015

MGT 414 and CISSP Study Guide Third Edition

ISC2 recently updated the CISSP® exam, effective April 15th 2015. The biggest change: they went from 10 to 8 domains.

SANS MGT 414 has been fully updated:
Course authors Eric Conrad and Seth Misenar have revised MGT414 to take into account the 2015 updates to the CISSP® exam and prepare students to navigate all types of questions included in the new version. 
MGT414 focuses solely on the 8 domains of knowledge as determined by (ISC)2 that form a critical part of CISSP® exam. Each domain of knowledge is dissected into its critical components, and those components are then discussed in terms of their relationship with one another and with other areas of information security.
We are also working on the CISSP® Study Guide Third Edition. It is due out in November 2015. We will update the Eleventh Hour CISSP Study Guide after that.
I have received a lot of questions regarding CISSP® Study Guide version 2E (and other books that predate this update). Here's ISC2's take:
Q: Since the CISSP has changed from 10 to 8 domains, was some content deleted?
A: No. Content was not removed from the exam and/or training material, but rather refreshed and reorganized to include the most current information and best practices relevant to the global information security industry.

So all of the CISSP® Study Guide Second Edition material still applies, but new concepts have been added. See the CISSP® 2015 Candidate Information Bulletin for specific details on the testable topics. Here's Clement Dupuis' take on

Clement also has a fantastic guide to the changes (with links to online sources of new material).

Thursday, January 22, 2015

Long Tail Analysis of Windows Event Logs

This is a demo from a portion of lecture and lab from SEC511: Continuous Monitoring and Security Operations.

Link to T510-security.evtx.

Here are the PowerShell commands:

# Black text on white background (thank you @MarkBaggett)
PS C:\> cmd /c "color f0"

# Pull all security events (Requires administrator PowerShell)
PS C:\> Get-WinEvent -LogName security

# Pull all security events, search for date, count lines  (Requires administrator PowerShell)
PS C:\> Get-WinEvent -LogName security| findstr "1/19/2015"| Measure-Object

# List all events in the file T510-security.evtx
PS C:\> Get-WinEvent -Path .\T510-security.evtx

# Show event 4624 from T510-security.evtx, format list output
PS C:\> Get-WinEvent -FilterHashtable @{Path=".\T510-security.evtx"; ID=4624}| fl

# Perform long tail analysis of T510-security.evtx
PS C:\> Get-WinEvent -Path .\T510-security.evtx| Group-Object id -NoElement| sort count