Study for CEH

Mentioned in my previous post I am currently studying to attend CEH exam – the plan is to get in shape and attend the selfstudy exam within 2015. Besides getting in shape I need to submit proof I have 2 years of information security related experience and have our head of information security to act as a verifier for authentication.

Getting in shape

I have a educational background as an IT-technologist with specialty in network and security. Went through CCNA curriculum and took courses on encryption and UNIX.

I am to believe having read CCNA will without a doubt be benificial attending CEH exam. I am reading CEH: Certified Ethical Hacker Version 8 Study Guide and doing my notes in a DokuWiki I spun up on a MAMP.

Lab

I order to get more hands on experience with the tools mentioned in the CEH book I build my own lab. I bought a used HP Proliant server, installed ESXi and spun up a few VM’s to simulate a real enviroment. I will do a post on the lab with what specific images and distro’s I use later on.

Youtube

Expert or rookie – either way I will recommend watching the free series from SecureNinja on CEH. I learned some additional details from CEH watching the playlist.

Sum up

There is a lot of ways to study for CEH, but I found myself reading 100~ pages or whole chapthers and then trying it out on my lab, trying to get the feel of the tools mentioned. Having a wiki makes all your notes searchable and depending on your wiki-structure also gives a good overview of the phases in CEH and helps you remembering it.

 

What is Information Security Management

Security management is the identification of an organization’s assets (including information assets), followed by the development, documentation, and implementation of policies and procedures for protecting these assets.

An organisation uses such security management procedures as information classification, risk assessment, and risk analysis to identify threats, categorise assets, and rate system vulnerabilities so that they can implement effective controls

The above is straight wikipedia: http://en.wikipedia.org/wiki/Security_management

In our organization we comply with ISO27001 and our internal IT-security policies. Your company might also need to reach compliance with ISO standards. ISO is comprehensive reading, but will be worth the effort if you are to pursue a career within state or government in Europe.

To get started with Security Management I read the book after i gratuated (2013) “Kingpin: How One Hacker Took Over the Billion-Dollar Cyber-Crime Underground” by Kevin Poulsen and knew instantly I would be working with IT security from a whitehat perspective.

I’m currently studying to get CEH – for further enchancing of the skills needed to be succesful within the field of information security. I hope to make it as an CISSP and mainly operate in the domains of:

- Telecommunications and Network Security
- Information Security Governance and Risk Management

To sum up on Security Management , Ian Mann talks back in 2010 on the subject “Information Security and Risk Management”.

What is Knowledge Management

“Knowledge management is the process of capturing, developing, sharing, and effectively using organisational It refers to a multi-disciplined approach to achieving organisational objectives by making the best use of knowledge.”

http://en.wikipedia.org/wiki/Knowledge_management

You probably heard or read this phrase alot if you are working with or trying to get into Knowledge Management.

Knowledge Management, (KM) is a concept and a term that arose approximately two decades ago, roughly in 1990. Quite simply one might say that it means organizing an organization’s information and knowledge holistically.

Just getting into Knowledge Management or currently working with Knowledge Management in a larger organisation I would suggest reading “Knowledge Management in Theory and Practise”

http://www.amazon.com/Knowledge-Management-Theory-Practice-Dalkir/dp/0262015080

http://dianabarbosa.files.wordpress.com/2009/03/knowledge-management-kimiz-dalkir.pdf

The book gets you going on the fundamental theories on KM and also provides you with knowledge on how to apply KM depending on your situation and type of organisation. It has been a great resource for me to base decisions on theory and a great inspiration for new approaches to knowledge management.

This presentation on Knowledge Management is quite inspirational – quite some good points on using SharePoint for KM. Shame they shot the video on a windy beach due to the sound, but you will find out why. Worth a watch atleast.

hummez.dk – post #1

Welcome to my site – I’m hummez, knowledge management meets IT security on this website.

The reason doing this blog is rather selfish – I will really like to share my thoughts on working in IT with focus on KM (Knowledge Management) and how KM can assist Security Management.

I strive to keep up with the speed IT services change and meanwhile how to share the knowledge needed to operate and support theses services within organisations. Furthermore I spend hours reading up on the latest security news, testing in the lab and trying to improve security for both you and me! I hope to complete CEH within 2015 and be able to focus on Security Management with organisation and gain knowledge within CBK domains.

This will do it for a #1 post, so follow me on twitter and have a nice day.

/hummez