Wentz Wu » CISSP
76 FOLLOWERS
Hello! I am Wentz Wu and welcome to my blog space. Read all my blog posts to get valuable information related to CISSP such as security services, controls, and many practice questions for CISSP! I have been working in the IT industry for more than 20 years, and am skilled at implementing IT infrastructure and cloud services, developing quality software, etc. With solid technical background and..
Wentz Wu » CISSP
1y ago
PPTP Tunnel Data Frame Format (Credit: Adrian Graur)
Tunneling refers to the “technology enabling one network to send its data via another network’s connections. Tunneling works by encapsulating a network protocol within packets carried by the second network.” (CNSSI 4009-2015) For example, the tunneling protocol, PPTP, employs GRE to encapsulate payload protocols (e.g., IP, IPX, NetBEUI) and transmit payloads through the delivery protocol, IP.
Full and Split Tunneling Full and Split Tunneling
NIST SP 800-113 defines full and split tunneling as follows:
Full tunneling is “a method that causes ..read more
Wentz Wu » CISSP
1y ago
Wentz’s Risk Model
NIST SP 800-53 and ISO/IEC TR 19791:2010 are known as “Security and Privacy Controls for Information Systems and Organizations” and “Information technology — Security techniques — Security assessment of operational systems,” respectively. NIST SP 800-53 and ISO/IEC TR 19791:2010 define the terms “Security Controls,” “Management Controls,” “Operational Controls,” and “Technical Controls” as follows:
Security Controls
management, operational and technical controls (i.e. safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integri ..read more
Wentz Wu » CISSP
1y ago
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Information Security
Security refers to the process of and the state reached by protecting something from danger or threat.
Information security is a discipline of protecting information assets from threats through security controls to achieve the security objectives of confidentia ..read more
Wentz Wu » CISSP
1y ago
Scrum is one of the most popular Agile approaches. Your company established a Scrum team to develop the E-Commerce website. Which of the following is correct? (Wentz QOTD)
A. The Project manager, as a servant leader, leads the Scrum team.
B. Daily Scrum can be finished in 5 minutes but never exceed15 minutes.
C. Scrum emphasizes prototyping to optimize predictability and control risk.
D. The Scrum Master is accountable for maximizing the value of the product.
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer ..read more