Three major information security certification programs are:-
1. (ISC)2 International Information Systems Security Certification Consortium, Inc certifications. These include
a. Certified Information Systems Security Professional (CISSP),
b. Systems Security Certified Practitioner (SSCP) and
c. Certification and Accreditation Professional (CAP)
2. Global Information Assurance Certification (GIAC) , a series of technical security certifications offered by SANS. These certificates have three levels, silver, gold and platinum. Platinum are combined certificated with an additional exam
3. Information Systems Audit and Control Association certifications: Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM)
Similarities between SSCP, GIAC and CISA
1. All three are for auditing, networking and security professionals dealing with auditing and security planning and implementations.
2. All three are certifications that combine technical knowledge with understanding of vulnerabilities, risks and business best practices.
3. They all are widely acceptable certifications in the IS industry and command respect and are recognized widely within the organizations and businesses.
4. They all require successful completion of an exam to be awarded and adherence to code of ethics and security standards.
5. They all require recertification or Continuing Professional Education (CPE) to maintain the certification
Difference between SSCP, GIAC and CISA
1. Experience Level
a. SSCP Must have at least 1 year of cumulative work experience in one or more of the seven test domains (CBK) in information systems security.
b. GIAC requires no verifiable work experience
c. CISA requires five years of verifiable experience in IS auditing, control or obtained in the 10 years preceding taking of the exam.
2. Recertification period and process
a. SSCP: Recertification required every 3 years by earning 60 CPE and an annual maintenance fee.
b. GIAC: Requires recertification every 2 to 4 years on interval determined by the certification.
c. CISA: No exam required but to maintain certification pay annual maintenance fee and complete 20 CPE annually.
3. Pattern of Examination
a. SSCP: 125 multiple choice questions in 3 hours covering seven test domains described below in common body of knowledge
i. Access Controls
ii. Administration
iii. Audit and Monitoring
iv. Risk, Response and Recovery
v. Cryptography
vi. Data Communications
vii. Malicious Code/Malware
b. GIAC: To obtain GIAC certification candidates must complete a practical, hands-on exam in addition to one or more technical exams.
c. CISA: Exam offered only twice a year and required completion of 200 multiple choice question in 4 hours.
References and More Information:
CISA - Certified Information Systems Auditor. Retrieved December 10, 2009 from the World Wide Web: http://certification.about.com/od/certifications/p/CISA.htm
Systems Security Certified Practitioner (SSCP). Retrieved December 10, 2009 from the World Wide Web http://certification.about.com/od/certifications/p/sscp.htm
GIAC Certifications Retrieved December 10, 2009 from the World Wide Web http://certification.about.com/cs/profiles/p/sansgiac.htm
Saturday, March 27, 2010
Thursday, March 25, 2010
Component based development:
This development methodology helps improve the development process by reducing risk and increasing the time to market thus reducing prices. However use of predesigned components may lead to a compromise in requirements. Another disadvantage is the reliability on an external party for support. This may create issue if immediate escalation is needed in case of time sensitive business requirements.
Advantages
1. Reduction in development time
2. Increase productivity
3. Reduced risk as pre tested components are used
4. Confirmation with Standards
5. Improved product quality
6. Shorter time to market.
7. Components may become obsolete. If the 3rd party decides to discontinue the product, no support remains in case some problem occurs in development.
8. They can be used when no in house expertise is available on a particular technology
Disadvantages
1. Compromise in requirements
2. Reliability of components and sensitivity to change
3. Problems customizing component to product use
Advantages
1. Reduction in development time
2. Increase productivity
3. Reduced risk as pre tested components are used
4. Confirmation with Standards
5. Improved product quality
6. Shorter time to market.
7. Components may become obsolete. If the 3rd party decides to discontinue the product, no support remains in case some problem occurs in development.
8. They can be used when no in house expertise is available on a particular technology
Disadvantages
1. Compromise in requirements
2. Reliability of components and sensitivity to change
3. Problems customizing component to product use
Wednesday, March 24, 2010
Skill sets for an IT Executive
While leadership styles may vary, following is a time honored skill set for an IT Executive
1. S\He should be knowledgeable about all aspects of business; logistics and operations, finance cash flow and budgeting that would enable him to take time sensitive decisions that would impact all sides of the business.
2. S\He should be a quick decision maker but at the same time should be flexible enough to take decisions with changing requirements and circumstances
3. S\He should be firm with deadlines but at the same time compassionate enough to account for any personal emergencies
4. S\He should be a good negotiator and should show strength and decisiveness in his dealings
5. S\He should have excellent oral and written communication skills
6. Should have long range vision and goal settings requiring techniques of forecasting, anticipating and strategic decision making.
7. S\He should be a good leader and should have the potential of creating faith in himself and the organization.
1. S\He should be knowledgeable about all aspects of business; logistics and operations, finance cash flow and budgeting that would enable him to take time sensitive decisions that would impact all sides of the business.
2. S\He should be a quick decision maker but at the same time should be flexible enough to take decisions with changing requirements and circumstances
3. S\He should be firm with deadlines but at the same time compassionate enough to account for any personal emergencies
4. S\He should be a good negotiator and should show strength and decisiveness in his dealings
5. S\He should have excellent oral and written communication skills
6. Should have long range vision and goal settings requiring techniques of forecasting, anticipating and strategic decision making.
7. S\He should be a good leader and should have the potential of creating faith in himself and the organization.
Monday, March 22, 2010
UML Class Diagrams
UML class design techniques make it an effective methodology when developing new release features. UML Class diagrams are static diagrams that are representative of the entire structure of the new feature by showing the different classes used for developing the new feature, various class attributes and also the relationship that exist between various classes. Thus you get a clear picture of the functionality of the new feature by representing is using class diagrams.
UML class diagrams prove to be an extremely effective methodology while developing new features as it provides following information:
1.You get detailed information about all the class members, their visibility whether they are public private or protected and also details about their attributes and methods
2. Help in finding logical relationship between objects and classes which makes coding easier for the developer. Following relationships can be reflected by class diagrams:
a. Instance level relationships like external links, aggregation, association and composition
b. Class level relationships like generalization and realization
c. General relationships of dependency and multiplicity
3. During the technical analysis phase of new feature development these class diagrams can be used for creating conceptualized model of the expected system
Hence class diagrams prove useful for both software developers as they get a clear view of the system that needs to be developed and also to the business analyst that can use class diagrams to create system models from business view point.
UML class diagrams prove to be an extremely effective methodology while developing new features as it provides following information:
1.You get detailed information about all the class members, their visibility whether they are public private or protected and also details about their attributes and methods
2. Help in finding logical relationship between objects and classes which makes coding easier for the developer. Following relationships can be reflected by class diagrams:
a. Instance level relationships like external links, aggregation, association and composition
b. Class level relationships like generalization and realization
c. General relationships of dependency and multiplicity
3. During the technical analysis phase of new feature development these class diagrams can be used for creating conceptualized model of the expected system
Hence class diagrams prove useful for both software developers as they get a clear view of the system that needs to be developed and also to the business analyst that can use class diagrams to create system models from business view point.
Sunday, March 21, 2010
Important Considerations for Designing Robust Software
Following approach should be taken to come up with a robust computer software system:-
1. Selection of appropriate software development lifecycle process should be the start point for the group responsible for developing the software which would help them in mitigating the risk.
2. Requirement gathering should be the next important step which would help the software developers get a clear idea about the system usage , memory allocation and selection of proper shareware based on the number of users which would have logged into the system simultaneously. This would also help them in selecting a proper database and come up with a robust backup and restore mechanism with minimum downtime. Requirement gathering should take the inputs from the stakeholders and actual users who would also help in coming up with the exact hardware needed to create a robust system.
3. Selecting a proper software architecture and correct software design is another important step that goes a long way in preventing single point of failure. Implementing an appropriate network algorithm will help in saving lots of time, effort and cost.
4. Single point of failures can be avoided by coming up with software system that is:-
a. Less complex and is easier to understand and rectify the problem in case of failure
b. Makes all critical components redundant with a robust backup and recovery mechanism to transfer control to a proper functioning unit in case of any failure
c. Diversification that is similar to redundancy and helps in doubling the functionality by designing it in two different manner so that in case of failure of one other is available
d. Transparency in code with proper comments and informative user documentation which can help in speedy rectification of any problem
1. Selection of appropriate software development lifecycle process should be the start point for the group responsible for developing the software which would help them in mitigating the risk.
2. Requirement gathering should be the next important step which would help the software developers get a clear idea about the system usage , memory allocation and selection of proper shareware based on the number of users which would have logged into the system simultaneously. This would also help them in selecting a proper database and come up with a robust backup and restore mechanism with minimum downtime. Requirement gathering should take the inputs from the stakeholders and actual users who would also help in coming up with the exact hardware needed to create a robust system.
3. Selecting a proper software architecture and correct software design is another important step that goes a long way in preventing single point of failure. Implementing an appropriate network algorithm will help in saving lots of time, effort and cost.
4. Single point of failures can be avoided by coming up with software system that is:-
a. Less complex and is easier to understand and rectify the problem in case of failure
b. Makes all critical components redundant with a robust backup and recovery mechanism to transfer control to a proper functioning unit in case of any failure
c. Diversification that is similar to redundancy and helps in doubling the functionality by designing it in two different manner so that in case of failure of one other is available
d. Transparency in code with proper comments and informative user documentation which can help in speedy rectification of any problem
Friday, March 19, 2010
Scalability 101: A Primer on Scalability
Scalability refers to the ease with which the existing site can be modified or enhanced to accommodate changed design, business requirements and user needs.
Why is Scalability Important
Business requirements change and evolve over time. User feedback gives rise to new ways in the business can be done. New products and services emerge while certain other becomes obsolete. Scalability enables the web page to incorporate these change requests with minimal time and effort thereby reducing cost.
A scalable website ensures minimal maintenance cost to keep the site current A good web design should take in consideration the expansion of business and services in the years to come and should be able to accommodate those requests with minimal redesign.
Features of Scalability
1.Flexible and scalable site architecture
2.Can accommodate change in requirements with minimal site redesign.
3.Easy maintenance for normal everyday changes.
4.Initial website design should not appear to be incomplete
Why is Scalability Important
Business requirements change and evolve over time. User feedback gives rise to new ways in the business can be done. New products and services emerge while certain other becomes obsolete. Scalability enables the web page to incorporate these change requests with minimal time and effort thereby reducing cost.
A scalable website ensures minimal maintenance cost to keep the site current A good web design should take in consideration the expansion of business and services in the years to come and should be able to accommodate those requests with minimal redesign.
Features of Scalability
1.Flexible and scalable site architecture
2.Can accommodate change in requirements with minimal site redesign.
3.Easy maintenance for normal everyday changes.
4.Initial website design should not appear to be incomplete
Thursday, March 18, 2010
Google Trends
With world experiencing the worst economic slowdown world wide web has become the hottest destination to promote your product and services. Google trends help you to find out the most popular keywords searched by the users that can be used for making our websites search engine optimized.
Advantages of using Google Trends are:-
The search results obtained are based on regions that helps in finding the searches carried out by people based on the geography. This is beneficial as it helps you in targeting the customers situated at a particular location. It also helps you in finding the resources which the people are looking for in a particular city which is really of a big help
The second important information that you get from Google trends is the "Also visited" section that provides you information about the other sites visited by the user and helps you in getting the information about your competitors
Also being the world's top search engine Google trends also helps you in finding the exact keywords or queries that are used by the people for making searches. These results helps in making your websites search engine optimized with receiving higher search engine ranking thereby increasing your website traffic resulting in more business
Google trends provides a user with more data then other engines like ALexa which helps in user making better analysis of the current trends being followed in the world of online marketing
Disadvantage of Google trends is :-
1. It is also being used by lots of cyber criminals for spreading malwares
2. Google trends does not contain updated information as reported by lots of bloggers unlike similar products in markets like hot trends
3. Most of the keywords trends shown by Google are seasonal like if a search is being performed using thanks giving keyword searches shows anomaly before and after Christmas every year.
4. Last but not the least like al tools google trends gives us a pattern of the past searches but cannot help us in predicting the most searched keyword of the future!!!
Advantages of using Google Trends are:-
The search results obtained are based on regions that helps in finding the searches carried out by people based on the geography. This is beneficial as it helps you in targeting the customers situated at a particular location. It also helps you in finding the resources which the people are looking for in a particular city which is really of a big help
The second important information that you get from Google trends is the "Also visited" section that provides you information about the other sites visited by the user and helps you in getting the information about your competitors
Also being the world's top search engine Google trends also helps you in finding the exact keywords or queries that are used by the people for making searches. These results helps in making your websites search engine optimized with receiving higher search engine ranking thereby increasing your website traffic resulting in more business
Google trends provides a user with more data then other engines like ALexa which helps in user making better analysis of the current trends being followed in the world of online marketing
Disadvantage of Google trends is :-
1. It is also being used by lots of cyber criminals for spreading malwares
2. Google trends does not contain updated information as reported by lots of bloggers unlike similar products in markets like hot trends
3. Most of the keywords trends shown by Google are seasonal like if a search is being performed using thanks giving keyword searches shows anomaly before and after Christmas every year.
4. Last but not the least like al tools google trends gives us a pattern of the past searches but cannot help us in predicting the most searched keyword of the future!!!
Wednesday, March 17, 2010
Defect Severity Vs Defect Priority
Severity refers to the impact of the bug on the system where as priority refers to the urgency with which the defect needs to be fixed. Severity is one of the several considerations in deciding the priority of bug.
High Severity Low Priority Defect
If a web or stand alone application crashes after n number of negative steps where n>7 is a good example of High Severity Low Priority defect. The defect is High Severity because it results in system crash and loss of data. However it’s a low priority defect because the probability of users doing such a large number of negative steps is quite low
Low Severity High Priority Defect
A spelling error on index page of web application is a low severity but a high priority defect. The defect is low severity since its visual and does not impacts the functionality of the system. On the other hand, the spelling error on launch page would be highly critical to the image of the company and hence should be fixed at utmost priority
High Severity Low Priority Defect
If a web or stand alone application crashes after n number of negative steps where n>7 is a good example of High Severity Low Priority defect. The defect is High Severity because it results in system crash and loss of data. However it’s a low priority defect because the probability of users doing such a large number of negative steps is quite low
Low Severity High Priority Defect
A spelling error on index page of web application is a low severity but a high priority defect. The defect is low severity since its visual and does not impacts the functionality of the system. On the other hand, the spelling error on launch page would be highly critical to the image of the company and hence should be fixed at utmost priority
Monday, March 15, 2010
Components of a Defect Report
Excelon prides itself on providing one of the best documented bug reports in the industry. Our talented team of Quality testers has experience working with a wide array of reporting tools including Quality center, PVCS, PeopleSoft and Bugzilla.
A good bug report consists of the following elements:-
1. Bug Title: Concise but should be clear enough to briefly described the encountered problem
2. Steps to reproduce: Provide clear and concise steps to reproduce the problem. Augment with as much information as possible to help the development team reproduce the problem
3. Actual and Expected Result: What was the actual and expected outcome of the test case
4. Severity: This describes the degree to which the product or service is affected by the encountered scenario.
5.Priority: This describes how quickly the reported problem needs to be fixed.
6.Environment: This is critical if the product is being tested on multiple servers, databases, browsers or operating systems. Clearly specify the environment being used for testing in this column.
7.Files \ Attachments \ Screenshots: Augment the bug report by adding all relevant files used in testing or obtained as output, Server or console logs as attachments and screenshots of any encountered error
There can be several more fields added to bug reports depending on the requirements of the clients. This includes the sub component of the project, version, external or internal reported defects etc. Excelon will work with you on an individualized basis to customize the reporting solution best suited to your needs
A good bug report consists of the following elements:-
1. Bug Title: Concise but should be clear enough to briefly described the encountered problem
2. Steps to reproduce: Provide clear and concise steps to reproduce the problem. Augment with as much information as possible to help the development team reproduce the problem
3. Actual and Expected Result: What was the actual and expected outcome of the test case
4. Severity: This describes the degree to which the product or service is affected by the encountered scenario.
5.Priority: This describes how quickly the reported problem needs to be fixed.
6.Environment: This is critical if the product is being tested on multiple servers, databases, browsers or operating systems. Clearly specify the environment being used for testing in this column.
7.Files \ Attachments \ Screenshots: Augment the bug report by adding all relevant files used in testing or obtained as output, Server or console logs as attachments and screenshots of any encountered error
There can be several more fields added to bug reports depending on the requirements of the clients. This includes the sub component of the project, version, external or internal reported defects etc. Excelon will work with you on an individualized basis to customize the reporting solution best suited to your needs
Saturday, March 13, 2010
Usability 101: A Primer on Usability
Usability is the key primer to our Web Development projects. It refers to the ease with which the user can browse the web page to look for the content and services it offers.
Why is Usability Important
A website that is not usable will not be able to attract people for a prolonged period of time. If the website is unappealing and difficult to navigate, people will leave. If the company website fails to explain its purpose and demonstrate the projects, people leave. If the website takes too long to load, people leave. If the website behaves different between different browsers and platform people leave.
For a company website, it is essential that all features that set the company apart and the services that it offers be easily available from the home page. For a product company, usability Is important because longer the customer stays on the web, more is the chance of him making a purchase. A usable website will encourage return visits and add to the profit margin of the company
Features of Usability
Following are the key features that define usability
1. The site should be easy to use for a novice user
2. All relevant information should be available on the home page with all pages being interlinked to allow for quick and easy navigation
3. The site should not have ambiguous information
4. Short loading time.
Why is Usability Important
A website that is not usable will not be able to attract people for a prolonged period of time. If the website is unappealing and difficult to navigate, people will leave. If the company website fails to explain its purpose and demonstrate the projects, people leave. If the website takes too long to load, people leave. If the website behaves different between different browsers and platform people leave.
For a company website, it is essential that all features that set the company apart and the services that it offers be easily available from the home page. For a product company, usability Is important because longer the customer stays on the web, more is the chance of him making a purchase. A usable website will encourage return visits and add to the profit margin of the company
Features of Usability
Following are the key features that define usability
1. The site should be easy to use for a novice user
2. All relevant information should be available on the home page with all pages being interlinked to allow for quick and easy navigation
3. The site should not have ambiguous information
4. Short loading time.
Thursday, March 11, 2010
Defect Tracking and Bug Reporting
Our bug reports are detailed with stepwise procedure to recreate the issue. They are assigned priority and severity according to a set protocol mutually agreed on by the development team. The bug reports are augmented with screenshots, server logs and database validations whenever required.
Defect Life Cycle
The life cycle of a defect (Bug as it is normally referred to) starts with its creation. The following statuses are generalization and they might differ slightly from organization to organization but the crux remains same
1. New \Open
The Quality Engineer encounters a deviation from the requirements and opens a defect. The defect is then in the open status
2. Assigned
The project manager\dev lead\QA lead assigns the defect to a developer for fixing and the defect is in Assigned status. In this status it is being worked on by the developer. Once the developer has fixed the bug and verified the fix on the development environment, he marks the bug as Fixed\Ready for QA and assigns back to the Quality Engineer
3. Fixed\Ready For QA
In this state, the bug is owned by the Quality Analyst who verifies that the fix made by the developer has indeed fixed the issue. The QA also performs a regression of any other feature that he\she thinks may have been impacted by the changed
4. QA Accepted\Closed
If the Quality Analyst is satisfied with the fix made to the change request, he closes the bug and mark it as fixed\QA Accepted. If the bug is not fixed, It is rejected and goes back to the developer in Assigned status.
Defect Life Cycle
The life cycle of a defect (Bug as it is normally referred to) starts with its creation. The following statuses are generalization and they might differ slightly from organization to organization but the crux remains same
1. New \Open
The Quality Engineer encounters a deviation from the requirements and opens a defect. The defect is then in the open status
2. Assigned
The project manager\dev lead\QA lead assigns the defect to a developer for fixing and the defect is in Assigned status. In this status it is being worked on by the developer. Once the developer has fixed the bug and verified the fix on the development environment, he marks the bug as Fixed\Ready for QA and assigns back to the Quality Engineer
3. Fixed\Ready For QA
In this state, the bug is owned by the Quality Analyst who verifies that the fix made by the developer has indeed fixed the issue. The QA also performs a regression of any other feature that he\she thinks may have been impacted by the changed
4. QA Accepted\Closed
If the Quality Analyst is satisfied with the fix made to the change request, he closes the bug and mark it as fixed\QA Accepted. If the bug is not fixed, It is rejected and goes back to the developer in Assigned status.
Our Software Testing Philosophy
Software Testing is an Integral part of the project life cycle. Excelon will work with you from the requirement gathering phase to ensure that the quality is being added to the product as it is built rather than at the end of it
Test Case Creation
We will analyze requirements and create use cases to develop test execution scenarios. We work with the development team closely to ensure that all testing scenarios are well covered. Our test cases are easy to understand, are concise and clearly written and are part of the final deliverable.
Test Case Execution
The test cases are executed on different environment depending on the need and requirements of the client. Our team is capable of installing and executing test cases on a variety of platforms and browsers. Our team is well versed in backend testing and performing validations on Database using SQL query language. The test execution reports with the number of pass\fail scenarios is created and is part of the final deliverable
Defect Tracking and Bug Reporting
Our bug reports are detailed with stepwise procedure to recreate the issue. They are assigned priority and severity according to a set protocol mutually agreed on by the development team. The bug reports are augmented with screenshots, server logs and database validations whenever required.
Test Case Creation
We will analyze requirements and create use cases to develop test execution scenarios. We work with the development team closely to ensure that all testing scenarios are well covered. Our test cases are easy to understand, are concise and clearly written and are part of the final deliverable.
Test Case Execution
The test cases are executed on different environment depending on the need and requirements of the client. Our team is capable of installing and executing test cases on a variety of platforms and browsers. Our team is well versed in backend testing and performing validations on Database using SQL query language. The test execution reports with the number of pass\fail scenarios is created and is part of the final deliverable
Defect Tracking and Bug Reporting
Our bug reports are detailed with stepwise procedure to recreate the issue. They are assigned priority and severity according to a set protocol mutually agreed on by the development team. The bug reports are augmented with screenshots, server logs and database validations whenever required.
Wednesday, March 10, 2010
Our Web Development Philosophy
Your web page is your name on the web and is a critical element of the Branding process. We use the latest in technologies to develop an original and scalable solution to create a usable and glowing presence for your company on the web.
Technology
Excelon continuously invests in latest in web development technologies to create a solution that is compatible with the W3C (World Wide Consortium) standards.
Browser Compatibility
Our websites are tested to be compatible on all major browsers on Window, Macintosh and Linux platforms.
Usability
Usability is the key component and focus of our development efforts. We ensure that our sites are quick to load and easy to navigate creating a unique experience for the end user.
Originality
Our dedicated team of engineers will work with you on a one to one basis to create a unique solution customized and tailored to suit your individual needs.
Scalability
The only thing constant is change. We ensure that the site we create is easy to customize to meet your ever changing and growing needs.
Technology
Excelon continuously invests in latest in web development technologies to create a solution that is compatible with the W3C (World Wide Consortium) standards.
Browser Compatibility
Our websites are tested to be compatible on all major browsers on Window, Macintosh and Linux platforms.
Usability
Usability is the key component and focus of our development efforts. We ensure that our sites are quick to load and easy to navigate creating a unique experience for the end user.
Originality
Our dedicated team of engineers will work with you on a one to one basis to create a unique solution customized and tailored to suit your individual needs.
Scalability
The only thing constant is change. We ensure that the site we create is easy to customize to meet your ever changing and growing needs.
About Us
Exelon Consulting provides Website Development, E Commerce, Software testing, User Documentation and Content Writing Services. We provide design, development and testing services using the latest in technologies to help our customers create there name and brand on the web. The service is run by a group of talented individuals with experience working in Fortune 500 companies in India and the US
This blog describes our company, the development and testing methodologies we adhere to, the latest in technology and many more. If you would like to hear more on a particular topic drop us an email or request a quote for our products and services on our website.
This blog describes our company, the development and testing methodologies we adhere to, the latest in technology and many more. If you would like to hear more on a particular topic drop us an email or request a quote for our products and services on our website.
Subscribe to:
Posts (Atom)
