As a newly minted CISSP, I have been dutifully filling out my CPE requirements. It's a lot of fun writing up 250-word blurbs to inform the good folks at (ISC)2 what I have gained from from this magazine or that white paper.
As I mentioned in another post, I am clouding around and learning CSA stuff, which has a whack of learning materials: references are made to the NIST Cloud Computing series, ISO/IEC (ITU-T) 17708, ENISA, etc. Are these considered to be books? They are certainly neither magazine articles nor white papers.
I am sure someone will tell me to RTFG the handbook, but I am still looking for the definitive answer.
Thanks kindly! (p.s. This would be an excellent FAQ question; maybe it has been answered previously.)
It would seem straightforward to treat each NIST Special Publication like any other domain-related book. Just write a 250 word report on what you learned form reading the SP.
From the CPE Handbook:
ISC)2 CPE Opportunities
You can earn Group A CPE credits for consuming content in self-directed learning activities that map back to the credential domain(s).
Learning may include activities such as:
• Book, Magazine or Whitepaper
• Books – 5 CPEs per book with 250-word description.
Documentation Required Upon (ISC)2 Audit/Request
A brief description no more than 250 words of what you learned or a certificate or letter of attendance.
p.s. The quickest way to get feedback on a CPE submission is to log it and see if it sticks. No need to waste time getting lots of opinions here. Do a web search on hopper permission forgiveness.
Seems entirely reasonable. Thank you. Btw, do you have any suggested must reads? I have seen some excellent suggestions, and I am always eager to learn more.
One I just completed is:What Every Body Is Saying: An Ex-FBI Agent's Guide to Speed-Reading People by Joe Navarro. I recommend it enthudiastically.
do you have any suggested must reads? I have seen some excellent suggestions, and I am always eager to learn more.
For everyone in our field, I consider Cliff Stoll's Cuckoo's Egg as essential reading. It's an easy read and gives us an important history lesson on how far back many offensive and defensive methods have existed. Next, read Bruce Schneier's Secrets and Lies. In that book Bruce gave his apology for claiming that cryptography will save us all; his core message, "It's about the people, not the technology." Finally, for a great treatment covering details on the breadth of issues we face in our field, read Ross Anderson's Security Engineering.
Just finished Cuckoo's Egg. Ignoring the obvious references to the internet before it became THE INTERNET, it's amazing to take this strange trip back in time and see that we really haven't learned a lot about security since that book was written. It covered