CISSP Exam – August 7th - Kansas City – 5 Tips For Success

The ISC2 CISSP exam is schedule for August 7^th in Kansas City. Usually the Kansas City area schedules this exam twice a year. Well it's that time, most people have been studying for a few months for this exam date and are now coming down to crunch time. Here are my 5 tips for success for the exam.

1. In the last few weeks of studying you should be going over the questions on the CCCure Quizzer. You can either do the free questions or pay $39.99 for the 6 month subscription. The pay option is well worth it.

2. Create a testing plan that will allow you time to take little breaks in between questions. You have 6 hours for the exam with no scheduled breaks and all breaks count against your test time. Using all of you allotted time is beneficial. Allowing yourself a 5 or 10 minute break after so many questions allows you to keep on schedule and not get behind or go to fast. Also remember to bring little snacks and something to drink which you can put in the back of the room during your breaks.

3. Do not cram the night before. In fact put all of your studying aside and have a quiet evening doing something you enjoy. Go to bed early and get a good night's rest.

4. The morning of the exam, don't drink a lot of caffeine and eat a little something for breakfast for energy. You do not want to waste too much time going to the restroom several times during the exam.

5. Remember to bring your certification ticket and two forms of ID. You will not be allowed in with any of these items.

Good luck on the exam!

- Tom Pruett, Cisco & Security Expert; MCT, CTT+, CISSP, CWNA, CEH, CHFI, CCSI, CCNA, MCSE LinkIn with Tom

#1 Security Rule - Assume You Have Been Hacked

If you start with this rule, you will have a better handle on your security.

http://tiny.cc/ou7vt


- Tom Pruett, Cisco & Security Expert; MCT, CTT+, CISSP, CWNA, CEH, CHFI, CCSI, CCNA, MCSE LinkIn with Tom

Visual Studio 2010: Now Released

Visual Studio 2010 is now out! It’s a very exciting product, with a host of improvements over the 2008 version and a bunch of new features. For example, the standard web template (for either a Web Application or a Web Site) now includes a stylesheet file (CSS), a master page, login page, registration page and about page. That means that before you even add one thing to the project, it is a working web app.

There are a lot of other new features, but one thing that stands out for me, is that much of the Visual Studio interface has been designed using Windows Presentation Foundation (WPF). For me, it’s exciting because it shows just what you can do using WPF. It also means that we have a lot of extra capability built into VS. For example, you can use zoom features on the designers and editors in VS2010. As an instructor, that’s awesome since many times while teaching I want to make sure students can see what I am doing. This allows me to bring it in closely.

With tons more things to like about Visual Studio 2010, I'll be covering a lot of things about the product in future posts. And don’t forget: Centriq’s first VS2010 offering comes in August when I will be teaching Introduction to Web Development with Microsoft Visual Studio 2010!


- Leslie Koorhan, .NET Expert; MCT, MCSD (.NET), MCTS, MCDBA, MCPD LinkIn with Leslie

Designing Automated Processes for Business: Applying ITIL to coding (Part III)

Process enablers

The enablers of a process are combined assets of the resources and the capabilities of the business. These are the raw materials and the smarts of the folks that are getting the job done. On the computer programming side are the programming language capabilities and the hardware and software's raw power to get a calculation performed or a sequence of code executed. We measure performance here in FLOPS (floating point operations per second) and computers are moving through the petaflop (1,000,000,000,000,000) ranges now. Business processes depend on the business assets just like code depends on the infrastructure it runs on. Unfortunately, business is both enabled and limited by humans and computers both enable and constrain business.

Processes are not much different whether you do them manually or if you have a robot do them for you. The programmer acts as a plumber in a business process. They know the mechanics and apply the right torque to the right nuts and bolts to hold the system together. The business analyst is going to map out the system so that it works for the business the best. Sometimes the programmer finds out that they have to plan it out and does the best they can. But you should always get involved at the first to direct the code so that is best represents the business. That's always the best strategy to take for any new project.

- Doug Hoff, Business IT Expert; MCT, SCJP, ITILv3, COBIT LinkIn with Doug

Designing Automated Processes for Business: Applying ITIL to coding (Part II)

Process control

Processes should also be well defined in understandable text just like we always do to our fellow programmers when recommending comments in their code. And just like the norm in programming, most documentation happens after the fact because people don't have enough time to document the program until it has stopped changing at the end of the development cycle.

Process owners are the people who understand the process and can help educate others on how to use the process. I have to help naive ITIL students who tend to think that process owners are not in charge of implementing the process. This always gets me on my soapbox. An implementation of a process, e.g. an ITIL key process, is not going to happen because you read the book. It must be digested, customized by deleting the right parts, and supplemented with all of the current business structure in order to be understood. Then the process activities are noted and people check them off as they need to when they need to encouraged by success and trimmed down by reality. In programming, it would be the project sponsor who got the ball rolling for the new software and would own the software when complete. They also get new funding when the project is a success and get project funding reductions when the process is too cumbersome.

How and when the process is used is a matter of policy and the ways that you can use these process steps have limits. Just like a computer program, the steps can be run for certain types of tasks and shouldn't be run for others. You don't close the books of an accounting process except for once a month. You don't ship more inventory than you have in stock. Process objectives are probably determined by what planted the seed in the ground for using this process in the first place. In a software project, the business objectives drive the funding and usually can be found in a business case document or a sponsor's mind.

I was reminded of the input and output nature of a process when looking at the method declaration and saw that it defined a general form of a resource just like all the other types of resources. But until functional programming came along to supplement object oriented programming, we never had a way to send the process information from one place to another internally even though the values of any data could be sent to and fro. The methods represent values but only in an abstract way. In a distributed world, the process is represented by remote procedure call frameworks like CORBA, web services and other forms of proxied calls. Data was distributed through XML, EDI, and all sorts of more simple data models.

Software testing is a way of thinking about your code from the norm or from the original business requirements. This validation is a quality aspect of coding. Test driven design drives home the point that the test is a way of thinking about how your code should be called and used before the implementation is written. ITIL states that "Even before starting, it is important to think about what the process outcomes should look like." (Service Design, p. 44) We also work with requirements in a hierarchical way so that the lower level requirements of the code can roll up to the next level of activity and eventually be mapped to the business goals that drove the project. Then when the system is complete, we have a measurable way to compare what was originally planned and implement improvements if necessary.


- Doug Hoff, Business IT Expert; MCT, SCJP, ITILv3, COBIT LinkIn with Doug

Designing Automated Processes for Business: Applying ITIL to coding (Part I)

Programmers are guys who write business processes into stone with a kind of invisible ink. The better you tell them what your processes are, the better business results you will have. They are not people who model the world into code because they have no clue how the model works. They will come up with a well-engineered version of the reality they are coding if left alone and that will have to be the way you run your business if you don't tell them how the business works. It will likely more resemble a massive robot rather than a enabling friend.

I've recently completed a series of classes that involved business analysis, ITIL, and programming. Sometimes, I think about the subjects in depth and explore the details. Sometimes, I like to bring all the thoughts in alignment if possible and see the relationships. This time I got a good set of cross linked ideas that help look at what processes are from the business activity on down to the automated processes of a OO program.

As a programmer instructor, I talk about the recognition and the reuse of a set of statements that become a method (or function or procedure). As a business instructor, I teach the same thing concerning recognizing a process that you find useful and promoting the use of it into a larger group of people. As your process maturity level grows, the process grows from your own use, to people using it around you, to even more people until it's a company-wide standard.

Those same maturity steps are used to develop large scale architectures that provide guidance to the necessary design of the infrastructure that has implemented it. In fact, it's the principles of good design that have produced an architecture that works for the business. Sometimes business doesn't know which architecture to choose or isn't able to strategically point the direction and then takes the low road of design by infrastructure. This is the choice to buy instead of build and results are good as long as you stay compatible with the other components that are added on. Again what you end up with is a well-engineered solution without regard to your specific business needs.

The business processes that exist within a coordinated automated system or an infrastructure are essentially the programs that are being executed. They have been structured so that they achieve a specific objective. They take inputs and turn them into outputs. They have a specific trigger. They are layered into automated roles and responsibilities to work well when they have to be maintained. Just like it was an employee, you can fire an architecture layer and hire another version of that layer that fits the bill when managing a cohesive set of responsibilities in a business.

As far as I know there's not as much business writing going on for how to design a job role with few dependencies to other job roles but one of the common axioms of being promoted in business is that you must make yourself replaceable or else you'll never get out of your job. That's the same kind of thinking as when programmers say they must make their programming units reusable or maintenance will become more of a headache.

Process

If processes equal computer programs then they must have similar features. They can be broken down into smaller processes. They are either ongoing processes or processes that have well defined starts and stops. Processes can update policies, standards, guidelines, activities, other processes, procedures and work instructions if needed just like computer code can generate other code, update rules, and modify data that change how the program operates. A program is made up of activities, procedures, and work instructions or as the programmers know it, the class, the methods, and the program statements.

Metrics for a process are built in from the start and can be injected into computer code or built in to the abstract base of the code. In business, the best place to think about your metrics for success design patterns. I admire Peter Coad who tried to assign roles to classes and discover some reusable patterns for interactivity and not just static recipes. is during the planning stage so you can always build with them in mind or else you'll have trouble retrofitting them later. Roles of who should be involved in the process are important. In code, the types of relationships that you maintain with other code is important and successful relationships are spelled out in recipe books called

Process improvements are always a part of all processes and can be found in wrap-up sessions or project post mortems. In code we get a closed feedback loop from the folks who are using the programs who give us reason to enhance the program and get more financing for the next maintenance project. Feedback comes in the form of new or improved features and it gets added to the system as the value becomes known.


- Doug Hoff, Business IT Expert; MCT, SCJP, ITILv3, COBIT LinkIn with Doug