Program Evaluation Review Technique (PERT)
This equation takes three estimates, Optimistic, Realistic, and Pessimistic, and averages them out with a weight given to Realistic.

Three point estimation just uses the average.

Standard deviation and Variance use Pessimistic and Optimistic as well.

Present Value and Future Value are financial calculations.
p=the number of periods, i=interest rate

I like to think of security as risk management. A vulnerability exists. This is a possible flaw in your system. A threat exists. This is something to take advantage of the vulnerability. This is your threat vulnerability pair. When you put these together you get your risk. To protect yourself you need to mitigate and manage this risk.

Information security types tend to think of protecting three different items for an information system. They are confidentiality, integrity, and availability. Confidentiality deals with who can and who cannot have access to the system. Integrity deals with whether or not the system has been altered in a way not intended. Availability deals with whether or not the system is accessible when it is supposed to be accessible.

These three items are usually weighted. The weights tend to be Low, Moderate, or High. Different groups and systems are weighted differently. For instance, government systems tend to weigh confidentiality and integrity higher than availability. Commercial companies tend to weigh integrity and availability higher than confidentiality. An example would be a public web server being used as a marketing device. This system may be rated as CIA:LMM.

After a system has been rated, vulnerabilities to CIA should be identified. For instance, say your public web server was located in New Orleans, LA. A vulnerability to availability may be that it is a single instance server. A threat to this availability would be a hurricane. The likelihood of a hurricane happening is high. The likelihood that a hurricane will affect the web server is moderate. Putting the two together, you have a real risk to the system.

A method to mitigate the risk of the system is to have plan in place to deal with losing the web server. You should take backups of the existing system. You may have a backup site somewhere else that is geographically separated. Utilizing those two items, you may be able to get your web server up and running within 48 hours of a catastrophic failure (Katrina). In this case, you have successfully mitigated and managed your risk to the availability of your system.

Apparently, the google sitemap plugin 2.7.1 is not WP 2.3 compatible.

As the first credential accredited by ANSI to ISO Standard 17024:2003 in the field of information security, the Certified Information Systems Security Professional (CISSP®) certification provides information security professionals with not only an objective measure of competence but a globally recognized standard of achievement. The CISSP credential demonstrates competence in the 10 domains of the (ISC)² CISSP® CBK®.

So, it is a internationally known information security certification. It is generally recognized as one of the toughest and most comprehensive security certifications out there. However, it is not necessarily a technical certification such as a Checkpoint certification or a Bluecoat certification. It covers a broad spectrum of topics. In fact, it covers 10 domains of information as you can see in the quote above.

Most people refer to the CISSP certification as a mile wide and an inch deep. This is because the knowledge required for a certification covers a lot of topics. However, it does not require you to be an expert in all of them. Though, most people who are taking the test are security professionals and can answer some of the topics comprehensively.

So, what are the subjects that are covered? These are the 10 domains referenced earlier.

These are the 10 domains (they have been renamed recently):

Access Control
Application Security
Business Continuity and Disaster Recovery Planning
Cryptography
Information Security and Risk Management
Legal, Regulations, Compliance and Investigations
Operations Security
Physical (Environmental) Security
Security Architecture and Design
Telecommunications and Network Security

This is just a brief introduction in the requirements for the CISSP. Later I will break down each domain and discuss some of the information required. For more information, visit CCCure. There is a whole host of information there.

Usually, for good measure, I download the latest driver for my kernel. Since the update to Dapper Drake kept me at 2.6.15 (upgrade to -28 from -27), I downloaded the 0.4.10 driver.

I also had to rebuild my build environment so that I could recompile and reinstall the driver. I just follow section 5 off of Hyam’s website regarding a MythTV 0.19 install on a Breezy Badger box. It is a little out of date, however, this section is still very relevant.