Red Tape

Contributed by Bill Clark

This paper discusses what Incident Response (IR) Planning is, what Industrial Control Systems (ICS) are, and how IR Planning pertains to ICS security. IR Planning is the process of preparing for any type of adverse event, also known as an incident, which can cause a process degradation or failure in a system. A system can be hardware, software, or a combination of both. An event can be man-made or natural in origin. An ICS is a combination of hardware and software processes that use extreme precision to automate or control most of today’s manufacturing product lines, water and power utility production plants, and transportation systems for people and products. For ICS applications and data, availability is the first priority.  

This document is in PDF format. To view it click here.

Contributed by David Patten

Everyday press releases cover information security breaches from many top companies. Often these breaches include releasing the passwords that were stolen. Sadly, these passwords are usually trivial to crack which leads to further exploitation. Simple passwords are a problem that is created by both human nature and by poor password policies and training. This paper will look at the tools used to crack passwords, the passwords users create, password policies, and look at some creative and innovate solutions to the password problem.

This document is in PDF format. To view it click here.

Contributed by David W. Mitchell

Federal government’s broad powers to act for public safety and national security are limited by the First Amendment and Fourth Amendment. The 9/11 attack have open the doors on warrantless surveillance programs. The mass collection of sensitive information has been challenged by many as an invasion of privacy. Snowden’s release of sensitive information has brought to light the true challenges between government surveillance and privacy. There is a true need to balance government surveillance and privacy in order to protect America. Lawmakers are starting to recognize this with the introduction of new laws to tackle and balance privacy with government surveillance. These improved laws must be introduced on a national level.

This document is in PDF format. To view it click here.

Contributed by Robert Underwood

Data held hostage has become a recent technology trend with computers and with these types of attacks in which crooks take a victim’s data and hold it for ransom demanding money to release our data back to us, which seems to be clearly a violation in law but how do we prosecute these criminals and what can we do to prevent these types of attack. A similar attack vector used like ransomware restricts a victim’s access to their computer functionality by popups and annoying spawning programs in which money is leveraged from the victim to stop the attack.

This document is in PDF format. To view it click here.

Contributed by David Mitchell

Over the past years there have been targeted data breaches that affected many large corporation and even the federal government. Target store and Office of Personnel Management OPM were two of the biggest data breaches of 2015. Some of these data breaches could have been identified or remediated if the corporation or government agency reported proper notification or conducted compliance audits as required by law. The Communication Act of 1934 and Health Insurance Portability & Accountability Act of 1996 are some of the regulations that protect this type of information. These regulations are due for an update by state and federal legislators to bring laws current with technology. Legislators are starting to show some focus on regulation or compliance for data breaches and cybercrimes after the data breach of Office of Personnel Management.