Red Tape

Contributed by Dr. Anton Chuvakin

All organizations have to care about security incident response! Unlike detection and prevention, the response is impossible to avoid. While it is not uncommon for the organizations to have weak prevention and detection capabilities, response will have to be there since the organization will often be forced into response mode by the attackers (be it the internal abuser, omnipresent ‘script kiddy’ or the elusive ‘uber-hacker’). The organization will likely be made to respond in some way after the incident has occurred.

This article presents five mistakes that companies make regarding security incident response.

This document is in PDF format. To view it click here.

Contributed by Eric A. Simmons

These days one would be hard pressed to find lucrative employment with a company that is not, to some extent, international. In order to maintain connections and communications, travel is inevitable. Living in the digital age requires much more planning than that of a 1970's business professional. Computers, cellular phones, and other mobile devices are more than just common place, they are somewhat essential. According to a study conducted by Flurry Analytics using data collected between January and March of 2014, the average American spent two hours and 45 minutes per day on a mobile device (Khalaf, 2014). With everyone leaning toward computers and mobile devices to pay bills, shop, and work on business projects, securing these devices and the information saved on them is paramount.

This document is in PDF format. To view it click here.

Contributed by Larry Jackson Jr.

In this paper I will discuss the network security issues associated with securing school networks and the common methods of minimizing risks. I will focus on security issues surrounding the WAN, LAN, Wireless devices, BYOD, antivirus and mobile devices. I will discuss the legal obligations in contrast to the needs of the district when dealing with the storage and accessing of student data. I will look into new trends associated with the transmission of malware through social media outlets and the procedures or policies that can be put into place to limit the occurrences. Finally, I will discuss ways to secure your guest networks or limit access to external users.

This document is in PDF format. To view it click here.

Contributed by Bryant Rossil

My term paper will focus on the protection of the enterprise against the business directed cybercrimes, Advanced Persistent Threats (APT). This paper will define what an APT is and some of the behaviors and characteristics associated with this sophisticated attack which are unlike the attacks businesses face daily. Showing how an APT works will also be present in this paper which will detail some of the ways APTs find there way into corporate systems. I will then focus on the detection of APTs and how an information security team can monitor these stealth attacks that can last an indefinite amount of time depending on the attackers goal. Lastly, I will cover the methods in which the business can deter these cyber attacks and the multiple ways to protect the company’s assets from these criminal operators.

This document is in PDF format. To view it click here.

Contributed by Ken Newman

PART 2 of 2: Regardless of options, there are some key elements that should be present in any form of education in order to provide lasting value to the information security professional. This article does not discuss technical details, although they are acknowledged as core to almost all levels of security professionals. Instead, the article focuses on those areas that create a “breadth” of softer skills in order to produce a more well-rounded and marketable individual.

This document is in PDF format. To view it click here.