• Thirteen: End of Childhood in the Digital World?
  • AI Bias – What You Need to Know
  • CVSS Demystified: Part 2: Base Metrics
  • CVSS Demystified: Part 1
  • Ukraine: DDoS attacks on government and bank websites
  • Expectations from Authority
  • Why is it important to train personnel in security if it is not part of their job routine?
  • The Case for Manual Security Code Review
  • Why Sec folk should walk in Developers’ shoes…
  • Manual Security Code Review
  • CTF Solution: JIS-CTF
  • CTF Solution: RickdiculouslyEasy: 1
  • Computer Security Incident Response Policy: A Sample
  • Why should organizations update their BCP, BIA, RTOs, and RPOs?
  • How do risk management and risk assessment relate to a business impact analysis for an IT infrastructure?
  • Why is it critical to align the RTO and RPO standards within the policy definition itself?
  • Why is a policy definition required for a computer security incident response team?
  • Why is a post-mortem review of an incident the most important step in the incident response methodology?
  • How do an incident response plan and incident response team help reduce risks to the organization?
  • Why is it a good idea to include human resources on the incident response management team?
  • The Imitation Game: A Core Values Essay
  • Ethical behavior and Security
  • The Dangers of Weak Hashes
  • Security Concerns with the CGI
  • Remote Access Policy: A Sample
  • Should an organization mention that it will be monitoring and logging remote access use in its remote access policy definition?
  • What security controls, monitoring, and logging should be enabled for remote VPN access and users?
  • Why is it a best practice of a remote access policy definition to require employees and users to fill in a separate VPN remote access authorization form?
  • What strategies can organizations implement to keep security awareness top of mind with all employees and authorized users?
  • What are some strategies for preventing users or employees from downloading and installing rogue applications and software found on the Internet?
  • When trying to combat software vulnerabilities in the workstation domain, what is needed most to deal with operating system, application, and other software installations?
  • How does a security awareness training policy impact an organization’s capability to mitigate risks, threats, and vulnerabilities?
  • An Analysis of the Systemic Security Weaknesses of the U. S. Navy Fleet Broadcast System, 1967-1974, as Exploited by CWO John Walker
  • The Devin Nunes memo to the House Permanent Select Committee on Intelligence
  • Ethical Computer Use Policy
  • Lone Star Credit Union: A Separation of Duties Case Project
  • Why is it important for an organization to have a policy definition for business continuity and disaster recovery?
  • Why the seven domains of a typical IT infrastructure help organizations align to separation of duties
  • When using a layered security approach to system administration, who would have the highest access privileges?
  • Why do you want to refer to technical standards in a policy definition document?
  • How does separation of duties throughout an IT infrastructure mitigate risk for an organization?
  • Policies for the seven domains of a typical IT infrastructure
  • Sale of the Japanese Coast Guard Boat (Takachiho): A Case Study
  • New Hampshire Security Breach Notifications
  • Information Classification: Who, Why, and How
  • Python and Digital Forensics
  • Phishing Remediation
  • The Art of Reconnaissance
  • Is the COBIT framework superior to the other standards and frameworks such as the ISO 27000 and NIST?
  • What are the key benefits of NIST SP 800-53 Revision 4?
  • What is meant by Governance Framework? Why is ISO 27000 certification more attractive to companies than COSO or COBIT certification?
  • Why should an organization have annual security awareness training that includes an overview of the organization’s policies?
  • What security controls can be implemented on your e-mail system to help prevent rogue or malicious software disguised as URL links or e-mail attachments from attacking the workstation domain? What kind of policy definition should you use?
  • Why should an organization have a remote access policy even if it already has an acceptable use policy (AUP) for employees?
  • What is the purpose of defining a framework for IT security policies?
  • Computer Incident Response Team (CIRT)
  • The difference between The Database and the Database Management System
  • The Chinese Wall Security Policy
  • Specialty Medical Clinic: A HIPAA Case Project
  • How do you overcome employee apathy toward policy compliance?
  • What is difficult about policy implementation in a flat organization? What is difficult about policy implementation in a hierarchical organization?
  • Do employee personality types differ between hierarchical and flat organizations?
  • Do employees behave differently in a flat versus a hierarchical organizational structure? Explain your answer.
  • Organizational Information Security
  • Code Red Worm
  • National Security Directive Number 145 – 1984
  • Should an organization terminate the employment of an employee if he/she violates an AUP? Why?
  • What security controls can be deployed to monitor users that are potentially in violation of an AUP?
  • Why must an organization have an acceptable use policy (AUP) even for non-employees, such as contractors, consultants, and other third parties?
  • Why does an organization want to align its policies with the existing compliance requirements?
  • Will the AUP apply to all levels of the organization? Why or why not?
  • Why is an Acceptable Use Policy not a fail-safe means of mitigating risks and threats with the user domain?
  • Do compliance laws, such as HIPAA or GLBA, play a role in AUP definition?
  • Can Internet use and e-mail use be covered in an acceptable use policy?
  • Why do organizations have acceptable use policies (AUPs)?
  • What are three risks and threats of the user domain?
  • NIST Guidelines for Password Policies: 2017
  • Why Do Organizations Need Security Policies?
  • PenTesting and Ethics
  • Penetration Testing
  • The Perfect Password
  • Cloud Computing
  • Migrating to the Cloud: Step-by-step guide
  • Service-Oriented Architecture (SOA)
  • Cloud-based systems: Security Overview
  • Identity Management (in the cloud): IDaaS
  • SaaS, PaaS, and IaaS
  • Why are all messages sent across a network not encrypted?
  • Greater Threat: Compromise of a routing device or Compromise of a highly-utilized data transmission cable?
  • Film Review: Brazil: An IS perspective
  • Privacy and Security: A Dichotomy?
  • Multiple Points of Presence (MPOP)
  • Vulnerabilities in E-Commerce and Social Networking sites
  • Email Cryptosystems
  • Galt House Hotel Credit Card Info Breach
  • NSA: Cybersecurity Career Options
  • Why is controlling the misbehavior of software as important as software behaving as expected during execution?
  • Threat Identification: For an Organization in Florida
  • XSS Attack on Twitter
  • Security Architectures
  • Job Posting: Security Administrator
  • Massive Brute-Force Attack on Alibaba
  • OWASP Top 10 Web Vulnerabilities: 2013
  • Enterprise Information Security Policy & Issue-Specific Security Policies
  • Influencing and Motivating Employees
  • Critical Remote Access Vulnerability: Intel AMT backdoor
  • Web Analytics Tools – WebTrends and Google Analytics
  • Possible security issues with taking pictures on a smartphone and posting them on a social networking site
  • What are the security implications of having a social networking account compromised?
  • Google Removal from Search Policy
  • (ISC)² CBK
  • Disaster Recovery
  • Hurriacane Ike and a DR Story
  • Web Service: RSS
  • Comparison of Privacy Policies of LinkedIn, Facebook, and Twitter
  • Fuzzing
  • Insider Risk
  • Struxnet
  • Information in your Personal Computer
  • Management Styles and Approaches
  • IBM z13:”World’s Most Powerful Mainframe”
  • What is the importance of a business continuity plan? What are essential items that should be included in this plan for any business or organization?
  • List and explain five ways to become proactive in securing the organization
  • What is a zero-day attack? Why do these represent a significant threat to information systems?
  • What are the components of two-factor authentication?
  • Describe and discuss common authentication types
  • The root cause of an SQL injection attack and why it continues to be one of the most common security risks to a data server
  • What are the security risks with the use of ActiveX?
  • Summarize the risks of using JavaScript in a web application from a security perspective.
  • How Fast Does Ransomware Encrypt Files?
  • What are the three security issues with utilizing client-side plug-ins in a web application?
  • Tiger Team
  • Zero Day Threats
  • Macro Virus Demo
  • What are some of the ways that a leader in an organization can embody and promote security as an organizational consideration?
  • What are the key factors involved in assessing the importance of a risk?
  • What are the challenges in enforcing security policies in an organization when they have not been in place previously?
  • What challenges exist in creating and implementing new security policies in an organization when there has been no consideration of security in the past?
  • Why is leadership outlook on security critical to employee buy-in at all levels?
  • Summarize the process of constructing security training inside an organization. What are at least four resources that should be consulted to make sure the training is adequate and current?
  • What factors should be involved in deciding on a delivery method for an organization’s security training?
  • What are the main problems with preventing social engineering in an organization?
  • Why do insiders pose such a significant threat to an organization?
  • Security Awareness and Training: SANS Guidelines
  • VPN Security Flaws and Its Prevention
  • Security Awareness and Training: SANS Guidelines
  • Reverse Firewall
  • How does the evolution of attack tools affect existing systems? What steps should an organization take to remain vigilant of these new methods for compromising systems?
  • What steps should be taken to protect a system that is going down for, or coming back up from, maintenance? Why would this be a good potential time for an attacker to strike?
  • Why is it important to retain documentation of legacy elements of a software system?
  • Choose at least three available tools for software review and analysis, and summarize their features and drawbacks.
  • What factors should influence the time frame and scope of a penetration test?
  • Why is it important to probe and attack a system both at rest and in action?
  • What advantages do actual attackers have over penetration testers in attempting to compromise a system? Justify your conclusions.
  • What factors should be considered in responding to any compromise identified in either static or dynamic analysis of a system? Rank at least four factors and justify your ordering.
  • What are the important considerations in choosing a Red Team (or attack team) for your software system?
  • Fuzzing
  • Why is a periodic system review beneficial to security?
  • What protections can you place within an organization on code that is developed externally?
  • What are the risks of not mapping the instantiation and cleanup of variables containing privacy data?
  • How is the Scope of a Variable important to Security Planning?
  • What are the most critical aspects of security in an Object-Oriented Software system?
  • The Importance of Establishing a Ranking of Vulnerabilities in a System
  • Constructing Misuse Cases: Benefits and Drawbacks
  • Benefits of creating a vulnerability map for a planned software system
  • Why should requirements gathering be prevented after the scope of the system is defined?
  • Why is it important to rank the importance of various stakeholders involved in system development?
  • Why is it important to incorporate security throughout the SDLC instead of just in one phase or another?
  • Wireless Man-In-The-Middle (MITM) attacks
  • Secure SDLC
  • Cryptographic Storage – Best Practices
  • Buffer Overflow
  • What are the differences between data and information?
  • What are the Risks associated with Inheritance in Classes?
  • Why is it Important to Monitor and Control System Output?
  • The Importantance of Setting Boundaries on Variable Values
  • Buffer Overflow: Definition and Defense
  • How does SQL differ from Programming Languages?
  • The Risks of Directly Executing User Input
  • DBMS: The Differences between an Attribute and a Field
  • The Role of the Data Dictionary in the DBMS?
  • Can Rootkits Beneficial to Security Administrators?
  • Different Types of Data Backup
  • Steps to Hardening any Operating System
  • Does any RAID configuration provide a complete solution to fault tolerance in servers?
  • Home Computer and Fault Tolerence
  • PGP and Self-Signed Digital Certificates
  • The Modern Usage of the RSA Cipher
  • Asymmetric and Symmetric key cryptography: A Comparison
  • NAT and Security
  • Macro Virus Demo
  • Who is ultimately responsible for the security choices in software system development and deployment?
  • Database Systems: Threats and Mitigation
  • Why is it important to understand the updates and patches available for your operating system?
  • Policies to combat Social Engineering via Phone Calls
  • Physical Penetration into a Facility: Risks and Mitigation
  • Red Teams: Benefits and Challenges
  • What is the easiest phase of standard software development life-cycle for security considerations?
  • Who can be more destructive? The Unwitting Insider or the Intentional External Attacker?
  • TCP SYN Flood
  • Software Security and Integrity
  • Automated tools for passive and active reconnaissance
  • Nortel: Database hack, industrial espionage, and banckruptcy
  • Information Security Governance Documents
  • Database Transactions – Fraud, Security and the “Halloween Problem”
  • Contract Law for Online Providers
  • Laboratory Manual to Legal Issues in Information Security: Lab 8
  • Safe Harbors in Breach Notification Laws: Rhode Island
  • SQL injection attack: i-dressup.com data breach
  • Laboratory Manual to Legal issues in Information Security: Lab 6
  • Laboratory Manual to Legal issues in Information Security: Lab 5
  • Sarbanes-Oxley Act: Section 802
  • Laboratory Manual to Legal issues in Information Security: Lab 3
  • HIPAA Complainant Consent Form
  • Database Access Control on Data Creation
  • Creating a SQL Server 2008 Database Account
  • The Fourth Amendment and Technology
  • NoSQL Database: MongoDB
  • Lab: Tables & Databases
  • Laboratory Manual to Legal issues in Information Security: Lab 2
  • Laboratory Manual to Legal issues in Information Security: Lab 1
  • Do you see any drawbacks for transaction logs?
  • In what situations or scenarios are transaction logs helpful and important?
  • What is a transaction log in SQL?
  • SQL Statements
  • Demonstrating Responsible Stewardship: Organizations & Personal Information
  • Heartland Payment Systems breach: An InfoSec History Lesson
  • Vulnerabilities of Web Applications – Business Scenario Analysis