Skip to content
CVSS Demystified: Part 2: Base Metrics
CVSS Demystified: Part 1
Ukraine: DDoS attacks on government and bank websites
Expectations from Authority
Why is it important to train personnel in security if it is not part of their job routine?
The Case for Manual Security Code Review
Why Sec folk should walk in Developers’ shoes…
Manual Security Code Review
CTF Solution: JIS-CTF
CTF Solution: RickdiculouslyEasy: 1
Computer Security Incident Response Policy: A Sample
Why should organizations update their BCP, BIA, RTOs, and RPOs?
How do risk management and risk assessment relate to a business impact analysis for an IT infrastructure?
Why is it critical to align the RTO and RPO standards within the policy definition itself?
Why is a policy definition required for a computer security incident response team?
Why is a post-mortem review of an incident the most important step in the incident response methodology?
How do an incident response plan and incident response team help reduce risks to the organization?
Why is it a good idea to include human resources on the incident response management team?
The Imitation Game: A Core Values Essay
Ethical behavior and Security
The Dangers of Weak Hashes
Security Concerns with the CGI
Remote Access Policy: A Sample
Should an organization mention that it will be monitoring and logging remote access use in its remote access policy definition?
What security controls, monitoring, and logging should be enabled for remote VPN access and users?
Why is it a best practice of a remote access policy definition to require employees and users to fill in a separate VPN remote access authorization form?
What strategies can organizations implement to keep security awareness top of mind with all employees and authorized users?
What are some strategies for preventing users or employees from downloading and installing rogue applications and software found on the Internet?
When trying to combat software vulnerabilities in the workstation domain, what is needed most to deal with operating system, application, and other software installations?
How does a security awareness training policy impact an organization’s capability to mitigate risks, threats, and vulnerabilities?
An Analysis of the Systemic Security Weaknesses of the U. S. Navy Fleet Broadcast System, 1967-1974, as Exploited by CWO John Walker
The Devin Nunes memo to the House Permanent Select Committee on Intelligence
Ethical Computer Use Policy
Lone Star Credit Union: A Separation of Duties Case Project
Why is it important for an organization to have a policy definition for business continuity and disaster recovery?
Why the seven domains of a typical IT infrastructure help organizations align to separation of duties
When using a layered security approach to system administration, who would have the highest access privileges?
Why do you want to refer to technical standards in a policy definition document?
How does separation of duties throughout an IT infrastructure mitigate risk for an organization?
Policies for the seven domains of a typical IT infrastructure
Sale of the Japanese Coast Guard Boat (Takachiho): A Case Study
New Hampshire Security Breach Notifications
Information Classification: Who, Why, and How
Python and Digital Forensics
Phishing Remediation
The Art of Reconnaissance
Is the COBIT framework superior to the other standards and frameworks such as the ISO 27000 and NIST?
What are the key benefits of NIST SP 800-53 Revision 4?
What is meant by Governance Framework? Why is ISO 27000 certification more attractive to companies than COSO or COBIT certification?
Why should an organization have annual security awareness training that includes an overview of the organization’s policies?
What security controls can be implemented on your e-mail system to help prevent rogue or malicious software disguised as URL links or e-mail attachments from attacking the workstation domain? What kind of policy definition should you use?
Why should an organization have a remote access policy even if it already has an acceptable use policy (AUP) for employees?
What is the purpose of defining a framework for IT security policies?
Computer Incident Response Team (CIRT)
The difference between The Database and the Database Management System
The Chinese Wall Security Policy
Specialty Medical Clinic: A HIPAA Case Project
How do you overcome employee apathy toward policy compliance?
What is difficult about policy implementation in a flat organization? What is difficult about policy implementation in a hierarchical organization?
Do employee personality types differ between hierarchical and flat organizations?
Do employees behave differently in a flat versus a hierarchical organizational structure? Explain your answer.
Organizational Information Security
Code Red Worm
National Security Directive Number 145 – 1984
Should an organization terminate the employment of an employee if he/she violates an AUP? Why?
What security controls can be deployed to monitor users that are potentially in violation of an AUP?
Why must an organization have an acceptable use policy (AUP) even for non-employees, such as contractors, consultants, and other third parties?
Why does an organization want to align its policies with the existing compliance requirements?
Will the AUP apply to all levels of the organization? Why or why not?
Why is an Acceptable Use Policy not a fail-safe means of mitigating risks and threats with the user domain?
Do compliance laws, such as HIPAA or GLBA, play a role in AUP definition?
Can Internet use and e-mail use be covered in an acceptable use policy?
Why do organizations have acceptable use policies (AUPs)?
What are three risks and threats of the user domain?
NIST Guidelines for Password Policies: 2017
Why Do Organizations Need Security Policies?
PenTesting and Ethics
Penetration Testing
The Perfect Password
Cloud Computing
Migrating to the Cloud: Step-by-step guide
Service-Oriented Architecture (SOA)
Cloud-based systems: Security Overview
Identity Management (in the cloud): IDaaS
SaaS, PaaS, and IaaS
Why are all messages sent across a network not encrypted?
Greater Threat: Compromise of a routing device or Compromise of a highly-utilized data transmission cable?
Film Review: Brazil: An IS perspective
Privacy and Security: A Dichotomy?
Multiple Points of Presence (MPOP)
Vulnerabilities in E-Commerce and Social Networking sites
Email Cryptosystems
Galt House Hotel Credit Card Info Breach
NSA: Cybersecurity Career Options
Why is controlling the misbehavior of software as important as software behaving as expected during execution?
Threat Identification: For an Organization in Florida
XSS Attack on Twitter
Security Architectures
Job Posting: Security Administrator
Massive Brute-Force Attack on Alibaba
OWASP Top 10 Web Vulnerabilities: 2013
Enterprise Information Security Policy & Issue-Specific Security Policies
Influencing and Motivating Employees
Critical Remote Access Vulnerability: Intel AMT backdoor
Web Analytics Tools – WebTrends and Google Analytics
Possible security issues with taking pictures on a smartphone and posting them on a social networking site
What are the security implications of having a social networking account compromised?
Google Removal from Search Policy
(ISC)² CBK
Disaster Recovery
Hurriacane Ike and a DR Story
Web Service: RSS
Comparison of Privacy Policies of LinkedIn, Facebook, and Twitter
Fuzzing
Insider Risk
Struxnet
Information in your Personal Computer
Management Styles and Approaches
IBM z13:”World’s Most Powerful Mainframe”
What is the importance of a business continuity plan? What are essential items that should be included in this plan for any business or organization?
List and explain five ways to become proactive in securing the organization
What is a zero-day attack? Why do these represent a significant threat to information systems?
What are the components of two-factor authentication?
Describe and discuss common authentication types
The root cause of an SQL injection attack and why it continues to be one of the most common security risks to a data server
What are the security risks with the use of ActiveX?
Summarize the risks of using JavaScript in a web application from a security perspective.
How Fast Does Ransomware Encrypt Files?
What are the three security issues with utilizing client-side plug-ins in a web application?
Tiger Team
Zero Day Threats
Macro Virus Demo
What are some of the ways that a leader in an organization can embody and promote security as an organizational consideration?
What are the key factors involved in assessing the importance of a risk?
What are the challenges in enforcing security policies in an organization when they have not been in place previously?
What challenges exist in creating and implementing new security policies in an organization when there has been no consideration of security in the past?
Why is leadership outlook on security critical to employee buy-in at all levels?
Summarize the process of constructing security training inside an organization. What are at least four resources that should be consulted to make sure the training is adequate and current?
What factors should be involved in deciding on a delivery method for an organization’s security training?
What are the main problems with preventing social engineering in an organization?
Why do insiders pose such a significant threat to an organization?
Security Awareness and Training: SANS Guidelines
VPN Security Flaws and Its Prevention
Security Awareness and Training: SANS Guidelines
Reverse Firewall
How does the evolution of attack tools affect existing systems? What steps should an organization take to remain vigilant of these new methods for compromising systems?
What steps should be taken to protect a system that is going down for, or coming back up from, maintenance? Why would this be a good potential time for an attacker to strike?
Why is it important to retain documentation of legacy elements of a software system?
Choose at least three available tools for software review and analysis, and summarize their features and drawbacks.
What factors should influence the time frame and scope of a penetration test?
Why is it important to probe and attack a system both at rest and in action?
What advantages do actual attackers have over penetration testers in attempting to compromise a system? Justify your conclusions.
What factors should be considered in responding to any compromise identified in either static or dynamic analysis of a system? Rank at least four factors and justify your ordering.
What are the important considerations in choosing a Red Team (or attack team) for your software system?
Fuzzing
Why is a periodic system review beneficial to security?
What protections can you place within an organization on code that is developed externally?
What are the risks of not mapping the instantiation and cleanup of variables containing privacy data?
How is the Scope of a Variable important to Security Planning?
What are the most critical aspects of security in an Object-Oriented Software system?
The Importance of Establishing a Ranking of Vulnerabilities in a System
Constructing Misuse Cases: Benefits and Drawbacks
Benefits of creating a vulnerability map for a planned software system
Why should requirements gathering be prevented after the scope of the system is defined?
Why is it important to rank the importance of various stakeholders involved in system development?
Why is it important to incorporate security throughout the SDLC instead of just in one phase or another?
Wireless Man-In-The-Middle (MITM) attacks
Secure SDLC
Cryptographic Storage – Best Practices
Buffer Overflow
What are the differences between data and information?
What are the Risks associated with Inheritance in Classes?
Why is it Important to Monitor and Control System Output?
The Importantance of Setting Boundaries on Variable Values
Buffer Overflow: Definition and Defense
How does SQL differ from Programming Languages?
The Risks of Directly Executing User Input
DBMS: The Differences between an Attribute and a Field
The Role of the Data Dictionary in the DBMS?
Can Rootkits Beneficial to Security Administrators?
Different Types of Data Backup
Steps to Hardening any Operating System
Does any RAID configuration provide a complete solution to fault tolerance in servers?
Home Computer and Fault Tolerence
PGP and Self-Signed Digital Certificates
The Modern Usage of the RSA Cipher
Asymmetric and Symmetric key cryptography: A Comparison
NAT and Security
Macro Virus Demo
Who is ultimately responsible for the security choices in software system development and deployment?
Database Systems: Threats and Mitigation
Why is it important to understand the updates and patches available for your operating system?
Policies to combat Social Engineering via Phone Calls
Physical Penetration into a Facility: Risks and Mitigation
Red Teams: Benefits and Challenges
What is the easiest phase of standard software development life-cycle for security considerations?
Who can be more destructive? The Unwitting Insider or the Intentional External Attacker?
TCP SYN Flood
Software Security and Integrity
Automated tools for passive and active reconnaissance
Nortel: Database hack, industrial espionage, and banckruptcy
Information Security Governance Documents
Database Transactions – Fraud, Security and the “Halloween Problem”
Contract Law for Online Providers
Laboratory Manual to Legal Issues in Information Security: Lab 8
Safe Harbors in Breach Notification Laws: Rhode Island
SQL injection attack: i-dressup.com data breach
Laboratory Manual to Legal issues in Information Security: Lab 6
Laboratory Manual to Legal issues in Information Security: Lab 5
Sarbanes-Oxley Act: Section 802
Laboratory Manual to Legal issues in Information Security: Lab 3
HIPAA Complainant Consent Form
Database Access Control on Data Creation
Creating a SQL Server 2008 Database Account
The Fourth Amendment and Technology
NoSQL Database: MongoDB
Lab: Tables & Databases
Laboratory Manual to Legal issues in Information Security: Lab 2
Laboratory Manual to Legal issues in Information Security: Lab 1
Do you see any drawbacks for transaction logs?
In what situations or scenarios are transaction logs helpful and important?
What is a transaction log in SQL?
SQL Statements
Demonstrating Responsible Stewardship: Organizations & Personal Information
Heartland Payment Systems breach: An InfoSec History Lesson
Vulnerabilities of Web Applications – Business Scenario Analysis