April 2021 – Divya Aradhya

Why is it a best practice of a remote access policy definition to require employees and users to fill in a separate VPN remote access authorization form?

What strategies can organizations implement to keep security awareness top of mind with all employees and authorized users?

What are some strategies for preventing users or employees from downloading and installing rogue applications and software found on the Internet?

When trying to combat software vulnerabilities in the workstation domain, what is needed most to deal with operating system, application, and other software installations?

How does a security awareness training policy impact an organization’s capability to mitigate risks, threats, and vulnerabilities?

An Analysis of the Systemic Security Weaknesses of the U. S. Navy Fleet Broadcast System, 1967-1974, as Exploited by CWO John Walker

The Devin Nunes memo to the House Permanent Select Committee on Intelligence

Ethical Computer Use Policy

Lone Star Credit Union: A Separation of Duties Case Project

Why is it important for an organization to have a policy definition for business continuity and disaster recovery?

Why the seven domains of a typical IT infrastructure help organizations align to separation of duties

When using a layered security approach to system administration, who would have the highest access privileges?

Why do you want to refer to technical standards in a policy definition document?

How does separation of duties throughout an IT infrastructure mitigate risk for an organization?

Policies for the seven domains of a typical IT infrastructure

Sale of the Japanese Coast Guard Boat (Takachiho): A Case Study

New Hampshire Security Breach Notifications

Information Classification: Who, Why, and How

Python and Digital Forensics

Phishing Remediation

The Art of Reconnaissance

Is the COBIT framework superior to the other standards and frameworks such as the ISO 27000 and NIST?

What are the key benefits of NIST SP 800-53 Revision 4?

What is meant by Governance Framework? Why is ISO 27000 certification more attractive to companies than COSO or COBIT certification?

Why should an organization have annual security awareness training that includes an overview of the organization’s policies?

What security controls can be implemented on your e-mail system to help prevent rogue or malicious software disguised as URL links or e-mail attachments from attacking the workstation domain? What kind of policy definition should you use?

Why should an organization have a remote access policy even if it already has an acceptable use policy (AUP) for employees?

What is the purpose of defining a framework for IT security policies?

Computer Incident Response Team (CIRT)

The difference between The Database and the Database Management System

The Chinese Wall Security Policy

Specialty Medical Clinic: A HIPAA Case Project

How do you overcome employee apathy toward policy compliance?

What is difficult about policy implementation in a flat organization? What is difficult about policy implementation in a hierarchical organization?

Do employee personality types differ between hierarchical and flat organizations?

Do employees behave differently in a flat versus a hierarchical organizational structure? Explain your answer.

Organizational Information Security

Code Red Worm

National Security Directive Number 145 – 1984

Should an organization terminate the employment of an employee if he/she violates an AUP? Why?

What security controls can be deployed to monitor users that are potentially in violation of an AUP?

Why must an organization have an acceptable use policy (AUP) even for non-employees, such as contractors, consultants, and other third parties?

Why does an organization want to align its policies with the existing compliance requirements?

Will the AUP apply to all levels of the organization? Why or why not?

Why is an Acceptable Use Policy not a fail-safe means of mitigating risks and threats with the user domain?

Do compliance laws, such as HIPAA or GLBA, play a role in AUP definition?

Can Internet use and e-mail use be covered in an acceptable use policy?

Why do organizations have acceptable use policies (AUPs)?

What are three risks and threats of the user domain?

NIST Guidelines for Password Policies: 2017

Why Do Organizations Need Security Policies?

PenTesting and Ethics

Penetration Testing

The Perfect Password

Cloud Computing

Migrating to the Cloud: Step-by-step guide

Service-Oriented Architecture (SOA)

Cloud-based systems: Security Overview

Identity Management (in the cloud): IDaaS

SaaS, PaaS, and IaaS

Why are all messages sent across a network not encrypted?

Greater Threat: Compromise of a routing device or Compromise of a highly-utilized data transmission cable?

Film Review: Brazil: An IS perspective

Privacy and Security: A Dichotomy?

Multiple Points of Presence (MPOP)

Vulnerabilities in E-Commerce and Social Networking sites

Email Cryptosystems

Galt House Hotel Credit Card Info Breach

NSA: Cybersecurity Career Options

Why is controlling the misbehavior of software as important as software behaving as expected during execution?

Threat Identification: For an Organization in Florida

XSS Attack on Twitter

Security Architectures

Job Posting: Security Administrator

Massive Brute-Force Attack on Alibaba

OWASP Top 10 Web Vulnerabilities: 2013

Enterprise Information Security Policy & Issue-Specific Security Policies

Influencing and Motivating Employees

Critical Remote Access Vulnerability: Intel AMT backdoor

Web Analytics Tools – WebTrends and Google Analytics

Possible security issues with taking pictures on a smartphone and posting them on a social networking site

What are the security implications of having a social networking account compromised?

Google Removal from Search Policy

(ISC)² CBK

Disaster Recovery

Hurriacane Ike and a DR Story

Web Service: RSS

Comparison of Privacy Policies of LinkedIn, Facebook, and Twitter

Fuzzing

Insider Risk

Struxnet

Information in your Personal Computer

Management Styles and Approaches

IBM z13:”World’s Most Powerful Mainframe”

What is the importance of a business continuity plan? What are essential items that should be included in this plan for any business or organization?

List and explain five ways to become proactive in securing the organization

What is a zero-day attack? Why do these represent a significant threat to information systems?

What are the components of two-factor authentication?

Describe and discuss common authentication types

The root cause of an SQL injection attack and why it continues to be one of the most common security risks to a data server

What are the security risks with the use of ActiveX?

Summarize the risks of using JavaScript in a web application from a security perspective.

How Fast Does Ransomware Encrypt Files?

What are the three security issues with utilizing client-side plug-ins in a web application?

Tiger Team

Zero Day Threats

Macro Virus Demo

What are some of the ways that a leader in an organization can embody and promote security as an organizational consideration?

What are the key factors involved in assessing the importance of a risk?

What are the challenges in enforcing security policies in an organization when they have not been in place previously?

What challenges exist in creating and implementing new security policies in an organization when there has been no consideration of security in the past?

Why is leadership outlook on security critical to employee buy-in at all levels?

Summarize the process of constructing security training inside an organization. What are at least four resources that should be consulted to make sure the training is adequate and current?

What factors should be involved in deciding on a delivery method for an organization’s security training?

What are the main problems with preventing social engineering in an organization?

Why do insiders pose such a significant threat to an organization?

Security Awareness and Training: SANS Guidelines

VPN Security Flaws and Its Prevention

Security Awareness and Training: SANS Guidelines

Reverse Firewall

How does the evolution of attack tools affect existing systems? What steps should an organization take to remain vigilant of these new methods for compromising systems?

What steps should be taken to protect a system that is going down for, or coming back up from, maintenance? Why would this be a good potential time for an attacker to strike?

Why is it important to retain documentation of legacy elements of a software system?

Choose at least three available tools for software review and analysis, and summarize their features and drawbacks.

What factors should influence the time frame and scope of a penetration test?

Why is it important to probe and attack a system both at rest and in action?

What advantages do actual attackers have over penetration testers in attempting to compromise a system? Justify your conclusions.

What factors should be considered in responding to any compromise identified in either static or dynamic analysis of a system? Rank at least four factors and justify your ordering.

What are the important considerations in choosing a Red Team (or attack team) for your software system?

Fuzzing

Why is a periodic system review beneficial to security?

What protections can you place within an organization on code that is developed externally?

What are the risks of not mapping the instantiation and cleanup of variables containing privacy data?

How is the Scope of a Variable important to Security Planning?

What are the most critical aspects of security in an Object-Oriented Software system?

The Importance of Establishing a Ranking of Vulnerabilities in a System

Constructing Misuse Cases: Benefits and Drawbacks

Benefits of creating a vulnerability map for a planned software system

Why should requirements gathering be prevented after the scope of the system is defined?

Why is it important to rank the importance of various stakeholders involved in system development?

Why is it important to incorporate security throughout the SDLC instead of just in one phase or another?

Wireless Man-In-The-Middle (MITM) attacks

Secure SDLC

Cryptographic Storage – Best Practices

Buffer Overflow

What are the differences between data and information?

What are the Risks associated with Inheritance in Classes?

Why is it Important to Monitor and Control System Output?

The Importantance of Setting Boundaries on Variable Values

Buffer Overflow: Definition and Defense

How does SQL differ from Programming Languages?

The Risks of Directly Executing User Input

DBMS: The Differences between an Attribute and a Field

The Role of the Data Dictionary in the DBMS?

Can Rootkits Beneficial to Security Administrators?

Different Types of Data Backup

Steps to Hardening any Operating System

Does any RAID configuration provide a complete solution to fault tolerance in servers?

Home Computer and Fault Tolerence

PGP and Self-Signed Digital Certificates

The Modern Usage of the RSA Cipher

Asymmetric and Symmetric key cryptography: A Comparison

NAT and Security

Macro Virus Demo

Who is ultimately responsible for the security choices in software system development and deployment?

Database Systems: Threats and Mitigation

Why is it important to understand the updates and patches available for your operating system?

Policies to combat Social Engineering via Phone Calls

Physical Penetration into a Facility: Risks and Mitigation

Red Teams: Benefits and Challenges

What is the easiest phase of standard software development life-cycle for security considerations?

Who can be more destructive? The Unwitting Insider or the Intentional External Attacker?

TCP SYN Flood

Software Security and Integrity

Automated tools for passive and active reconnaissance

Nortel: Database hack, industrial espionage, and banckruptcy

Information Security Governance Documents

Database Transactions – Fraud, Security and the “Halloween Problem”

Contract Law for Online Providers

Laboratory Manual to Legal Issues in Information Security: Lab 8

Safe Harbors in Breach Notification Laws: Rhode Island

SQL injection attack: i-dressup.com data breach

Laboratory Manual to Legal issues in Information Security: Lab 6

Laboratory Manual to Legal issues in Information Security: Lab 5

Sarbanes-Oxley Act: Section 802

Laboratory Manual to Legal issues in Information Security: Lab 3

HIPAA Complainant Consent Form

Database Access Control on Data Creation

Creating a SQL Server 2008 Database Account

The Fourth Amendment and Technology

NoSQL Database: MongoDB

Lab: Tables & Databases

Laboratory Manual to Legal issues in Information Security: Lab 2

Laboratory Manual to Legal issues in Information Security: Lab 1

Do you see any drawbacks for transaction logs?

In what situations or scenarios are transaction logs helpful and important?

What is a transaction log in SQL?

SQL Statements

Demonstrating Responsible Stewardship: Organizations & Personal Information

Heartland Payment Systems breach: An InfoSec History Lesson

Vulnerabilities of Web Applications – Business Scenario Analysis