Skip to content
- CVSS Demystified: Part 2: Base Metrics
- CVSS Demystified: Part 1
- Ukraine: DDoS attacks on government and bank websites
- Expectations from Authority
- Why is it important to train personnel in security if it is not part of their job routine?
- The Case for Manual Security Code Review
- Why Sec folk should walk in Developers’ shoes…
- Manual Security Code Review
- CTF Solution: JIS-CTF
- CTF Solution: RickdiculouslyEasy: 1
- Computer Security Incident Response Policy: A Sample
- Why should organizations update their BCP, BIA, RTOs, and RPOs?
- How do risk management and risk assessment relate to a business impact analysis for an IT infrastructure?
- Why is it critical to align the RTO and RPO standards within the policy definition itself?
- Why is a policy definition required for a computer security incident response team?
- Why is a post-mortem review of an incident the most important step in the incident response methodology?
- How do an incident response plan and incident response team help reduce risks to the organization?
- Why is it a good idea to include human resources on the incident response management team?
- The Imitation Game: A Core Values Essay
- Ethical behavior and Security
- The Dangers of Weak Hashes
- Security Concerns with the CGI
- Remote Access Policy: A Sample
- Should an organization mention that it will be monitoring and logging remote access use in its remote access policy definition?
- What security controls, monitoring, and logging should be enabled for remote VPN access and users?
- Why is it a best practice of a remote access policy definition to require employees and users to fill in a separate VPN remote access authorization form?
- What strategies can organizations implement to keep security awareness top of mind with all employees and authorized users?
- What are some strategies for preventing users or employees from downloading and installing rogue applications and software found on the Internet?
- When trying to combat software vulnerabilities in the workstation domain, what is needed most to deal with operating system, application, and other software installations?
- How does a security awareness training policy impact an organization’s capability to mitigate risks, threats, and vulnerabilities?
- An Analysis of the Systemic Security Weaknesses of the U. S. Navy Fleet Broadcast System, 1967-1974, as Exploited by CWO John Walker
- The Devin Nunes memo to the House Permanent Select Committee on Intelligence
- Ethical Computer Use Policy
- Lone Star Credit Union: A Separation of Duties Case Project
- Why is it important for an organization to have a policy definition for business continuity and disaster recovery?
- Why the seven domains of a typical IT infrastructure help organizations align to separation of duties
- When using a layered security approach to system administration, who would have the highest access privileges?
- Why do you want to refer to technical standards in a policy definition document?
- How does separation of duties throughout an IT infrastructure mitigate risk for an organization?
- Policies for the seven domains of a typical IT infrastructure
- Sale of the Japanese Coast Guard Boat (Takachiho): A Case Study
- New Hampshire Security Breach Notifications
- Information Classification: Who, Why, and How
- Python and Digital Forensics
- Phishing Remediation
- The Art of Reconnaissance
- Is the COBIT framework superior to the other standards and frameworks such as the ISO 27000 and NIST?
- What are the key benefits of NIST SP 800-53 Revision 4?
- What is meant by Governance Framework? Why is ISO 27000 certification more attractive to companies than COSO or COBIT certification?
- Why should an organization have annual security awareness training that includes an overview of the organization’s policies?
- What security controls can be implemented on your e-mail system to help prevent rogue or malicious software disguised as URL links or e-mail attachments from attacking the workstation domain? What kind of policy definition should you use?
- Why should an organization have a remote access policy even if it already has an acceptable use policy (AUP) for employees?
- What is the purpose of defining a framework for IT security policies?
- Computer Incident Response Team (CIRT)
- The difference between The Database and the Database Management System
- The Chinese Wall Security Policy
- Specialty Medical Clinic: A HIPAA Case Project
- How do you overcome employee apathy toward policy compliance?
- What is difficult about policy implementation in a flat organization? What is difficult about policy implementation in a hierarchical organization?
- Do employee personality types differ between hierarchical and flat organizations?
- Do employees behave differently in a flat versus a hierarchical organizational structure? Explain your answer.
- Organizational Information Security
- Code Red Worm
- National Security Directive Number 145 – 1984
- Should an organization terminate the employment of an employee if he/she violates an AUP? Why?
- What security controls can be deployed to monitor users that are potentially in violation of an AUP?
- Why must an organization have an acceptable use policy (AUP) even for non-employees, such as contractors, consultants, and other third parties?
- Why does an organization want to align its policies with the existing compliance requirements?
- Will the AUP apply to all levels of the organization? Why or why not?
- Why is an Acceptable Use Policy not a fail-safe means of mitigating risks and threats with the user domain?
- Do compliance laws, such as HIPAA or GLBA, play a role in AUP definition?
- Can Internet use and e-mail use be covered in an acceptable use policy?
- Why do organizations have acceptable use policies (AUPs)?
- What are three risks and threats of the user domain?
- NIST Guidelines for Password Policies: 2017
- Why Do Organizations Need Security Policies?
- PenTesting and Ethics
- Penetration Testing
- The Perfect Password
- Cloud Computing
- Migrating to the Cloud: Step-by-step guide
- Service-Oriented Architecture (SOA)
- Cloud-based systems: Security Overview
- Identity Management (in the cloud): IDaaS
- SaaS, PaaS, and IaaS
- Why are all messages sent across a network not encrypted?
- Greater Threat: Compromise of a routing device or Compromise of a highly-utilized data transmission cable?
- Film Review: Brazil: An IS perspective
- Privacy and Security: A Dichotomy?
- Multiple Points of Presence (MPOP)
- Vulnerabilities in E-Commerce and Social Networking sites
- Email Cryptosystems
- Galt House Hotel Credit Card Info Breach
- NSA: Cybersecurity Career Options
- Why is controlling the misbehavior of software as important as software behaving as expected during execution?
- Threat Identification: For an Organization in Florida
- XSS Attack on Twitter
- Security Architectures
- Job Posting: Security Administrator
- Massive Brute-Force Attack on Alibaba
- OWASP Top 10 Web Vulnerabilities: 2013
- Enterprise Information Security Policy & Issue-Specific Security Policies
- Influencing and Motivating Employees
- Critical Remote Access Vulnerability: Intel AMT backdoor
- Web Analytics Tools – WebTrends and Google Analytics
- Possible security issues with taking pictures on a smartphone and posting them on a social networking site
- What are the security implications of having a social networking account compromised?
- Google Removal from Search Policy
- (ISC)² CBK
- Disaster Recovery
- Hurriacane Ike and a DR Story
- Web Service: RSS
- Comparison of Privacy Policies of LinkedIn, Facebook, and Twitter
- Fuzzing
- Insider Risk
- Struxnet
- Information in your Personal Computer
- Management Styles and Approaches
- IBM z13:”World’s Most Powerful Mainframe”
- What is the importance of a business continuity plan? What are essential items that should be included in this plan for any business or organization?
- List and explain five ways to become proactive in securing the organization
- What is a zero-day attack? Why do these represent a significant threat to information systems?
- What are the components of two-factor authentication?
- Describe and discuss common authentication types
- The root cause of an SQL injection attack and why it continues to be one of the most common security risks to a data server
- What are the security risks with the use of ActiveX?
- Summarize the risks of using JavaScript in a web application from a security perspective.
- How Fast Does Ransomware Encrypt Files?
- What are the three security issues with utilizing client-side plug-ins in a web application?
- Tiger Team
- Zero Day Threats
- Macro Virus Demo
- What are some of the ways that a leader in an organization can embody and promote security as an organizational consideration?
- What are the key factors involved in assessing the importance of a risk?
- What are the challenges in enforcing security policies in an organization when they have not been in place previously?
- What challenges exist in creating and implementing new security policies in an organization when there has been no consideration of security in the past?
- Why is leadership outlook on security critical to employee buy-in at all levels?
- Summarize the process of constructing security training inside an organization. What are at least four resources that should be consulted to make sure the training is adequate and current?
- What factors should be involved in deciding on a delivery method for an organization’s security training?
- What are the main problems with preventing social engineering in an organization?
- Why do insiders pose such a significant threat to an organization?
- Security Awareness and Training: SANS Guidelines
- VPN Security Flaws and Its Prevention
- Security Awareness and Training: SANS Guidelines
- Reverse Firewall
- How does the evolution of attack tools affect existing systems? What steps should an organization take to remain vigilant of these new methods for compromising systems?
- What steps should be taken to protect a system that is going down for, or coming back up from, maintenance? Why would this be a good potential time for an attacker to strike?
- Why is it important to retain documentation of legacy elements of a software system?
- Choose at least three available tools for software review and analysis, and summarize their features and drawbacks.
- What factors should influence the time frame and scope of a penetration test?
- Why is it important to probe and attack a system both at rest and in action?
- What advantages do actual attackers have over penetration testers in attempting to compromise a system? Justify your conclusions.
- What factors should be considered in responding to any compromise identified in either static or dynamic analysis of a system? Rank at least four factors and justify your ordering.
- What are the important considerations in choosing a Red Team (or attack team) for your software system?
- Fuzzing
- Why is a periodic system review beneficial to security?
- What protections can you place within an organization on code that is developed externally?
- What are the risks of not mapping the instantiation and cleanup of variables containing privacy data?
- How is the Scope of a Variable important to Security Planning?
- What are the most critical aspects of security in an Object-Oriented Software system?
- The Importance of Establishing a Ranking of Vulnerabilities in a System
- Constructing Misuse Cases: Benefits and Drawbacks
- Benefits of creating a vulnerability map for a planned software system
- Why should requirements gathering be prevented after the scope of the system is defined?
- Why is it important to rank the importance of various stakeholders involved in system development?
- Why is it important to incorporate security throughout the SDLC instead of just in one phase or another?
- Wireless Man-In-The-Middle (MITM) attacks
- Secure SDLC
- Cryptographic Storage – Best Practices
- Buffer Overflow
- What are the differences between data and information?
- What are the Risks associated with Inheritance in Classes?
- Why is it Important to Monitor and Control System Output?
- The Importantance of Setting Boundaries on Variable Values
- Buffer Overflow: Definition and Defense
- How does SQL differ from Programming Languages?
- The Risks of Directly Executing User Input
- DBMS: The Differences between an Attribute and a Field
- The Role of the Data Dictionary in the DBMS?
- Can Rootkits Beneficial to Security Administrators?
- Different Types of Data Backup
- Steps to Hardening any Operating System
- Does any RAID configuration provide a complete solution to fault tolerance in servers?
- Home Computer and Fault Tolerence
- PGP and Self-Signed Digital Certificates
- The Modern Usage of the RSA Cipher
- Asymmetric and Symmetric key cryptography: A Comparison
- NAT and Security
- Macro Virus Demo
- Who is ultimately responsible for the security choices in software system development and deployment?
- Database Systems: Threats and Mitigation
- Why is it important to understand the updates and patches available for your operating system?
- Policies to combat Social Engineering via Phone Calls
- Physical Penetration into a Facility: Risks and Mitigation
- Red Teams: Benefits and Challenges
- What is the easiest phase of standard software development life-cycle for security considerations?
- Who can be more destructive? The Unwitting Insider or the Intentional External Attacker?
- TCP SYN Flood
- Software Security and Integrity
- Automated tools for passive and active reconnaissance
- Nortel: Database hack, industrial espionage, and banckruptcy
- Information Security Governance Documents
- Database Transactions – Fraud, Security and the “Halloween Problem”
- Contract Law for Online Providers
- Laboratory Manual to Legal Issues in Information Security: Lab 8
- Safe Harbors in Breach Notification Laws: Rhode Island
- SQL injection attack: i-dressup.com data breach
- Laboratory Manual to Legal issues in Information Security: Lab 6
- Laboratory Manual to Legal issues in Information Security: Lab 5
- Sarbanes-Oxley Act: Section 802
- Laboratory Manual to Legal issues in Information Security: Lab 3
- HIPAA Complainant Consent Form
- Database Access Control on Data Creation
- Creating a SQL Server 2008 Database Account
- The Fourth Amendment and Technology
- NoSQL Database: MongoDB
- Lab: Tables & Databases
- Laboratory Manual to Legal issues in Information Security: Lab 2
- Laboratory Manual to Legal issues in Information Security: Lab 1
- Do you see any drawbacks for transaction logs?
- In what situations or scenarios are transaction logs helpful and important?
- What is a transaction log in SQL?
- SQL Statements
- Demonstrating Responsible Stewardship: Organizations & Personal Information
- Heartland Payment Systems breach: An InfoSec History Lesson
- Vulnerabilities of Web Applications – Business Scenario Analysis