Sign up for ISW's Newsletter
General Security Concepts & Misc.
Click here to return to the library index
Title Contributor Date Description Rating
Introduction to Database Log Management Anton Chuvakin 08/11/07 Anton Chuvakin writes this paper on DB logs, what logs to set and what to do with them once you have started to collect them. 5
Improving Security from the Inside Out: A Business Case for Corporate Security Awareness NSI 01/09/07 NSI contributes this paper that discusses Internal Security Awareness, management buy in, beyond policies, building a behavior based model, and etc. Well worth the time to read if you are responsible for implementing security awareness in your organization. 10
Six Mistakes of Log Management Anton Chuvakin 31/08/07 An updated paper to Anton Chuvakin's Five Mistakes of Log Management. 10
Crawling Ajax-driven Web 2.0 Applications Shreeraj Shah 14/02/07 Shreeraj Shah contributes this paper on AJAX and web crawling. 8
Assessing Java Clients with the BeanShell Stephen de Vries 22/08/06 Aimed at security testers and auditors, this white paper written by Steven de Vries, describes a technique for assessing the security of Java applications by using the Java BeanShell. No votes
Five Mistakes of Vulnerability Management Anton Chuvakin 18/01/06 Following Anton Chuvakin's other papers entitled 'The Five Mistakes of ...', this one discusses vulnerability management. This article will look at common mistakes that organizations make on the path to achieving vulnerability management perfection, both in process and technology areas. 10
Browser Identification for Web Applications Shreeraj Shah 24/06/05 Shreeraj Shah sent us this paper on the risks with browser identification. 7
Application Security Cheat Sheet Hrishikesh Sivanandhan 27/05/05 Hrishikesh Sivanandhan provides this cheatsheet on application development. He discusses the different stages and how security should be implemented during each. 6
Five Mistakes of Incident Response Anton Chuvakin 15/04/05 This article presents five mistakes that companies make regarding security incident response by Anton Chuvakin. 2
International Copyright Development and Fair Use LockLizard 20/02/05 This paper covers how International copyright differs from country to country, the development of copyright, the concept of 'fair use' and how all of this affects you as a publisher of content. 8
Phishing - A new age weapon Abhishek Kumar 25/01/05 Focuses on the security measures that financial service providers such as banks can take to prevent and manage the form of social engineering known as Phishing. 7
Integrating Security Into The Corporate Culture Steve Purser 13/12/04 Integrating security into a corporation can be challenging, especially when it comes to changing the culture. This paper looks at a positive approach. 8
Securing Physical Access and Environmental Services for Datacenters Gary Hinson 05/12/04 An excellent paper discussing ISO17799 and best practices for securing datacenters. All too often this topic is overlooked, and this paper is an excellent reference! 8
Using events-per-second as a factor in selecting SEM tools robert angelino 03/12/04 Events Per Second, or EPS, as it is commonly referred to in the world of network security, is a measurement that is used to convey how fast a network generates data from its security devices (firewalls, Intrusion Detection Systems (IDS), servers, routers, etc.), and/or how fast an SEM product can correlate data from those devices. A savvy buyer will match the EPS his network is generating to those that can be accommodated by the SEM tool that he is purchasing. 7
Stepping Beyond the PKI Pilot Steve Purser 20/11/04 A discussion on PKI including key steps to implementing, assessing requirements and alternatives, in-house vs. outsourcing and more. 8
Demystifying Penetration Testing Debasis Mohanty 08/11/04 This presentation will give a clear picture on how pen testing is done and what are the expected results. Various screenshots are provided as a proof of concepts to give a brief picture of possible end-results. 6
Five Mistakes of Security Log Analysis Anton Chuvakin 04/11/04 The article covers the typical mistakes organizations make while approaching analyzing audit logs and other security-related records produced by security infrastructure components. 5
Web Services – Attacks and Defense Shreeraj Shah 27/10/04 Web Service Security, attacking and defending, are outlined in this submission. 9
The Phishing Guide Gunter Ollmann 27/09/04 A comprehensive paper on a newer information security threat known as Phishing. 9
Implementing Core IT Security Services Steve Purser 24/08/04 This paper describes an approach for implementing core IT Security services within a modern, highly distributed, IT infrastructure. 9
HIPPA Watch Laura Taylor 04/08/04 product review of a HIPAA compliance product written by Laura Taylor 7
Managing Information Security in Modern Commercial Environments Steve Purser 30/07/04 This paper looks at modern issues that organizaiton face from conceptual, Technical Operational and Busines related issues. It disucsses approaches an Organization could use. 9
Securing Mac OS X Stephen de Vries 19/07/04 Aimed at users in environments requiring stronger security controls in an operating system, making full use of the protection features offered in OS X. It would also be of use to system administrators wishing to enforce an organization wide desktop security policy for Mac OS X. 7
Training Ethical Hackers: Training the Enemy? Tim Greene 03/07/04 Defines ethical hacking, differentiates it from malicious hacking, presents some of the ways that ethical hacking is taught, identifies some of the risks associated with this training, and concludes with suggestions on how to minimize these risks. 8
Securing Your Windows Laptop Arindam Mandal 23/06/04 A quick, yet effective guide on how to protect your Windows laptop. Discusses generally ignored insecurities and offers solutions for them. 9
Homeland Security is Threatened by Offshoring Information Technology Melanie Goodman 16/06/04 Looks at major risks of outsourcing to foreign based companies, where resulting exposure of sensitive and critical information can jeopardize even American Homeland Security efforts. 7
SecurityTalk with K Rudolph Dancho Danchev 05/06/04 “SecurityTalks” is aimed at providing concise views from leading security experts. Here Dancho Danchev with K. Rudolph discuss problems stemming from lack of user education and the importance of Security Awareness Programmes. 9
Should an Internet Service Provider be Required by Law To Monitor the Use of Its Services By Users? - The Pros and the Cons Randy Stauber 27/05/04 Says Randy Stauber: “To implement the tracking of its user requires significant costs to the provider of internet services…however, some would argue that the long term costs of not regulating how service providers track their users will be far higher to society and the information industry itself.” 9
Securing the Internal Network Adam Richard 04/03/04 Define new guidelines in order to improve the security in Microsoft Windows-based internal networks. No votes
Identity Theft - The Real Cause Mike Lee & Brian Hitchen 17/02/04 Looks at identity theft and the seriously devastating effects it can have today. Identity theft can be achieved by utilizing tactics such as the good old dumpster diving. “...6 out of every 7 bins contain information that is useful to a criminal who wants to steal your identity!” 6
Passwords: Simple yet effective DC ODriscoll 17/10/03 Simple techniques for users to generate effective passwords that are comparatively easy to remember. Contents at a glance include: choosing a password, stronger passwords (pseudo-random techniques), managing your password and password policies for small organizations. 7
National Cyber Defense: A Design for Securing our Future Nathan Einwechter 24/09/03 Represents the base design for a national cyber defense system upon which can be largely expanded to suit the needs of the many evolving requirements of law enforcement, government, research groups, and other groups of people in the context of the internet. 10
General Security Concepts & Misc. - Community Contributions
Title Contributor Date Description Rating
Cloud Computing – Storm Clouds or is it Smooth Flying? Cary Whitaker 20/04/10 Cary Whitaker writes about the concerns of Cloud Computing and gives some great reasons to take it seriously. 7
The Evolving World of Computer Security and Laws Joshua Garris 19/04/10 Jashua Garris writes about Information Security and laws, citing specific cases to demonstrate the importance of a solid security program. 8
The Phishing Guide Hal Walter 01/02/10 A comprehensive paper on a newer information security threat known as Phishing. 4
Failed: Information Security and Data Protection in a Consumer Digital World Rafal Los 15/12/08 This paper, written by Rafal Los, focuses on the 5 main reasons why information security departments have failed, and will continue to fail to deliver the promise of 'being secure'. No votes
A Closer Look at Ethical Hacking and Hackers Marilyn Leathers 12/12/08 This paper, written by Marilyn Leathers, will define ethical hacking, list some of the commonly use terms for attackers, provide a list of the standard services offered via ethical hacking to combat attackers, discuss the three common group of hackers and the top 10 most famous hackers, and finally discuss legal implications of hacking. 8
Securing Home Office Matt Moberg 28/10/08 The goal of this paper, written by Matt Moberg, is to address the common vulnerabilities of the average home office and to suggest methods to safely secure it. 6
ITIL V3 Improves Information Security Management Ginger Taylor 11/07/08 This paper, written by Ginger Taylor, will begin with an historical overview of ITIL and then move into a high level overview of Version 3, with particular focus on the Information Security Management process. This paper will address how this process has matured and how organizations can better ensure the confidentiality, integrity, and availability of their IT services by implementing the ITIL framework. 10
Cybercrime & Cyberterrorism Against Corporate America John Hibbs 02/06/08 This paper, written by John Hibbs, discusses the methods and techniques used in cybercrime and cyberterrorism in today’s society. 9
The Lack of Attention in the Prevention of Cyber Crime and How to Improve It Brett Pladna 14/05/08 This paper, written by Brett Pladna, discusses the issues of cyber crime and what is being done to prevent it 10
An Approach to Web Application Threat Modeling Akash Shrivastava 09/05/08 The aim of this paper, written by Akash Shrivastava, is to identify relevant threats and vulnerabilities in the Web Application and build a Security Framework to help in designing a secure Web Application. 9
Cyber Terrorism and Information Security Brett Pladna 25/02/08 Brett Pladna writes this research paper analyzing and outlining CyberTerrorism and the role Information Security has with it. 10
A Practical Approach to Managing Information System Risk Tom Olzak 10/02/08 The purpose of this paper, written by Tom Olzak, is to provide security managers with a working understanding of risk management as it applies to information systems. 10
A Layered Approach to Security Kellen Barrett 27/12/07 This term paper written by Kellen Barrett, outlines how Kellen implemented a layered security environment and statistically demonstrated how it helped lower security incidents. 7
Paradox of Web Leeching Aditya Sood 18/10/07 A quick look at Leeching, how it works and the associated threats of it, written by Aditya Sood. No votes
For My Next Trick... Hacking WEB2.0 Petko Petkov 02/10/07 In this paper, written by Petko Petkov, he outlines some of the dangers of Web2.0 by combining fictional stories with technology that is real. Each story begins with a prologue, which introduces the problem, and finishes with a conclusion, which summarizes the attack techniques that are described within the story context. 10
Desktop Application Virtualization and Application Streaming: Function and Security Benefits Tom Olzak 30/08/07 In this paper, Tom Olzak examines the challenges facing managers as they attempt to provide secure, continuous processing capabilities on their endpoint devices, specifically fat clients, as well as a history to modern day review. No votes
The Patriot Act and Illegal and Legal Electronic Warrantless Searches Karen Watson 19/07/07 A very insightful look in to the United States' Patriot Act and what it means to you by Karen Watson. 10
Data Backup and Recovery Options Jeff S. Drake 06/07/07 Jeff Drake submits this very in-depth look at backups, what it is, the impact and strategies. 8
Web Application Vulnerability Assessment Essentials: Your First Step to a Highly Secure Web Site Caleb Sima 21/06/07 this article, contributed by authors Caleb Sima and Vincent Liu from Spi Dynamics, discuss how to execute a web application vulnerability assessment. 8
HIPAA In Health Care: Information Security in a Health Care Environment Daniel James 11/05/07 Daniel James writes this paper on Healthcare and Information Security, asking and answering questions such as how it protects patient data, what the penalties are for non-compliance, how it will affect the healthcare industry and other questions. 10
Statistical Analysis of Internet Security Threats Daniel James 07/05/07 The purpose of this paper, written by Daniel James, is to analyze the statistics surrounding the most common security threats faced by Internet users. 7
Top 10 Configuration Security Vulnerabilities : Part One Bryan Sullivan 02/05/07 Bryan Sullivan from Spi-Dynamics submits this paper outlining five of the worst offenders of misconfigurations of application security in the ASP.NET world as well as five more misconfigurations that impact Web Forms authentication in ASP.NET as well. 9
Smart Surveillance Scott Tate 17/04/07 Scott Tate submits this paper on the history and introduction of video surveillance, touching on how some are using the technology. 7
The Importance of Securing AJAX Web Applications Acunetix 26/02/07 This paper, submitted by Acunetix, reviews AJAX technologies with specific reference to JavaScript and briefly documents the kinds of vulnerability classes that should raise security concerns among developers, website owners and the respective visitors. No votes
Asking the Right Question: Penetration Testing vs. Vulnerability Analysis Tools, Which Is Best? Dennis Hurst 09/02/07 Dennis Hurst of Spi-Dynamics contirbutes this paper which discusses how penetration testing and assessments have matured and become more complex when dealing with web facing applications. 10
Preventing a Brute Force or Dictionary Attack Bryan Sullivan 31/01/07 Bryan Sullivan of Spi Dynamics submits this paper which takes a look at Brute Force and dictionary attacks and methods to defend against them. 5
Information Security as a Business Practice John Enamait 11/12/06 This paper, written by John Enamait, addresses the role information security plays in an organization with discussions around structure and best practices. 9
Becoming User Friendly: The Technological Hurdle of Modern America Jason Cook 30/10/06 Jason Cook presents this perspective on computers, Apple and Microsoft, and some of the challenges todays end users are faced with and possible solutions. No votes
Learn Information Gathering By Example Aelphaeis Mangarae 06/10/06 This white paper, written by Aelphaeis Mangarae, goes through the steps and tools you can use in order to successfully gather information on a target web server. 8
Mutual Authentication for Online Banking: One Size Does Not Fit All Comodo 06/09/06 This paper will analyze the relative security and cost effectiveness of current mutual authentication solutions. In addition, this paper will also explore an innovative alternative to achieve not just compliance - but a true best practice PKI-based mutual authentication schema that is low cost, highly secured and highly manageable to deploy. 6
Penetration Testing – A Systematic Approach Manish Saindane 01/09/06 Manish Saindane contributes this paper on a penetration testing approach that will help those needing to, or considering performing penetration tests. 9
Desktop Security Policy Enforcement - How to Secure Your Corporate Mobile Devices Jason Meyer 30/08/06 This paper, written by Jason Meyer, will discuss the items that make up a secure desktop security policy and explore a few of the available solutions from vendors that meet some or all of the basic requirements. 10
The Effectiveness of Mix-Networks in Concealing Low-Latency Traffic Bleston Wright 25/08/06 This paper, written by Bleston Wright, discusses a means of regaining some anonymity through the usage of mix networks. It begins by discussing the threat of traffic analysis, then defines mix-networks, and explains their usage for privacy. 10
Allowing Linux to Authenticate to a Windows 2003 AD Domain Tom Munn 21/08/06 This paper, written by Tom Munn, will explore using one of several different ways that you can integrate your LINUX boxes to your windows AD forest. 9
Wired Network Security: Hospital Best Practices Jody Barnes 11/08/06 Jody Barnes contributes this paper which looks at HIPAA and it's implications for the wired network, perimeter security, network segmentation, security netwok equipment, and restriction of network access. 9
Developing and Implementing an Operating Systems Security course with Labs Harry Bulbrook 09/08/06 Harry Bulbrook writes this paper. Durham Technical Community College is developing a security course based on securing operating systems. This paper will present a list of course objectives and an outline for a developing a security course based on securing operating systems. In addition, several lab exercises will be developed and presented, including auditing and monitoring (through log files), and locking down access (including implementation of password policies.) 10
C0D3 CR4CK3D: Means and Methods to Compromise Common Hash Algorithms Kevin C. Redmon 07/08/06 In this paper, Kevin Redmon discusses the means and methods that cryptanalysts use to compromise several hash algorithms. He also discusses ways to decrease the opportunity for a compromise of a hash or its source data. 7
Designing and Implementing a SAN Al Spraker 03/08/06 This paper will define and compare the storage area networks (SAN) with network-attached storage (NAS) as well as a historical perspective of directly-attached storage (DAS). No votes
The Dangers of Mobile Computing Joshua J. Sawyer 31/07/06 In this contribution by Joshua Sawyer, Solutions to common problems areound mobile computing are discussed, as well as practical steps users can take in order to minimize the risks resulting from mobile computing. No votes
Social Engineering Defense for Small Businesses Rusty Morgan 29/07/06 This contribution from Rusty Morgan, takes a close look at social engineering attacks, examines why they are succesful and steps one can take to protect themselves from it. No votes
End Point Security: Securing the Final Three Feet Chip Moore 27/07/06 This contribution by Chip Moore, will examine several ways that system administrators can begin contemplating and planning on implementing end point security in their organization. No votes
SOHO: Cost Effective Techniques for Protecting Your Data Craig Gosselin 26/07/06 This paper, written by Craig Gosselin, will explore and help make sense out of the myriad of techniques and hardware available to help you secure your SOHO that you might with due diligence and due care become self aware of the importance of information security in your small office home office. No votes
ISMS Implementation Guide Vinod Kumar 24/07/06 This contribution by Vinod Kumar can serve as a guideline for the implementation of ISMS practices using BS7799 / ISO 27001 standards. 8
Network Security: Protecting the Patient's Electronic Medical Data in the Health Care Organization Karen Watson 19/07/06 This research paper, submitted by Karen Watson, discusses the importance of protecting the patient and the patient’s data in the evolving electronic medical record environment in the health care organization. 10
Zfone: A New Approach for Securing VoIP Communication Samuel Sotillo 20/06/06 This contribution by Samuel Sotillo is a survey on VoIP security with a focus on Phil Zimmermann's new ZRTP protocol and Zfone application. 9
Why Projects Fail Dan Morrill 14/06/06 Dan Morrill submits this paper that guides those in charge of DRM projects and some of the common issues that arise. No votes
Mobile Phone Security Benny C. Rayner 01/06/06 Benny Rayner submits this paper outlining and giving detail on the different threats of the mobile phone. 7
Internet Scams and Hoaxes: Some Information for Your Everyday User David Cobaugh 31/05/06 David Cobaugh provides this work which describes how one can easily identify hoax and scam emails as well as references to go and get more information or help. 10
Biometrics - The Wave of the Future? Gary Daniel 30/05/06 Gary Daniels writes this paper as an intoduction to Biometrics which provides the history behind it. 9
PHP Hypertext Preprocessor: Tools for Webpage Management Michael Watson 19/05/06 Michael Watson submits this paper which will identify the need for coding of web page language, its ease of use and security, and show some of the pioneer companies and programs stemming from PHP. No votes
Ethical Hacking: Teaching Students to Hack Regina D. Hartley, Ph.D. 11/05/06 Regina Hartley, Ph.D. writes this paper on the ideal Ethical Hacking course and its importance today. 6
RFID Security in the Logistics Setting Paul Bellamy 03/05/06 Paul Bellamy contributes this paper which discusses some of the security surrounding RFID. 7
A Brief Overview of VoIP Security John Daniel McCarron 02/05/06 John McCarron submits this paper that outlines some of the risks associated with using Voice Over IP (VoIP). 3
Safeguarding Against Social Engineering Colleen Rhodes 25/04/06 Colleen Rhodes contributes this paper on Social Engineering, different tactics used, and how to protect oneself from these attacks. 10
Disgruntled employees and Intellectual Property Protection Dan Morrill 21/04/06 A well written paper submitted by Dan Morrill discusses the very real threat of disgruntled employees and the potential impact they may have on an organization. Dan provides some excellent references to drive this home. 10
Strengthen Security with an Effective Security Awareness Program Tom Olzak 10/04/06 In this paper, Tom Olzak defines security awareness, list the objectives of an effective awareness program, and steps through a process to build, implement, and manage on-going support of the program. 9
Securing a Web Site Erik Evans 05/04/06 In this paper, Erik Evans will review the current challenges businesses face when hosting a public web site. 10
Contemporary Approaches To Project Risk Management: Assessment & Recommendations Mohamed Noordin Yusuff 15/03/06 Mohamed Noordin Yusuff discusses identifying and minimizing risks in projects to an acceptable level to the business. 10
Responding to Security Incidents on a Large Academic Network: Jamie Riden 14/02/06 This paper, submitted by jamie Riden, describes a series of security incidents on a large academic network, and the gradual evolution of measures to deal with emerging threats. 10
The Role of Modeling and Simulation in Information Security Mohammad Heidari 03/02/06 In this paper, Mohammad Heidari explains the applications of M&S for modeling and simulation of computer/network security. This article also analyzes the current state of M&S in the field of information security, and presents new suggestions to solve the problems in modeling and simulating in the field of Information Security. 9
Ten Threats You Probably Didn't Make Plans For Andrew Bycroft 27/01/06 Andrew Bycroft discusses threats that most people and policies do not consider such as shoulder surfing and eavesdropping. 8
End-user Device Security Tom Olzak 17/01/06 Tom Olzak submits this paper exploring many of the potential threats, vulnerabilities, and safeguards surrounding end-user computing. No votes
Hiring for Culture as well as Technical Skill in Information Technology Dan Morrill 16/01/06 Dan Morrill has done extensive research in the management of information security, things that business and IT Leaders need to know, trends in information security management, and the business IT interface. In this paper he discusses that hiring the right IT guy is not just technical, there are other skills that need to be considered, such as inter-personal skills. 10
Personal Digital Assistants are Convenient, but are They Safe? Lindsey Street 02/01/06 Lindsey Street submits this paper which looks at protecting PDA data from the consumer perspective by comparing five different third party security software packages for PDA’s. 10
Building Business Unit Scorecards Dennis Opacki 26/12/05 This contribution by Dennis Opacki, explores two methods of producing business unit security scorecards. No votes
Security Risks You and Your Family Impose on your Companies’ Computing and Networking Assets Colin Scott Thomas 22/12/05 Colin Thomas submits this paper on the risks not often thought about or addressed that may impact your company. 9
Information Security for Small Businesses Rusty Morgan 19/12/05 This contribution by Rusty Morgan, discusses the risks and threats as well as solutions that small businesses need to consider. 8
Ethical Hacking: RATIONALE FOR HACKING Regina D. Hartley, Ph.D. 16/12/05 Regina Hartley presents this study on the history of hacking, investigation into present day issues and concerns, and topics such as cyber terrorism, identity theft, and economical considerations. 9
Virus Detection and Prevention Best Practices Lesley Herring 15/12/05 Lesley Herring shares her trials and tribulations about antivirus managment in the Insurance industry. 8
Footprinting: What is it and How Do You Erase Them Ed Sutton 14/12/05 In this paper, Ed Sutton discusses just exactly what footprinting is, how it affects your privacy, and how to erase your footprints. 8
Payment Card Industry Data Security Standard (PCIDSS) Compliance Implementation in Higher Education Network Enviroments Robert Humphrey 13/12/05 Robert Humphrey discusses an overview of the PCI model, how it relates to Universities and other education facilities, and integration considerations. 10
Securing Network Communication with Stunnel, OpenSSH, and OpenVPN Kurt Kincaid 12/12/05 Kurt Kincaid submits this article that discusses STunnel, OpenSSH, and OpenVPN. Kurt explains the value of each of these as well as the implementation. 9
Economic Evaluation of a Company’s Information Security Expenditures Kelly Lucas 05/12/05 Kelly Lucas provides this paper on Return on Investment (ROI), Net present Value (NPV) and Internal Rate of Return (IRR). Some good examples and best practices are included. understand your 8
The Layman's Guide to Phishing and Pharming Joshua J. Sawyer 01/12/05 A personal/home user perspective on Phishing and Pharming submitted by Joshua Sawyer. This paper provides good references and examples. No votes
Understanding Security Testing Arian Eigen Heald 30/11/05 Eigen Heald submits this article on security testing. She discusses the differences between vulnerability assessing and vulnerability scanning as well as the scope of both. 9
Protecting your Home Computer from Internet Threats Rick Wanner 29/11/05 Rick Wanner explains how to secure your home computer in a few easy steps. Written with the novice in mind. 9
Information System Activity Review in an Academic Medical Center David McKelvey 22/11/05 David McKelvey submits this work on the Information System Activity Review (ISAR) which is intended to detect and limit damage to the confidentiality, integrity, and availability of a system. 8
ISO 17799: Asset Management Gregory Yhan 21/11/05 Greg Yhan submits this contribution which outlines Asset Management as defined in the ISO 17799/BS7799 standards. 9
BS7799 - The Road to BS7799 Certification and using ISO17799 as an Information Security Framework John Theobald 12/10/05 An excellent overview of the BS7799/ISO17799 framework submitted by John Theobald of I-Defence. 7
Salted Hashes Demystified Andres Andreu 10/10/05 Andres Andreu submits this work regarding passwords and the hashing process, most popular in UNIX type Operating Systems. 7
Network Security- An Open-Source Approach Blain R. Jones 29/08/05 Blain Jones discusses using open source solutions to mitigate risk to an acceptable level. 9
Linux in the Medical SOHO Steven Marcus 24/08/05 Steven Marcus presents this paper on the values and benefits of Linux to smaller medical facilities. No votes
Computer Forensics: Bringing the Evidence to Court Cornell Walker 17/08/05 Cornell Walker presents this study on bringing evidence to court int he form of computer forensics. This is a must read for anyon having to provide evidence to the legal system. 9
Where is the True Enemy to Network Security Michael Hogan 15/08/05 Michael Hogan submits this paper on the threats facing networks today, from both an internal and external perspective, with focus on internal. No votes
Authentication Methods for Banking Seth Thigpen 08/08/05 Seth Thigpen submits this paper on authentication, which discusses authentication, authorization, and accounting, focused on the banking industry, but applicable to all companies. 10
Two-Factor Authentication Roger Elrod 01/08/05 Roger Elrod contirbutes this paper on two-factor authentication, the different types, and why its important to todays businesses. 9
Social Engineering - Can Organizations Win the Battle Terry Turner 29/07/05 An overview on Social Engineering and how it is used today; contributed by Terry Turner. 10
Denial Of Service FAQ(Basic) Aelphaeis Mangarae 10/05/05 This text submitted by Aelphaeis Mangarae discusses the many different types of DOS, ways DOS are performed and methods to help minimize impact from such attacks. 5
What is the point of encryption if you don’t know who for? Dr. Colin Walter 04/05/05 Encryption is an absolute necessity to maintain an architecture for secure communications. It provides confidentially, authenticity and non repudiation, essential for successful e-commerce transactions on the Internet. Encryption is only possible with entity authentication after all, what is the point of encryption if you don’t know who for? 3
Introduction to Block Cipher Algorithms and Their Applications in Communication Security Jason Isom 27/04/05 This contribution from Jason Isom gives a brief introduction to Cryptography and Block Cipher Algorithms. 6
Protecting your Personal Computer Felix Uribe 01/04/05 A high-level overview for a non-technical user of how to protect your computer. Topics include Spyware, Firewall and Antivirus. 4
Worst Practices in Developing Secure Software Ted Demopoulos 26/03/05 Another contribution by Ted Demopoulos that covers developing secure software with consideration for development timelines, security testing, and cryptography. 8
Why Document DRM will Replace Encryption as the Standard for Document Protection Dr Stephen Hitchen 18/03/05 This paper discusses DRM as a superior replacement for encryption as a means of securing the content of documents for business. 7
Return On Security Investment (ROSI): A Practical Quantitative Model Wes Sonnenreich 15/03/05 This article addresses why organizations need practical security benchmarking tools in order to plan effective security strategies and explores techniques that can be used to measure security within an organization. In addition, it proposes a benchmarking methodology that produces results that are of strategic importance to both decision makers and technology implementers. 7
Document Security in Web Applications Andres Desa 02/03/05 Many web applications serve Word or PDF documents to the users. These documents are often cached in user's PC and could reveal sensitive information. This White Paper talks about the rendering of documents like Word, PDF files in such a way that they are not cached by the browsers. The paper looks at the current implementations followed and suggests an implementation that successfully tackles the issue. A sample code in ASP would also be provided in the paper. 8
The Catalyst For Portable Storage Computing: RAPID APPLICATION DEVELOPMENT Ray Chance 24/02/05 A technical white paper that covers the technical challenges and opportunities, File Security (SDK and COM), and authentication surrounding USB Flash devices. No votes
Return on Information Security Investment Adrian Mizzi 10/02/05 an excellent look at calculating Loss of Revenue, Return on Investment, Viability of Expenditure, and other formulas that should help one calculate the value to determine the need for security. 9
Understanding USB Flash Drives as Portable Infrastructure Ray Chance 21/01/05 The purpose of this white paper is to briefly discuss seven important topics everyone in business needs to know about USB flash drives. More importantly, this white paper is meant to challenge current business thinking that treats small portable devices as big security problems disguised as toys or high-tech gadgets. USB flash drives provide many valuable and productive functions in business. Managers need to look beyond short term concerns, rollup their sleeves, and make USB flash drives apart of their IT landscape. Just like wireless networking, managers must consider USB flash drives as the driving force behind a new, portable infrastructure 8
Internet Security Needs Ted Demopoulos 15/12/04 Here is a 'rant' by Ted on the frequency and types of computer attacks he receives daily. Ted offers his view on how to minimize them. 7
How to Make the 'Perfect' PB&J Chuck Fullerton 29/10/04 A contribution that outlines using Policies, Best Practices and Justifications to improve Information Security. 8
SECURITY OF WINDOWS 2000 SERVER Administrators Choice DaAnZeR 14/10/04 A thorough Windows 2000 Server Hardening Guide. 9
Middleware-Emerging Technology and its Controls Naushad Ramzan Ali 19/08/04 A paper that discuss middleware, and the security concerns surrounding it. A good introductory paper. 8
Poor Information Security Management Renders Technology Irrelevant Brian Christopher Watkins 05/08/04 'Security Management Renders Technology Irrelevant' is an overview that takes a look at the risks involved with doing business today. No votes
Beyond Top Secret Hal Walter 01/08/04 This paper discusses data classification, Physical Security, Communications Security, Information Seucrity, and Personnel Security. 8
How Acceptable Use Policies Coincide with HIPAA Requirements Jody Rouse 28/07/04 A close look at how Acceptable Use Policies can help with HIPAA. The ideas in this paper could also be applied to Sarbanes Oxley, BS7799, ISO 17799 and other standards. 7
Protecting Your Home Assets Craig Fosnock 27/07/04 A paper dedicated to the common home user. It identifies home users as a target, and provides defense in depth solutions home users can do to minimize the risk. 3
Cryptosystems That Secure Web Browsers Craig Luther 26/07/04 This paper covers SSL, SET, Secure HTTP, SSH and other protocols used to secure Web Browsing. 7
Breaking Point: Forging Chaos and Destruction Jesus Oquendo 06/08/03 Written to make novices, experts, and LEA's aware of high tech crime scenarios and how easy it has become is to pass forgeries or frame someone in today’s world without even having to be a computer expert. No votes
How to use (IRC) File Servers Janne 07/09/02 General: Fserver: Defination, XDCC, Fserver versus FTP, DC, Boards... | Use: using, accessing, commands | Flaws, bugs, backdoors etc. | retrieving addition info | MIRC Scripting | DCC and Firewalls 10
Share-aware: A new shareware model proposal Floydman 06/09/02 A proposal for a new shareware system. 9

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , All rights reserved. Comments are property of the respective posters.