| Shon,
and the Logical Security team, continually monitor
the environment and the industry and develop programs
to assist companies in achieving real security
and measurable results. The Logical Security white
papers provide organizations with the knowledge
and strategies vital to managing and maximizing
an enterprise's security.
A Human Capital Crisis - Technical Proficiency Matters by Karen Evans and Franklin Reeder
Evidence continues to build showing that our information infrastructure is vulnerable to threats not just from nation
states but also from individuals and small groups who seek to do us harm or who wish to exploit our weaknesses for
personal gain.
Download White Paper
Cybersecurity Two Years Later by Representative James R. Langevin, Representative Michael T. McCaul, Scott Charney, Lt. General Harry Raduege, USAF (ret.)
2010 should have been the year of cybersecurity. It began with a major penetration of Google and other Fortune 500 companies,
saw the Department of Defense describe how its classified networks had been compromised, watched the Stuxnet worm cut through
industrial control systems, and ended with annoying denial of service attacks over Wikileaks.
Download White Paper
Introduction to MAEC by Ivan Kirillov, Penny Chase, Desiree Beck and Robert Martin
Malware represents one of the most prevalent threats to cyber security and is increasingly able to circumvent previously
standardized detection, mitigation, and characterization techniques. Although new methods for combating malware have been
developed, it is still difficult to communicate and share useful information garnered through these techniques without
ambiguity and corresponding data loss. To close this significant gap in malware-oriented communication, this paper
introduces and defines a language for characterizing malware based on its behaviors, artifacts, and attack patterns.
Download White Paper
Symantec Intelligence Quarterly by Symantec™ Security Response
This report discusses notable aspects of malicious activity that Symantec observed from April 1 to June 30, 2011.
It also includes a timeline of notable events for the period, as well as two additional articles on noteworthy
security threats - the Qakbot worm and MACDefender rogue security software.
Download White Paper
International Strategy for Cyberspace
Cyberspace, and the technologies that enable it, allow people of every nationality,
race, faith, and point of view to communicate, cooperate, and prosper like never before.
Download White Paper
Conficker Working Group:
Lessons Learned
This paper was commissioned by the Department of
Homeland Security’s Science and Technology (S&T)
Directorate to document the creation, workings and
processes of the Conficker Working Group and to
provide lessons learned and recommendations for best
practices. The paper is the result of in depth
interviews with 15 members of the Working Group to
obtain their overview of the activities of the
Working Group and their opinions on lessons learned
and open source research to identify how the broader
cyber community dealt with and how the media covered
the Conficker worm.
Download White Paper
The Basics of Stuxnet
Considered to be the most intricately designed piece of malware ever, Stuxnet leverages attack vectors onto industrial control systems, a territory rarely ventured into by traditional malware. Stuxnet targets industries, power plants and other facilities that use automation and control equipment from the leading German industrial vendor, Siemens. The term, critical infrastructure refers to industrial systems that are essential for the functioning and safety of our societies. Considering the profound dependence of critical infrastructure on industrial control and automation equipment, it is essential to reassess the impact this new generation of malware on the stability and security of our society.
Download White Paper
Security Awareness Components
There are several things you can do to make
security awareness take place in a continuous manner
within your organization. The following is a concise
list of things that you can do to make security
awareness powerful, effective and fun!
Download White Paper
Internal Self Assessment
If you are a small shop, you may not be able to
afford expensive and automated auditing tools.
Logical Security would like to provide you with an
internally developed spreadsheet that might be
useful to you.
Download White Paper
Security Content Automation Protocol
Once software code is compiled, shrink-wrapped, and shipped to the far ends of the earth, there are only so many approaches to secure that software against exploitation. While a seemingly simple problem to solve, for two decades the vast majority of all software vulnerability has been attributable to security setting mis-configuration.
Download White Paper
Improving the Security of your Wireless Network with IEEE's 802.11i
by David Miller
802.11 wireless networks are growing in popularity and have been, and still remain, inherently vulnerable to unauthorized access, infiltration and attack from unknown sources. A wireless LAN implementation allows connections from outside its previous physical environment, without physical access to a connection point. This access introduces a threat to confidential information that is often poorly defended, overlooked or simply ignored.
Download White Paper
Standardizing Security Skills
The information security industry has been evolving over the past 10 years, but is still a volatile, confusing, and non-standardized trade and profession. Organizations have continually become more and more dependent upon technology and business processes that leave them vulnerable to compromises.
Download White Paper
A Taxonomy of Malicious Software
Malicious software, often abbreviated with the term “malware”, is software designed to infiltrate or damage a computer system without the owner's informed consent. It can therefore penetrate the system evading controls. The term refers generally to intentional attacks, even if unintentionally faulty code can sometimes cause the same or similar effects.
Download White Paper
History of Cryptography
This article is dedicated to a short history of cryptography, from ancient times to our days, without the ambition of being complete and exhaustive.
Download White Paper
A Guide for Small-Medium Businesses by Jim Hietala
The objective of this paper is to educate both IT staff and senior management for small-medium sized businesses (SMB’s) as to the network security threats that exist. The paper presents a digest of industry best practices for network security, which will hopefully assist SMB’s in setting priorities for securing the perimeter of a typical SMB network.
Download White Paper
Passing the Audit by George Lekatis
Many IT managers and professionals strongly believe that although Sarbanes-Oxley
compliance places a heavy and ongoing burden on IT operations, it also leads to better IT
governance and more effective information security. Unfortunately, this is not true for the
following reasons.
Download White Paper
Federal Communications Commission
Information Security Environment by Marc Noble
COLLEGE POSITION STATEMENT ON ACADEMIC INTEGRITY The College expects all requirements submitted by each student to be original work, produced by the student for the first time while a student at the IRM College.
Download White Paper
DIACAP Workflow Map
Initiate and Plan IA C&A
Download White Paper
FISMA Scoring and How to Make the Grade by Marc Noble
Like any test in school, if you have the answers, you can pass the test. FISMA is not quite that simple but essentially, no one should be getting an ―F‖ or even a ―D‖ for that matter but I will go into some of the insights that I have on why agencies receive grades that they sometimes do not deserve.
Download White Paper
All-in-One CISSP Certification by Shon Harris
Download a free chapter of the new 4th edition of Shon Harris' "All-in-One CISSP Certification" book.
Download White Paper
Attaining True Security
- The 360 Model by Shon Harris
Learn to simplify information security and make
it achievable in any environment. Download this
white paper for practical, step by step guidance
in the planning, execution and optimization of
role activities. Learn to integrate security seamlessly
into business processes and move forward toward
optimal security in a coordinated way.
Download
White Paper
Vulnerability Management - Let's Do It Right This Time! by Shon Harris
Most articles and security professionals talk about the life cycle of vulnerability management. While that is important, it is almost a waste of time until the right foundation and processes are laid out first. This paper discusses vulnerability management from A-Z with extensive tips and recommendations.
Download White Paper
Self Defending Networks - The New Generation of Protection by Shon Harris
Vendors are now building the intelligence of vulnerability detection and correction directly into the fabric of the network. The next generation of networks will be the self defending networks, which will work much more quickly and effectively than our current model of requiring humans to correct the detected vulnerabilities.
Download White Paper
What Is the Difference Between Imported Steel and Imported Program Code?
Norm Beznoska [nbeznoska@myisg.com], Director of Enterprise Security for Infiniti Systems Group discusses the security risks assoicated with sending computer programming tasks off-shore.
Download White Paper
IEEE P1074 - Standard for Developing Project Life Cycle Processes
An organization is at no greater risk than when its technology infrastructure, systems or software are undergoing change. Technology projects are the means by which organizations manage infrastructure and software change. There is a dizzying array of security standards available, but until now, none of them has provided practical guidance in how to integrate security into existing project processes in a way that effectively addressed compelling security concerns.
IEEE P1074-Standard for Developing Project Life Cycle Processes, has been revised to include key information assurance guidance that fills this critical gap. It provides simple, clear and actionable guidance that ensures the proper security activities take place on projects to ensure the appropriate level of security is built into infrastructures, systems and software products.
Download White Paper
802.11i - Has Security Arrived for WiFi? by Dave Odom, CISSP
Dave Odom discusses 802.11i and how it affects security in WLANs.
Download White Paper
VENDOR netForensics, Inc.: Winning the Battle Against Inside Threats: Actionable Strategies for Safeguarding Critical Data
Today's headlines confirm the potential outcomes of ineffective IT security systems. Companies are suffering serious consequences - from stolen customer data and intellectual property to powerful viruses and other malware. Not only are business operations interrupted, but corporate security failures are leading to damaged business reputations, lost revenues, sizeable costs, and often lost jobs for individuals held accountable.
Download White Paper
VENDOR Secure Computing Corporation: Seven Design Requirements for Web 2.0 Threat Prevention
The rapid adoption of Web 2.0 applications has opened up the enterprise to new security threats that are not stopped by the widely deployed Web and messaging security solutions currently in place. Addressing Web 2.0 threats requires a new generation of multi-layered security that builds on traditional security protocols with both inbound and outbound protection, reputation-based filtering, and multi-function security appliances at the network gateway.
Download White Paper
VENDOR Breach Security, Inc.: Why Organizations Need Web Application Firewalls
More and more organizations are using the web to conduct business. Organizations rely on web applications to collect and manage sensitive information from their customers, students, and partners. Hackers are taking advantage of the opportunity this trend presents. Web applications are hackers' new target of choice, as evidenced by the growing number of recent, high-profile attacks.
Download White Paper
VENDOR Symark Software, Inc.: Symark PowerKeeper and PCI DSS Compliance
Increasing theft of credit- and debit-card data led the five major card brands (Visa, MasterCard, American Express, Discover, and JCB) to formulate the Payment Card Industry Data Security Standard (PCI DSS) in 2004. PCI has since become the recognized security standard for cardholder data. Through PCI DSS the card industry aims to restore consumer confidence in payment cards, stem breaches of cardholder data, and head off regulatory action. Yet the cost of compliance, uncertainty about whether penalties would be imposed, and confusion about PCI requirements have kept many merchants unsure about whether or when to undertake such a major initiative.
Download White Paper
VENDOR Sourcefire, Inc.: Sourcefire Vulnerability Research Team
Intrusion prevention system (IPS) vendors often promote how many threats they detect and how quickly they release detection capabilities for new threats. Many organizations blindly assume that these claims are accurate, but without evidence to substantiate them, this faith is misplaced.
Download White Paper
VENDOR Mu Security: The Challenge of Maximizing Service Availability and Security
Spending on security defense-in-depth has not slowed the growth rate of vulnerabilities and exploits. Protocol-based attacks and existing attack surface weaknesses are increasingly targeted to create an entryway to the end systems, servers and valuable customer information stored within a network. Every production network is unique and developers are unable to proactively analyze and test for every system or application setting.
Download White Paper
VENDOR Breach Security, Inc.: The PCI 6.6 Deadline Is Approaching: What You Need to Know
On the surface, the Payment Card Industry Data Security Standard (PCI DSS) reads as a series of "do this, don't do that" absolutes. Yet, in three areas, the standard gives organizations some flexibility in their options. The most critical of these choices lies in Section 6.6.
Download White Paper
|
