| Shon,
and the Logical Security team, continually monitor
the environment and the industry and develop programs
to assist companies in achieving real security
and measurable results. The Logical Security white
papers provide organizations with the knowledge
and strategies vital to managing and maximizing
an enterprise's security.
Security Content Automation Protocol
Once software code is compiled, shrink-wrapped, and shipped to the far ends of the earth, there are only so many approaches to secure that software against exploitation. While a seemingly simple problem to solve, for two decades the vast majority of all software vulnerability has been attributable to security setting mis-configuration.
Download White Paper
Improving the Security of your Wireless Network with IEEE's 802.11i
by David Miller
802.11 wireless networks are growing in popularity and have been, and still remain, inherently vulnerable to unauthorized access, infiltration and attack from unknown sources. A wireless LAN implementation allows connections from outside its previous physical environment, without physical access to a connection point. This access introduces a threat to confidential information that is often poorly defended, overlooked or simply ignored.
Download White Paper
Standardizing Security Skills
The information security industry has been evolving over the past 10 years, but is still a volatile, confusing, and non-standardized trade and profession. Organizations have continually become more and more dependent upon technology and business processes that leave them vulnerable to compromises.
Download White Paper
A Taxonomy of Malicious Software
Malicious software, often abbreviated with the term “malware”, is software designed to infiltrate or damage a computer system without the owner's informed consent. It can therefore penetrate the system evading controls. The term refers generally to intentional attacks, even if unintentionally faulty code can sometimes cause the same or similar effects.
Download White Paper
History of Cryptography
This article is dedicated to a short history of cryptography, from ancient times to our days, without the ambition of being complete and exhaustive.
Download White Paper
A Guide for Small-Medium Businesses by Jim Hietala
The objective of this paper is to educate both IT staff and senior management for small-medium sized businesses (SMB’s) as to the network security threats that exist. The paper presents a digest of industry best practices for network security, which will hopefully assist SMB’s in setting priorities for securing the perimeter of a typical SMB network.
Download White Paper
Passing the Audit by George Lekatis
Many IT managers and professionals strongly believe that although Sarbanes-Oxley
compliance places a heavy and ongoing burden on IT operations, it also leads to better IT
governance and more effective information security. Unfortunately, this is not true for the
following reasons.
Download White Paper
Federal Communications Commission
Information Security Environment by Marc Noble
COLLEGE POSITION STATEMENT ON ACADEMIC INTEGRITY The College expects all requirements submitted by each student to be original work, produced by the student for the first time while a student at the IRM College.
Download White Paper
DIACAP Workflow Map
Initiate and Plan IA C&A
Download White Paper
FISMA Scoring and How to Make the Grade by Marc Noble
Like any test in school, if you have the answers, you can pass the test. FISMA is not quite that simple but essentially, no one should be getting an ―F‖ or even a ―D‖ for that matter but I will go into some of the insights that I have on why agencies receive grades that they sometimes do not deserve.
Download White Paper
All-in-One CISSP Certification by Shon Harris
Download a free chapter of the new 4th edition of Shon Harris' "All-in-One CISSP Certification" book.
Download White Paper
Attaining True Security
- The 360 Model by Shon Harris
Learn to simplify information security and make
it achievable in any environment. Download this
white paper for practical, step by step guidance
in the planning, execution and optimization of
role activities. Learn to integrate security seamlessly
into business processes and move forward toward
optimal security in a coordinated way.
Download
White Paper
Vulnerability Management - Let's Do It Right This Time! by Shon Harris
Most articles and security professionals talk about the life cycle of vulnerability management. While that is important, it is almost a waste of time until the right foundation and processes are laid out first. This paper discusses vulnerability management from A-Z with extensive tips and recommendations.
Download White Paper
Self Defending Networks - The New Generation of Protection by Shon Harris
Vendors are now building the intelligence of vulnerability detection and correction directly into the fabric of the network. The next generation of networks will be the self defending networks, which will work much more quickly and effectively than our current model of requiring humans to correct the detected vulnerabilities.
Download White Paper
What Is the Difference Between Imported Steel and Imported Program Code?
Norm Beznoska [nbeznoska@myisg.com], Director of Enterprise Security for Infiniti Systems Group discusses the security risks assoicated with sending computer programming tasks off-shore.
Download White Paper
IEEE P1074 - Standard for Developing Project Life Cycle Processes
An organization is at no greater risk than when its technology infrastructure, systems or software are undergoing change. Technology projects are the means by which organizations manage infrastructure and software change. There is a dizzying array of security standards available, but until now, none of them has provided practical guidance in how to integrate security into existing project processes in a way that effectively addressed compelling security concerns.
IEEE P1074-Standard for Developing Project Life Cycle Processes, has been revised to include key information assurance guidance that fills this critical gap. It provides simple, clear and actionable guidance that ensures the proper security activities take place on projects to ensure the appropriate level of security is built into infrastructures, systems and software products.
Download White Paper
802.11i - Has Security Arrived for WiFi? by Dave Odom, CISSP
Dave Odom discusses 802.11i and how it affects security in WLANs.
Download White Paper
VENDOR netForensics, Inc.: Winning the Battle Against Inside Threats: Actionable Strategies for Safeguarding Critical Data
Today's headlines confirm the potential outcomes of ineffective IT security systems. Companies are suffering serious consequences - from stolen customer data and intellectual property to powerful viruses and other malware. Not only are business operations interrupted, but corporate security failures are leading to damaged business reputations, lost revenues, sizeable costs, and often lost jobs for individuals held accountable.
Download White Paper
VENDOR Secure Computing Corporation: Seven Design Requirements for Web 2.0 Threat Prevention
The rapid adoption of Web 2.0 applications has opened up the enterprise to new security threats that are not stopped by the widely deployed Web and messaging security solutions currently in place. Addressing Web 2.0 threats requires a new generation of multi-layered security that builds on traditional security protocols with both inbound and outbound protection, reputation-based filtering, and multi-function security appliances at the network gateway.
Download White Paper
VENDOR Breach Security, Inc.: Why Organizations Need Web Application Firewalls
More and more organizations are using the web to conduct business. Organizations rely on web applications to collect and manage sensitive information from their customers, students, and partners. Hackers are taking advantage of the opportunity this trend presents. Web applications are hackers' new target of choice, as evidenced by the growing number of recent, high-profile attacks.
Download White Paper
VENDOR Symark Software, Inc.: Symark PowerKeeper and PCI DSS Compliance
Increasing theft of credit- and debit-card data led the five major card brands (Visa, MasterCard, American Express, Discover, and JCB) to formulate the Payment Card Industry Data Security Standard (PCI DSS) in 2004. PCI has since become the recognized security standard for cardholder data. Through PCI DSS the card industry aims to restore consumer confidence in payment cards, stem breaches of cardholder data, and head off regulatory action. Yet the cost of compliance, uncertainty about whether penalties would be imposed, and confusion about PCI requirements have kept many merchants unsure about whether or when to undertake such a major initiative.
Download White Paper
VENDOR Sourcefire, Inc.: Sourcefire Vulnerability Research Team
Intrusion prevention system (IPS) vendors often promote how many threats they detect and how quickly they release detection capabilities for new threats. Many organizations blindly assume that these claims are accurate, but without evidence to substantiate them, this faith is misplaced.
Download White Paper
VENDOR Mu Security: The Challenge of Maximizing Service Availability and Security
Spending on security defense-in-depth has not slowed the growth rate of vulnerabilities and exploits. Protocol-based attacks and existing attack surface weaknesses are increasingly targeted to create an entryway to the end systems, servers and valuable customer information stored within a network. Every production network is unique and developers are unable to proactively analyze and test for every system or application setting.
Download White Paper
VENDOR Breach Security, Inc.: The PCI 6.6 Deadline Is Approaching: What You Need to Know
On the surface, the Payment Card Industry Data Security Standard (PCI DSS) reads as a series of "do this, don't do that" absolutes. Yet, in three areas, the standard gives organizations some flexibility in their options. The most critical of these choices lies in Section 6.6.
Download White Paper
|
