Interested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
|
|
- Ralf Melton
- 6 years ago
- Views:
Transcription
1 Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without express written permission. Interested in learning more? Check out the list of upcoming events offering "Security Essentials Bootcamp Style (Security 401)" at
2 Network Attack An InfoSec Topology Required Michael A. Bumpus December 30, 2000 High profile figures in the Information Security community have raised an interesting concept to describe network attack trends. They reveal that there have been three waves of network attack: physical, syntactic, and semantic. Identifying these attack trends helps set the conceptual framework for follow-on analysis, resulting in an increased level of professional understanding within InfoSec circles. Developing a profound knowledge of network attacks and other related aspects of InfoSec should help practitioners to better address today s threats and vulnerabilities (risk) and improve decision support. Key The alarming fingerprint situation, = AF19 however, FA27 2F94 is 998D that InfoSec FDB5 experts DE3D F8B5 are poorly 06E4 postured A169 4E46 to defend corporate and government resources against the current (syntactic) attack climate. As we progress further into the third wave era, the security situation worsens. Semantic attacks will force us to look beyond chic, cool, and expensive technology solutions to achieve only mediocre success. Security s scorecard in the war against network attacks means that we must also carefully address another aspect of security, the complex world of human factors also known as the soft side of information and network security. Optimistically, our actions to make appreciable strides in security requires researchers, vendors, management and practitioners to gain a deeper understanding of numerous security elements and to understand the interconnected nature of networks, technology, the use of technology, and the human interface an InfoSec topology. Attack trends Libicki s essay The Mesh and the Net discusses the future of military warfare from an information warfare perspective. 1 He codifies an approach to deal with network attack trends, and develops profiles according to the targets of such attacks. Cryptologist Bruce Schneier takes Libicki s three-wave scenario and explains them from an information security perspective. 2 The initial, or physical, wave dealt with attacks against targets such as electronics, computers, switches, databases, and power sources. This target set can be characterized as generally easy problems with which to contend, and normally of limited impact. This attack profile was mitigated by the use of distributed protocols and architectures, which created redundancies to prevent single critical nodes or points of failure. The next phase, syntactic, employs attacks against a different target, that of the operating logic of computers and networks. This type of attack has been occurring for several years and continues today: against software vulnerabilities, cryptographic algorithms, protocols, and denial of service vulnerabilities. This category is a tougher problem set than the previous one. Significant expenditures are spent on efforts to combat this wave Key which fingerprint includes a = distinct AF19 FA27 reliance 2F94 upon 998D technology FDB5 DE3D such F8B5 as firewalls, 06E4 A169 intrusion 4E46 detection, and anti-virus scanning software.
3 The third and emerging type is called the semantic wave. Schneier shows that targets in this category are no longer electronic devices, but instead the human interface. The effective response to this wave is less obvious than the first and second waves. In addition to continuing to devise technical expertise to defend against syntactic attacks, InfoSec professionals must also address the human dimension and know how people assign meaning to content. Responses reflect serious disconnect The overwhelming response to Schneier s The Third Wave Of Network Attacks article appear to miss the mark by dealing with only parts of the problem. Based on comments at Key Slashdot.com, fingerprint most = AF19 respondents FA27 2F94 failed 998D to understand FDB5 DE3D the F8B5 basic 06E4 premise A169 3 as 4E46 they focused on techniques or methods of attacks, vice the targets of attacks. Despite several assertions to the contrary, semantic does not equal social engineering nor does it solely mean insider abuse. A credible case can be made that social engineering and insider abuse certainly are elements of semantic attacks, but there are numerous other considerations as shown in the initial network attack topology below. Type Target Vulnerability Method Results Examples Mitigation Physical trunk wires, computers, electronics, switches, databases, power Design Procedures Security void Physical Electronic - malicious code: virus, Trojans, worms Limited: - single/few facility, computer, networks Laptop theft Physical, technology focus Redundancy, Distributed protocols Syntactic Semantic s/w products, protocols, crypto algorithms, operating logic -computers -networks Human Poor design Poor testing Accountability Electronic - malicious code: virus, Trojans, worms Widespread: - many different sites, computers, networks Morris worm DOS/DDOS Lovebug Melissa Mitnick Information - databases - raw - analyzed - reported - in-transit Human - trust level - naïveté - analysis threshold Information - access - data classification Social engineering Dumpster diving Competitive Intelligence Disinformation Key fingerprint = AF19 FA27 2F94 Hoax, 998D scams FDB5 Insider DE3D abuse F8B5 06E4 Cyber A169 4E46 - policy Data diddling Widespread or significant: - High $$$ - Life threatening Gain access Innaccurate intel Fraud Research, knowledge Emulex Hoax Web defacements MidEast conflict Techno focus - Intrusion detection - Incident response - Auditing - Passwords - biometrics - policy - - anti virus scanning - Firewalls Human/computer interface Human focused - situational awareness - education data handling -Intent
4 Subversion Espionage InfoWar False information Perception mgmt, Mass manipulation
5
6 In addition to the Slashdot responses, a McClure and Scambray weekly security commentary discuss the idea of mass manipulation and America s presidential race. They correctly comprehend the human aspect, quote Schneier s Third Wave article, and further assert, problems with misinformation aren t going to be fixed by technological magic wands because they target people, not code. 4 This commentary however, then jumps to the conclusion that policy is the answer. Convenient to use the network attack scenario to discuss policy, but there likely needs to be a more holistic approach, as situational awareness and security training are two other answers which quickly come to mind. To state the obvious, different InfoSec job functions yield different professional points of Key view. fingerprint Individuals = AF19 working FA27 intrusion 2F94 998D detection FDB5 issues DE3D focus F8B5 on technical 06E4 A169 aspects 4E46 to determine the answers to what, how, and when types of questions concerning unauthorized corporate intrusions, while intelligence analysts strive to determine the who, where, and why questions when looking at foreign penetration attempts. Meanwhile, law enforcement officials gather data on all categories to better apprehend perpetrators. There is a lack of, and therefore the opportunity for, social scientists to apply human factor research to the current network security problem set. The important point here is that it takes a convergence of technology and human factor perspectives to achieve InfoSec success. InfoSec soul searching As Schneier indicates, the InfoSec community is ill-prepared for such convergence. The SANS website also reflects a technology approach to InfoSec. The Northcutt Interview Whether Certification Matters and the About the SANS Institute page clearly focus on technical issues: the greatest threat to information security is the lack of people with technical security skills. 5 If one believes that SANS is an outstanding effort to reach consensus within the InfoSec community, then there is a strong reflection of the current InfoSec climate as being technology-oriented. In early November 2000, the topics covered by Level One security papers revealed that there were 26 topic areas with a total of 169 security research papers. 6 A quick view of the 26 topic areas to determine the number of technical versus non-technical topics led to an interesting imbalance as shown below:
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50 A snapshot of the Information Reading Room articles reveals that 89% of the 169 papers were Technical in nature, while a mere 11% appeared by title to be Non-technical. Where we re heading e a profitable future for security vendors and consultants seeking solely technical solutions to information security problems. The SANS Security Alert for December 2000 s main article Expert predictions for Security Trends in 2001 includes several experts statements of continuing high levels of security expenditures. 7 However, Forrester Research takes a contrary view of increasing security budgets, stating Key that this fingerprint doesn t = necessarily AF19 FA27 equate 2F94 to 998D good FDB5 judgment DE3D or F8B5 effective 06E4 use A169 of company 4E46 resources. Despite estimates that security spending in the U.S. will grow by 300 percent through 2004, Forrester is concerned that much of this will be wasted effort. "Security managers aren't told what to secure so they oversecure business managers don't want to spend the time or make the investment in order to come up with good textured security they just want to tell the other guy to make it safe," according to Frank Prince, a senior analyst at Forrester. 8 The information security industry is unlikely to create silver bullets to completely safeguard e-commerce requirements. Imperfect technology is likely to reflect the capabilities of the fallible humans who design and maintain these technologies. 9 The key obstacle to overcome is that believing technology is the solution to the unreliability of human beings. Our high-level approach must blend human and technological considerations to improve security. One of the initial steps in this direction is for InfoSec professionals to develop an understanding of a comprehensive InfoSec topology. Endnotes: 1 Libicki, Martin. The Mesh and the Net Speculations on Armed Conflict In an Age of Free Silicon. Chapter 6, paragraph 6. March URL: (26 Dec 2000). 2 Schneier, Bruce. Semantic Attacks: The Third Wave of Network Attacks. October 15, URL: (22 Dec 2000). 3 Swedish Lemon Angels. October 6, URL: (23 Dec 2000). 4 Schneier, Bruce. Secrets and Lies. Wiley Computer Publishing, p. 7.
51 5 McClure, Stuart and Scambray, Joel. Mass Manipulation Isn t Reserved Just For Presidential Elections: IT World Be Warned. November 23, URL: (19 Dec 2000) 6 Northcutt, Stephen. Northcutt Interview Whether Certification Matters. URL: (15 Nov 2000). 7 SANS Institute. Information Security Reading Room. Version URL: (4 Nov 2000). 8 SANS Institute. Expert Predictions for Security Trends in December URL: (15 Nov 2000). Key 9 Price, fingerprint Frank. Increased = AF19 FA27 Security 2F94 Spending 998D FDB5 Wasted DE3D November F8B5 06E A169 URL: 4E46 (2 Nov 2000). 10 Dumas, Lloyd. Lethal Arrogance. St. Martin s Press, p.12.
52 Last Updated: December 21st, 2017 Upcoming Training SANS Security East 2018 New Orleans, LA Jan 08, Jan 13, 2018 Live Event Northern VA Winter - Reston 2018 Reston, VA Jan 15, Jan 20, 2018 Live Event SANS Amsterdam January 2018 Amsterdam, Netherlands Jan 15, Jan 20, 2018 Live Event Mentor Session - SEC401 Minneapolis, MN Jan 16, Feb 27, 2018 Mentor Las Vegas SEC401: Security Essentials Bootcamp Style Las Vegas, NV Jan 28, Feb 02, 2018 vlive SANS Las Vegas 2018 Las Vegas, NV Jan 28, Feb 02, 2018 Live Event Community SANS Chantilly SEC401 Chantilly, VA Jan 29, Feb 03, 2018 Community SANS SANS Miami 2018 Miami, FL Jan 29, Feb 03, 2018 Live Event SANS Scottsdale 2018 Scottsdale, AZ Feb 05, Feb 10, 2018 Live Event SANS London February 2018 London, United Feb 05, Feb 10, 2018 Live Event Kingdom Community SANS Madison SEC401 Madison, WI Feb 05, Feb 10, 2018 Community SANS Southern California- Anaheim SEC401: Security Anaheim, CA Feb 12, Feb 17, 2018 vlive Essentials Bootcamp Style SANS Southern California- Anaheim 2018 Anaheim, CA Feb 12, Feb 17, 2018 Live Event Community SANS Columbia SEC401 Columbia, MD Feb 12, Feb 17, 2018 Community SANS SANS Dallas 2018 Dallas, TX Feb 19, Feb 24, 2018 Live Event SANS Secure Japan 2018 Tokyo, Japan Feb 19, Mar 03, 2018 Live Event SANS New York City Winter 2018 New York, NY Feb 26, Mar 03, 2018 Live Event SANS London March 2018 London, United Mar 05, Mar 10, 2018 Live Event Kingdom Mentor Session - SEC401 Vancouver, BC Mar 06, May 15, 2018 Mentor Mentor Session - SEC401 Birmingham, AL Mar 06, May 08, 2018 Mentor SANS Paris March 2018 Paris, France Mar 12, Mar 17, 2018 Live Event SANS Secure Singapore 2018 Singapore, Singapore Mar 12, Mar 24, 2018 Live Event SANS Secure Osaka 2018 Osaka, Japan Mar 12, Mar 17, 2018 Live Event San Francisco Spring SEC401: Security Essentials San Francisco, CA Mar 12, Mar 17, 2018 vlive Bootcamp Style SANS San Francisco Spring 2018 San Francisco, CA Mar 12, Mar 17, 2018 Live Event SANS Northern VA Spring - Tysons 2018 McLean, VA Mar 17, Mar 24, 2018 Live Event SANS Pen Test Austin 2018 Austin, TX Mar 19, Mar 24, 2018 Live Event SANS Munich March 2018 Munich, Germany Mar 19, Mar 24, 2018 Live Event SANS Secure Canberra 2018 Canberra, Australia Mar 19, Mar 24, 2018 Live Event Mentor Session - SEC401 Studio City, CA Mar 20, May 01, 2018 Mentor Mentor Session - AW SEC401 Mayfield Village, OH Mar 21, May 23, 2018 Mentor
Interested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationGlobal Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationGlobal Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationImplementing a Successful Security Assessment Process
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Implementing
More informationGlobal Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationAS/400 & iseries: A Comprehensive Guide to Setting System Values to Common Best Practice Securit
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. AS/400
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more about security? Securing e-commerce Web Sites. Copyright SANS Institute Author Retains Full Rights
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Securing
More informationInterested in learning more about security? SANS Windows Security Training. Copyright SANS Institute Author Retains Full Rights
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. SANS
More informationThe Security Mechanism for IEEE Wireless Networks
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. The
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more about security? The Achilles Heal of DNS. Copyright SANS Institute Author Retains Full Rights
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. The
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more about security? The OSI Model: An Overview. Copyright SANS Institute Author Retains Full Rights
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. The
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationSANS Vendor Events. SANS offers a variety of events which bring you in touch with the highly qualified SANS community.
SANS Vendor Events SANS offers a variety of events which bring you in touch with the highly qualified SANS community. SANS National Events over 1200 profession IT Security attendees and over 45 SANS classes
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationImplementing a Successful Security Assessment Process
Interested in learning more about cyber security training? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more about cyber security training? Securing e-commerce Web Sites. Copyright SANS Institute Author Retains Full Rights
Interested in learning more about cyber security training? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written
More informationThe Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks
The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks Mark Nicolett Notes accompany this presentation. Please select Notes Page view. These materials
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationUnderstanding and Implementing Microsoft Terminal Services & Citrix MetaFrame
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Understanding
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More information716 West Ave Austin, TX USA
Fundamentals of Computer and Internet Fraud GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime?... 2 Computer Fraud
More informationInterested in learning more about cyber security training? SANS Windows Security Training. Copyright SANS Institute Author Retains Full Rights
Interested in learning more about cyber security training? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationCyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security
CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships About SANS The SANS (SysAdmin, Audit, Network, Security) Institute Established in 1989 Cooperative research
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationSANS/REN-ISAC Partnership
SANS/REN-ISAC Partnership Aggregate Buy Program www.sans.org/partnership/education SANS s mission is to ensure that info security practitioners (InfoSec) in critical organization have the appropriate skills
More informationPONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY
PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on
More informationSANS Vendor Offerings Detail
SANS Vendor Offerings Detail» About SANS» Conference Events» Media Products SANS Vendor Programs Conference Events Booths and Tabletops events Speaking Opportunities Sponsorship Programs Media Products
More informationAS/400 & iseries: A Comprehensive Guide to Setting System Values to Common Best Practice Securit
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. AS/400
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationSix Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder data
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Six
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationHybrid IT for SMBs. HPE addressing SMB and channel partner Hybrid IT demands ANALYST ANURAG AGRAWAL REPORT : HPE. October 2018
V REPORT : HPE Hybrid IT for SMBs HPE addressing SMB and channel partner Hybrid IT demands October 2018 ANALYST ANURAG AGRAWAL Data You Can Rely On Analysis You Can Act Upon HPE addressing SMB and partner
More informationSANS Vendor Offerings Detail
SANS Vendor Offerings Detail After working with SANS for a few years now, the audience at SANS events and webinars continues to represent some of the most forward thinking IT security practitioners looking
More information5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief
5 Trends That Will Impact Your IT Planning in 2012 Layered Security Executive Brief a QuinStreet Excutive Brief. 2011 Layered Security Many of the IT trends that your organization will tackle in 2012 aren
More informationACHIEVING FIFTH GENERATION CYBER SECURITY
ACHIEVING FIFTH GENERATION CYBER SECURITY A Survey Research Report of IT and Security Professionals MARCH 2018 INTRODUCTION The pursuit of the highest level of cyber security is a top priority for IT and
More informationMastering The Endpoint
Organizations Find Value In Integrated Suites GET STARTED Overview In the face of constantly evolving threat vectors, IT security decision makers struggle to manage endpoint security effectively. More
More informationWindows XP and Full Raw Sockets: A New Security Concern from Home-based PC's or a Desirable N
Interested in learning more about cyber security training? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationTHE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE
THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE International Maritime Organization Regulations IMO has given shipowners and managers until 2021 to incorporate cyber risk management into
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationCompTIA Security Research Study Trends and Observations on Organizational Security. Carol Balkcom, Product Manager, Security+
CompTIA Security Research Study 2007 Trends and Observations on Organizational Security Carol Balkcom, Product Manager, Security+ Goals of this session To share some trends and observations related to
More informationThe Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless
The Republic of Korea Executive Summary Today, cyberspace is a new horizon with endless possibilities, offering unprecedented economic and social benefits. However, on account of its open, anonymous and
More informationnetforensics - A Security Information Management Solution
Interested in learning more about cyber security training? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written
More informationThe fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS
The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS WELCOME SANS Institute, in collaboration with Augusta Warrior Project and Augusta University, is presenting
More informationSANS/REN-ISAC PARTNERSHIP AGGREGATE BUY PROGRAM
SANS/REN-ISAC PARTNERSHIP AGGREGATE BUY PROGRAM www.sans.org/partnership/education SANS s mission is to ensure that InfoSec practitioners in critical organizations have the skills needed to protect national
More informationMake Digital Real Execute Smart. We engineer meaningful technology solutions to help businesses and societies flourish
Make Digital Real Execute Smart We engineer meaningful technology solutions to help businesses and societies flourish FAST FACTS Mindtree Minds Annual revenue Active Clients Kalinga Global Learning Center
More informationHow NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity
How NSFOCUS Protected the G20 Summit Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity SPONSORED BY Rosefelt is responsible for developing NSFOCUS threat intelligence and web
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationThe fast track to top skills and top jobs in cyber. Guaranteed.
The fast track to top skills and top jobs in cyber. Guaranteed. NO COST TO SELECTED PARTICIPANTS WELCOME The SANS Institute is presenting the SANS CyberTalent Immersion Academy for Women to encourage women
More informationCybersecurity Survey Results
Cybersecurity Survey Results 4 November 2015 DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
More informationInterested in learning more about cyber security training? The Achilles Heal of DNS. Copyright SANS Institute Author Retains Full Rights
Interested in learning more about cyber security training? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationUse offense to inform defense. Find flaws before the bad guys do.
Use offense to inform defense. Find flaws before the bad guys do. Copyright SANS Institute Author Retains Full Rights This paper is from the SANS Penetration Testing site. Reposting is not permited without
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationE-guide Getting your CISSP Certification
Getting your CISSP Certification Intro to the 10 CISSP domains of the Common Body of Knowledge : The Security Professional (CISSP) is an information security certification that was developed by the International
More informationSecurity in a Converging IT/OT World
Security in a Converging IT/OT World Introduction Around the winter solstice, darkness comes early to the citizens of Ukraine. On December 23, 2015, it came a little earlier than normal. In mid-afternoon,
More informationFeatured Articles II Security Research and Development Research and Development of Advanced Security Technology
364 Hitachi Review Vol. 65 (2016), No. 8 Featured Articles II Security Research and Development Research and Development of Advanced Security Technology Tadashi Kaji, Ph.D. OVERVIEW: The damage done by
More informationMake Digital Real Execute Smart. We engineer meaningful technology solutions to help businesses and societies flourish
Make Digital Real Execute Smart We engineer meaningful technology solutions to help businesses and societies flourish FAST FACTS Mindtree Minds Annual Revenue Active Clients Kalinga Global Learning Center
More informationInterested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationSecurity in India: Enabling a New Connected Era
White Paper Security in India: Enabling a New Connected Era India s economy is growing rapidly, and the country is expanding its network infrastructure to support digitization. India s leapfrogging mobile
More informationAwareness and training programs OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB
Awareness and training programs OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB 2 OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB In today s digital world, safeguarding data, intellectual property, financial
More informationThe fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS
The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS WELCOME SANS Institute, in collaboration with RP6, is presenting the SANS VetSuccess CyberTalent Immersion
More informationThe fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS
The fast track to top skills and top jobs in cyber. Guaranteed. FREE TO TRANSITIONING VETERANS WELCOME SANS Institute is presenting the SANS VetSuccess Immersion Academy in the DC Metro area. For transitioning
More informationIBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.
IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats. Enhancing cost to serve and pricing maturity Keeping up with quickly evolving ` Internet threats
More informationDHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017
DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.
More informationThe New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments
The New Normal Unique Challenges When Monitoring Hybrid Cloud Environments The Evolving Cybersecurity Landscape Every day, the cybersecurity landscape is expanding around us. Each new device connected
More informationThe five questions I am being asked by National Policy Makers and Utility CEOs; My Best Answers; And Where the Questions Don't Have Answers
The five questions I am being asked by National Policy Makers and Utility CEOs; My Best Answers; And Where the Questions Don't Have Answers The 7th Annual North American SCADA and Process Control Summit
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationPerspectives on Threat
Commerce Threats Perspectives on Threat Higher level approach Define and characterize the threat rather list the what if scenarios Where to find accurate information on information Part I: Business Traditional
More informationThe security challenge in a mobile world
The security challenge in a mobile world Contents Executive summary 2 Executive summary 3 Controlling devices and data from the cloud 4 Managing mobile devices - Overview - How it works with MDM - Scenario
More informationInternet Security Threat Report Volume XIII. Patrick Martin Senior Product Manager Symantec Security Response October, 2008
Internet Security Threat Report Volume XIII Patrick Martin Senior Product Manager Symantec Security Response October, 2008 Agenda 1 ISTR XIII Important Facts 2 ISTR XIII Key Messages 3 ISTR XIII Key Facts
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationHOLY ANGEL UNIVERSITY COLLEGE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY CYBER SECURITY COURSE SYLLABUS
HOLY ANGEL UNIVERSITY LLEGE OF INFORMATION AND MMUNICATIONS TECHNOLOGY CYBER SECURITY URSE SYLLABUS Course Code : 6CSEC Prerequisite : 6MPRO2L Course Credit : 3 Units (2 hours LEC,3 hours LAB) Year Level:
More informationWireless e-business Security. Lothar Vigelandzoon
Wireless e-business Security Lothar Vigelandzoon E-business evolution Increased business drivers for cost efficiency & market penetration Increased Importance of brand reputation Distance between IT and
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationVulnerability Management Trends In APAC
GET STARTED Introduction In the age of the customer, the threat landscape is constantly evolving. Attackers are out to steal your company s data, and the ever-expanding number of devices and technologies
More information