• CISSP for Dummies

    by Ben Rothke on September 14, 2012

    The CISSP is the most popular and arguably most valuable information security certification. While SANS GIAC certifications are technically more intensive, the CISSP is the 900-pound gorilla of information security certifications. For those looking for a CISSP review guide, CISSP for Dummies, despite its title, is a worthwhile reference. The book provides a thorough overview of the (ISC) ² Common…

  • New Amendments to the Vermont Breach Notification Law

    by Stephen Wu on September 10, 2012

    Vermont recently amended its security breach notification law with a number of changes. Included in the amendment are changes to the definition of "security breach," guidance on determining whether a breach has occurred, a 45-day deadline for notification, and a requirement of notifying the attorney general of a breach. The legislation, H.254, became Act 109 following the governor's signature. For…

  • Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems

    by Ben Rothke on September 4, 2012

    The Stuxnet computer worm of mid-2010 was a huge wake-up call for the energy industry. It also catapulted SCADA from an obscure term to the forefront of industrial security. But nearly two years later, it is unclear if the energy sector is adequately prepared for sophisticated information security threats. For those looking to get a handle on how to effectively secure critical infrastructure…

  • Is Application Whitelisting the Answer for a More Secure Critical Infrastructure?

    by Gib Sorebo on September 4, 2012

    For the last couple years, as anti-virus has continued to fail us with a detection rate often in the single digits, many have suggested that a better approach would be to not focus on the bad but on the good. The objective would be to identify what normal is and alert on everything that is not normal. While that is still a tall task, it is often an easier one than to identify every possible piece…

  • Preview - Digital Forensics for Handheld Devices

    by Ben Rothke on August 30, 2012

    Today’s handheld device is the mainframe of years past. The raw computing power and stored memory found in a BlackBerry, iPhone, digital camera or GPS dwarfs that of computers from years ago. With billions of such devices in use, it is imperative systems administrator, forensics investigators and others know how to ensure that the information contained in them, can be legally preserved if needed. …

  • Preview - The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk

    by Ben Rothke on August 27, 2012

    Computer security incidents are not a matter of if; rather when. The function of having an incident response (IR) plan is to provide guidance to staff, both technical staff and management, on how to quickly and effectively recovery from the information security incidents. An IR plan is also needed to ensure staff responds in a systematic manner to incidents, rather than everyone doing things in an…

  • Illustrated Guide to Home Forensic Science Experiments: All Lab, No Lecture

    by Ben Rothke on August 22, 2012

    While the Illustrated Guide to Home Forensic Science Experiments: All Lab, No Lecture is not a pure play information security book, it’s likely that anyone interested in information security will find this a fascinating read. The book is written for anyone, from responsible teenagers to adults who want to learn about forensic science by doing real, hands-on laboratory work. While the tools for…

  • Smart Cars and eDiscovery

    by Stephen Wu on August 16, 2012

    I heard an interesting radio show on NPR the other day. Auto manufacturers are rolling out the next generation of cars that try to implement the lessons the phone manufacturers learned from Apple, Google, and others. Let's put screens on cars, and give them apps, they say. Let's do for the car what iOS and Android did for phones and tablets. Cars dashboards should have apps, just like any other…

  • Best Practices for the Destruction of Digital Data

    by Ben Rothke on August 15, 2012

    It is often said that nothing is as simple as it seems. Take for instance deleting data on your storage device. For most people, all they think they need to do is delete the file. How mistaken they are. As my friend Ryk Edelstein and his co-author Dr. Gordon Hughes detail in Best Practices for the Destruction of Digital Data, it is often not that simple. The authors write that the ability to…

  • Ally's Picks - Garage Sale Forensics

    by Ally Lorentson Dunn on August 14, 2012

    One of the most interesting sessions I attended at the conference this year was Mike Wright's presentation on the proper way to destroy your devices. In this session Mike outlines how he was able to obtain dozens of data storage devices from garage sales and thrift stores and upon looking at what was left on them, found a shocking amount of information. His favorite methods for properly disposing…

This document was retrieved from on Tue, 01 Sep 2015 22:25:13 -0400.
© 2015 EMC Corporation. All rights reserved.