SANS Sec Lab
- ISE/M 6100 – Security Project Practicum
- Physical Security
Physical access control is just as important to your information security architecture as password policies and firewalls. Protecting your critical infrastructure with physical security can be a daunt …
- Android Security Workaround
This is a stopgap to change the default behavior of Android in light of the stagefright vulnerability.
- Can you build a Defense in Depth architecture without an architect?
We interviewed a number of GIAC Advisory
Board members who have been working as architects for major
enterprises as to what they look for an architecture position.
- Will the Ph.D. become the Cybersecurity Terminal Degree?
The percent of security job pastings asking for a Master's level degree is increasing. How much longer will it still be the terminal degree for the field.
- Denial of Service
As we say in cyber warfare, a denial-of-service attack is an effort to make your opponents' information resources less valuable to them. Of confidentiality, integrity, and availability, this is p …
- Stephen Northcutt's Emerging Trends in IT and Security 2013 – 2015
An emerging trends analysis and a stab at predictions for IT and security coming 2013-2015. Last updated May 2014.
- Two factor authentication for online banking
Eight or nine years ago, I was asking about banks that support two factor authentication. At that time I found eTrade bank and Charles Schwab and not much more. SANS NewsBites carried a story about HS …
- Daniel B. Cid, Sucuri
Daniel Cid from Sucuri has agreed to a thought leadership interview. We hope that you will enjoy his thoughts and impressions and we certainly thank him for his time.
- Dominique Karg, AlienVault
Dominique Karg from AlienVault has agreed to a thought leadership interview. We hope that you will enjoy his thoughts and impressions and we certainly thank him for his time.
- The 6 Categories of Critical Log Information
This report is based on work done by Marcus Ranum, Tina Bird, Chris Brenton and Anton Chuvakin. Version 3 was created by Peter Czanik from BalaBit. Version 3.01's technical review was done by mem …
- Role Based Access Control to Achieve Defense in Depth
Role-based access control (RBAC) is an access control method that organizations implement to ensure that access to data is performed by authorized users, and enterprise based RBAC is accomplished with …
- Security Convergence and The Uniform Method of Protection to Achieve Defense in Depth
Security convergence is an interesting trend that has been picking up speed heading into 2008. We are running network information that was formerly analog over our digital data networks, we are conver …
- Hybrid Threats
Though it is certainly true that malware has evolved a lot in this decade, the tools in use today are more similar than different from the attacker tools of ten years ago. The command and control is b …
- Lance Spitzner, Securing The Human, founder
Lance Spitzner of Honeynet and Security The Human fame has agreed to a Thought Leadership interview and we certainly thank him for his time.
- Security Predictions 2013-2014: Emerging Trends in IT and Security
This is an effort to chronicle what a number of really smart people believe the state of the information security industry to be, and where we are going. A lot of the emphasis is on security threats, …
- Separation of Duties in Information Technology
Several authors join Stephen Northcutt to examine the special considerations for separation of duties in all organizations with regard to their information technology.
- Stephen Northcutt's Security Predictions 2012 and 2013
Stephen Northcutt identifies emerging trends in information security for the 2012, 2013 timeframe.
- The Certificate Signing Trust Model Under Stress As An Industrial Security Model
A common part of the security model for industrial IT applications is to never accept or run a program or driver that has not been signed by the appropriate publisher. However, while it appears to be …
- Bill Pfeifer, Juniper Networks
Bill Pfeifer is a Product Line Engineer at Juniper Networks supporting security software and data center firewalls. He has been in the IT field for 15 years, including stints at an Army tank base, a t …