Adventures in Security
Security Papers
A book by Tom Olzak









Just Enough Security:
Information Security for Business Managers

The Just Enough Security (JES) approach to
information assurance is based on the belief
that no one safeguard can completely protect
your critical information assets from a highly
motivated threat.  The JES security model
combines multiple layers of safeguards with
simple risk management tools to help you
achieve both the security of your information
assets and a return on your security
investment.  

Paperback Edition  

eBook Edition
Security Papers and Articles
The purpose of the papers on this site are to educate business managers in the
essentials of Information Security.  If you would like to submit a paper for
consideration, please send it to Tom@adventuresinsecurity.com.
Web Application Security - Buffer Overflows: Are you really at risk?
(Posted July 29, 2006)
Fundamentals of Storage Media Sanitation (Posted June 3, 2006)
Spreadsheet Assurance (Posted May 8, 2006)
Strengthen Data Protection with Network Access Controls (Posted
April 29, 2006)
Build an Effective Security Awareness Program (Posted April 8,
2006)
DNS Cache Poisoning: Definition and Prevention (Posted March
16, 2006
A Practical Approach to Threat Modeling (Posted March 4, 2006)
Internet Unified Identity Management (Posted February 26, 2006)
eDiscovery Challenges (Posted February 18, 2006)
Data Storage Security (Posted February 6, 2006)
Securing Instant Messaging (Posted January 15, 2006)
End User Device Security (Posted December 12, 2005)
Wireless Handheld Device Security (Posted December 12, 2005)
Keystroke Dynamics: Low Impact Biometric Verification (Posted
September 23, 2006)
Astalavista IT Security Member Area
<
Protect your organization from steganographic data theft (Posted
February 12, 2007)
Getting to Secure Internet Identity Management (Posted February
12, 2007)
Web Application Security - Buffer Overflows: Are you really at risk?
(Posted July 29, 2006)
Fundamentals of Storage Media Sanitation (Posted June 3, 2006)
Spreadsheet Assurance (Posted May 8, 2006)
Strengthen Data Protection with Network Access Controls (Posted
April 29, 2006)
Build an Effective Security Awareness Program (Posted April 8,
2006)
DNS Cache Poisoning: Definition and Prevention (Posted March
16, 2006
A Practical Approach to Threat Modeling (Posted March 4, 2006)
Internet Unified Identity Management (Posted February 26, 2006)
eDiscovery Challenges (Posted February 18, 2006)
Data Storage Security (Posted February 6, 2006)
Securing Instant Messaging (Posted January 15, 2006)
End User Device Security (Posted December 12, 2005)
Wireless Handheld Device Security (Posted December 12, 2005)
Keystroke Dynamics: Low Impact Biometric Verification (Posted
September 23, 2006)
Protect your organization from steganographic data theft (Posted
February 12, 2007)
Getting to Secure Internet Identity Management (Posted February
12, 2007)
Desktop Application Virtualization and Application Streaming:
Function and Security Benefits (Posted August 30, 2007)
Adventures in Security Podcast
Adventures in Security Blog
Web Application Security - Buffer Overflows: Are you really at risk?
(Posted July 29, 2006)
Fundamentals of Storage Media Sanitation (Posted June 3, 2006)
Spreadsheet Assurance (Posted May 8, 2006)
Strengthen Data Protection with Network Access Controls (Posted
April 29, 2006)
Build an Effective Security Awareness Program (Posted April 8,
2006)
DNS Cache Poisoning: Definition and Prevention (Posted March
16, 2006
A Practical Approach to Threat Modeling (Posted March 4, 2006)
Internet Unified Identity Management (Posted February 26, 2006)
eDiscovery Challenges (Posted February 18, 2006)
Data Storage Security (Posted February 6, 2006)
Securing Instant Messaging (Posted January 15, 2006)
End User Device Security (Posted December 12, 2005)
Wireless Handheld Device Security (Posted December 12, 2005)
Keystroke Dynamics: Low Impact Biometric Verification (Posted
September 23, 2006)
Protect your organization from steganographic data theft (Posted
February 12, 2007)
Getting to Secure Internet Identity Management (Posted February
12, 2007)
Web Application Security - Buffer Overflows: Are you really at risk?
(Posted July 29, 2006)
Fundamentals of Storage Media Sanitation (Posted June 3, 2006)
Spreadsheet Assurance (Posted May 8, 2006)
Strengthen Data Protection with Network Access Controls (Posted
April 29, 2006)
Build an Effective Security Awareness Program (Posted April 8,
2006)
DNS Cache Poisoning: Definition and Prevention (Posted March
16, 2006
A Practical Approach to Threat Modeling (Posted March 4, 2006)
Internet Unified Identity Management (Posted February 26, 2006)
eDiscovery Challenges (Posted February 18, 2006)
Data Storage Security (Posted February 6, 2006)
Securing Instant Messaging (Posted January 15, 2006)
End User Device Security (Posted December 12, 2005)
Wireless Handheld Device Security (Posted December 12, 2005)
Keystroke Dynamics: Low Impact Biometric Verification (Posted
September 23, 2006)
Protect your organization from steganographic data theft (Posted
February 12, 2007)
Getting to Secure Internet Identity Management (Posted February
12, 2007)
Desktop Application Virtualization and Application Streaming:
Function and Security Benefits (Posted August 30, 2007)
Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista
and Active Directory (Posted October 14, 2007)
Improve Data Protection Processes with Content Discovery,
Monitoring and Filtering (Posted November 7, 2007)
A Practical Approach to Managing Information System Risk
(Posted February 2, 2008)
Keystroke Logging (Posted April 4, 2008)
Evaluation of TrueCrypt as a Mobile Data Encryption Solution
(Posted April 19, 2008)  ( PDF ) ( MobiPocket )