Adventures in Security

• Attack Surface Reduction - Chapter 4
  

• Building the Foundation: Architecture Design - Chapter 3 (Related Training)

• Risk Management - Chapter 2 (Related Training)

• Enterprise Security: A practitioner’s guide – Chapter 1 (Related Training)

• UEFI and the TPM: Building a foundation for platform trust (2011)

• Five Steps to Incident Management in a Virtualized Environment (2011)

• Microsoft Server Virtualization Security: Ten Tips and Settings (2011)

• Business Continuity Event Planning (2008/2009)

• Series on building and managing an Information Security Awareness Training Program (2008)

• Business Continuity Planning Series (2008)
  

• Incident Management Series (2008)
  

• Series on use of free Sysinternals utilities for security management and testing (2008)

• Prepare for e-discovery requests: How to avoid disastrous legal sanctions and fines (September 9, 2008)

• Evaluation of TrueCrypt as a Mobile Data Encryption Solution (April 19, 2008) (PDF) (MobiPocket)

• Keystroke Logging (April 4, 2008)

• A Practical Approach to Management Information System Risk (February 2, 2008)

• Improve Data Protection Processes with Content Discovery, Monitoring, and Filtering (November 7, 2008)

• Desktop Application Virtualization and Application Streaming: Function and Security Benefits (August 30, 2007)

• Protect Your Organization from Steganographic  Data Theft (February 12, 2007)

• Getting to Secure Internet Identity Management (February 12, 2007)

• Keystroke Dynamics: Low impact biometrics verification (September 23, 2006)

• Fundamentals of Storage Media Sanitation (June 3, 2006)

• Spreadsheet Assurance (May 8, 2006)

• Build and Effective Security Awareness Program (April 8, 2006)

• DNS Cache Poisoning: Definition and Prevention (March 16, 2006)

• A Practical Approach to Threat Modeling (March 4, 2006)

• Data Storage Security (February 6, 2006)

• Securing Instant Messaging (January 15, 2006)

The purpose of the papers on this site are to educate business managers in the essentials of Information Security.

 Subscribe to my RSS Feed

     Subscribe to Security Snippets 

     Follow my Twitter tweets

My Book...

Just Enough Security:
Information Security for Business Managers

The Just Enough Security (JES) approach to
information assurance is based on the belief
that no one safeguard can completely protect
your critical information assets from a highly
motivated threat.  The JES security model
combines multiple layers of safeguards with
simple risk management tools to help you
achieve both the security of your information
assets and a return on your security
investment.  

Paperback Edition