Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« 3rd HIPAA Criminal Indictment; Another Insider Job | Main | Did You Know This Was National Consumer Protection Week? »

FREE Resource Overflowing With Great Info Sec & Privacy Articles Just Published

Long time dear friends and colleagues of mine, Tom and Justin Peltier, just published their "2007 Year in Review."

It is a great, FREE, resource to add to your information security, privacy and compliance files.

Here are the folks who contributed, along with the articles they wrote:

Table of Contents

PELTIER EFFECT YEAR IN REVIEW

Foreword – Marcus Ranum

Chapter 1 - PELTIER EFFECT: BUSINESS OF SECURITY
Foreword – Roy Stephan 1
Sometimes We Forget…Leave TJ Maxx Alone!!! Lessons We Learn When We Present Our Solutions to an Audience - Ariel Coro 2
How Encryption Strategies Can Support Business Growth Initiatives - Jeff Sauntry 4
Testing the Protection of Business Assets, Not the Infrastructure - Alec Bass 7
Nothing for Nothing- John Blackley 9
Ten Ways to Waste Your Training Money - Clement Dupuis, CD 11
Are You Earning What You’re Worth? - Kevin Beaver 13
Becoming a Thought Leader- Rich O’Hanley 15

Chapter 2 - PELTIER EFFECT: STANDARDS AND CERTIFICATION
Foreword – William Murray 18
PCI DSS: PROS, CONS, INCENTIVES – DEVELOPING A SECURITY STRATEGY - Tom Lamog 19
Herding the Compliance Cats - Anne Kuhns 21
Now That I’m Compliant, How Do I Stay That Way? Elements of a Compliance Monitoring Program - Patrick D. Howard 23
Selecting Information Security Management Standard for Certification - Sigurjon Thor Arnason 26
Information Security Certification: Our Professional Dilemma - Darlene Nelson and James A. Nelson 28
Leveling the Regulatory Security Playing Field - Torsten Larson 30
What’s New with ISO 27001 - Changes in the ISO 27000 Family of Standards - Ray Kaplan 32

Chapter 3 - PELTIER EFFECT: THE YEAR THAT WAS
Foreword – Tom Peltier, Justin Peltier, Brad Smith 35
Intellectual Property Developments in 2007 - M. E. Kabay, PhD 36
How Absurd is This Business After All? Laughing at the 2007 Infosec Landscape - John Ceraolo 40
2007 – The Year Timing Attacks Made a Comeback - Haroon Meer 43

Chapter 4 - PELTIER EFFECT: WHAT’S NEXT?
Foreword – Max Caceres 45
Security and Virtualization - John G. O’Leary 46
Transparent Security – How Cracking WEP Will Make Network-Based Security Invisible to Users - Andy Logan 50
Vulnerability Management at the Crossroads - Iván Arce 52
Computer Security Meets Alcohol Breath Testing - Eric Van Buskirk, JD 58
Tomorrow Everything May Be Insecure - Aaron Earle 61

Chapter 5 - PELTIER EFFECT: THE LIFE OF A SECURITY PRACTITIONER
Foreword – Ray Kaplan 63
Creating the Information Security Village - Kimberly Pease 64
Building Your Own Personal Rootkit - Charles Johnson and Gary Dreamer 66
It'sTtime to Harden Up Those Security Officer Soft Skils - Todd Fitzgerald 68
Career Progression from Security Into Enterprise Management - Michael J. Corby 71
A Day in the Life of an Information Security Officer - Robert Childs 74
We Never Learn - Brad Smith 76
You’re Doing What? Who Are We Going To Get To Help Us? - John Melo 78
War and Peace In Cyberspace Profiles In Cyber Courage #2: Tom and Justin Peltier - Richard Power and Dario Forte 80

Chapter 6 - PELTIER EFFECT: INCIDENT RESPONSE AND FORENSICS
Foreword – Thomas Rude 85
Forensics for a Rainy Day - Justin Peltier 86
Holistic Investigations: A Must For Today’s Incidents - Lawrence D. Dietz, Esq. 88
Managing a Crisis, A Joke or Reality? - Herve Schmidt 90
The State Of The Art in Digital Investigations: Log And Remote Forensics: Guaranteeing the Right Balance Between Technology and Compliance Needs. - Dario Forte 92

Chapter 7 - PELTIER EFFECT: SECURITY AROUND THE WORLD
The Security Challenge of Outsourcing to the BRIC Countries - Robert Janssen 95
Protecting Data In A Very Off-Shore Paradise - Jack Durner 97
Everything You Want To Know About China Internet - A Brief Summary of the CNNIC Statistical Survey Report on the Internet Development in China - Shijian Wu 99
Information Security in Australia 2007: Boom or Bust? - Jodie Siganto 105

Chapter 8 - PELTIER EFFECT: THREATS
Foreword – John McCormick 108
Data Leakage: The Insidious Threat - Faith M. Heikkila 109
The Rootkit Epidemic - E. Eugene Schultz, Ph.D 112
Local Government – The Changing Information Security Threat Environment - Al Brusewitz 116
Growing Business Risks of Social Networking Sites - Rebecca Herold 118

Chapter 9 - PELTIER EFFECT: CONTROLS
Foreword – Terri Curran 121
The Emperor’s New Clothes and the Future of Operational Risk Measurement - John Sherwood 122
Risk Assessment Methodology for Small Business (RASB) - Nanette S. Poulios 124
Domain Modelling: The Powerful Force for Policy, Risk Management, Ownership and Reporting - David Lynas 130
Risk Analysis Versus Risk Assessment - Thomas R. Peltier 134
Going Against the Gradient - Dave Aitel 137
Tips and Techniques on How to Generate and Remember Passwords - Joseph W. Popinski Ph.D 138
Convergences - Peter Stephenson, PhD 140
References 143

Tags:                    
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on March 3, 2008 6:03 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/674

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.