Publications

CompTIA Storage+ Quick Review Guidestorage+
McGraw Hill

ISBN 0071800379

Concise, focused coverage of the CompTIA Storage+ exam

Prepare for the CompTIA Storage+ exam with McGraw-Hill Education—a Platinum-Level CompTIA Authorized Partner—and get the competitive edge on exam day! This convenient self-study tool fully covers the vendor-neutral CompTIA Storage+ Powered by SNIA exam. You’ll learn the skills required to configure basic networks to include archive, backup, and restoration technologies. Each chapter includes a list of topics covered, helpful exam tips, and practice exam questions with in-depth answer explanations.

Copyright Protection and Infringement TechnologiesGRIN1
GRIN Publishing, Munich, Germany

December 11, 2003

ISBN 978-3-656-29862-5

Copyrights exist to protect creative works. This protection is given so that authors of these works can continue to create new content and to ensure that they are properly compensated for their work. If people are not properly compensated for their work, many will cease to produce it.

Those who continue to produce without compensation will do it for the pure enjoyment of creation much like freeware is today. In a society without copyright protection, the proliferation of these creative works would not be as great because the creator’s concern would be for creation rather than distribution. Furthermore, some would argue that the overall quality of creative works would increase without copyright protection and that in time more information would become available.

Despite these arguments, copyright law exists, and like any other law, we must comply with it. Technology has allowed many people to infringe upon copyrights in digital media, but it has also given content producers ways to guard against infringement. As of now, the future of digital content and digital copyright protection is still unknown. The environment evolves as a continual flow of new protection and infringement technologies emerge.

The Cutting Edge: New Technologies to Watchcertmag05-2006
Certification Magazine

May 2006

New technologies are touted every day as a way to increase productivity and decrease the time you spend doing mundane tasks. With so many to choose from, which should you spend your time learning about? Which ones will benefit you? And which ones will be used within corporations in the near future?

IT Training: Cardinal Virtues & Deadly Sinscertmag08-2006
Certification Magazine

August 2006

The organization from which you receive your IT training will have a substantial effect on your understanding and proficiency within the technology of your choice, the quality of your skill set and, of course, your marketability. Not all IT training organizations are created equal, and the choice of which organization to partner with (or switch to) should be made carefully and knowingly. If you find yourself at one of the virtuous organizations, as we like to call them, you will no doubt learn a lot and be satisfied. Alternatively, you might end up at one of the more sinful establishments that will be detrimental to your success. Because you are probably paying a lot of money for IT training, it is important to be able to identify these virtuous and sinful organizations before you get in a parable trap.

Up-to-Date: Earning the Certs the Market Demandscertmag08-2007
Certification Magazine

August 2007

Certification is an excellent way to enhance your skills and employ-ability, but although everyone wants to move ahead, many lack direction. Which certifications should be pursued to achieve the best return on your investment in time and money?

 

Implementation to Instruction – Is teaching next on your Horizon?certmag06-2007
Certification Magazine

June 2007

There are numerous avenues available to transform your skills from the corporate IT world to the IT educational environment. As technology advances, so will the need for technical instruction and learning. As a result, higher-education institutions of all levels need experienced certified professionals to educate and promote growth in the field. With experience as an IT professional, you can take your career to another possible arena: teaching.

Inside the Hacker’s HeadJURINNOV White Paper 1
JurInnov White Paper

September 2, 2008

Those protecting systems must be able to think like the hacker to anticipate the moves they will make. This includes moves made during an attack but focuses on anticipating what hackers will do before an attack even happens. This will allow security professionals to lay down the proper controls well in advance of an attack so that the attack will be thwarted or significantly hindered so that the attacker does not continue to pursue the target or is caught while attempting to break in.

Critical Factors Contributing to a Student’s Decision to Pirate SoftwareGRIN2
GRIN Publishing, Munich, Germany

June 24, 2009

ISBN 978-3-656-31083-9

The goal of this study was to analyze the factors contributing to a student’s decision to pirate software. The study focused on students in computer technology disciplines. A quantitative approach was used to test the hypotheses of difficulty, impact, cost/value, risk, and right. The results of the study show that the moral attitudes of whether it is wrong to pirate software are present in those who do not copy software but absent in those who do. The research is valuable for practitioners and policy makers.less

Practical Considerations for Software DevelopmentGRIN3
GRIN Publishing, Munich, Germany

November 18, 2011

ISBN 978-3-656-34879-5

This book provides a practical approach to developing software. It introduces a framework
concerned with the planning, analysis, design, and implementation of software. The framework is
concerned with the entire software development process starting from identifying the business need
for software and ending with the finished deliverables.

Developing a Security Oriented Corporate CultureJURINNOV White Paper 2
JurInnov White Paper

May 23, 2012

Managing the security of an organization can be quite confusing. It can seem like an uphill battle when basic security awareness concepts such as keeping passwords secret or refraining from discussing confidential topics outside the workplace are consistently ignored. Why do some security initiatives fail while others succeed? The answer may lie within the corporate culture. Corporate culture, also known as organizational culture, is the invisible lifeblood made up of the values, priorities, assumptions, and objectives of those within the organization. Just as the body rejects an incompatible organ, the greatest security initiative may fail because of an incompatible corporate culture.

Four keys to successful BYODnetwork-world_20070710
Network World

February 14, 2012

The bring your own device (BYOD) movement formally advocates use of personal equipment for work and obligates IT to ensure jobs can be performed with an acceptable level of security, but how can risks be addressed given the range of devices used and the fact that you lack control of the end point? Companies looking to embrace BYOD — 44% of firms surveyed by Citrix say they have a BYOD policy in place and 94% plan to implement BYOD by 2013 — need to address four key areas: 1) standardization of service, not device, 2) common delivery methods, 3) intelligent access controls and 4) data containment.

Social Media – After the BreachABA2
American Bar Association: Information Security & Privacy News

December 3, 2012

Considerable effort can go into stealing personal and company information, but more and more individuals are just giving it away. Today, communication in the workplace has moved to Facebook walls and office gossip is tweeted around the world. YouTube videos portray “behind the scenes” footage giving the entire world a glimpse into what once was restricted to employees and an occasional guest. Cast out into the Wild West of time and space that we call the Internet is all manner of private information, both personal and corporate. Telephone numbers, important contacts, addresses, social security numbers, banking and financial data, birth dates, private medical information, and even corporate decisions and strategy are readily and easily available. Moreover, comments made in a personal, trusting setting are now sent into the vast beyond, where they can remain permanently.

When to call for help after a data breach3340497518_6b7f468210
Network World

January 10, 2013

In spite of best practices, it is likely that your organization may experience a serious data breach at some time. Once the initial shock of a breach wears off, numerous decisions must be made; and one significant decision is whether to seek help from outside professionals such as attorneys, computer forensics investigators, information security consultants, privacy consultants, or law enforcement.

Effectively gathering facts following a data breach
Outlook Series Newsletter

January 15, 2013

It is easy for miscommunication to happen after a data breach. There could be many people working on the incident and those people may document differently and without guidance, critical facts could be lost due to inconsistent or ineffectual documentation procedures. This can make it difficult for incident response teams to understand the relevant facts of the matter. Here are some guidelines in documenting a breach.

Implementing mHealth and protecting patient privacyHITSF_Journal_Vol1_no1
HITSF Journal

February 14, 2013

Mobile phones, PDAs and other mobile devices have long been promoted as an essential tool for health care and initiatives in these areas fall under the term mHealth. The two main barriers to this initiative have been mobile computing power and security. We are now at the point where one of these has been resolved. Can we resolve the other? Mobile computing devices are much more powerful today and capable of not only sending and receiving data but also processing and displaying that data in a usable and intuitive way but many are still uncomfortable with the use of mobile devices that have access to sensitive Protected Health Information (PHI) in a heavily regulated industry. The consistent flow of health care breaches further increases this feeling in both companies and consumers.

Fail Secure – The right way to fail
PC Security World

February 18, 2013

Failure is unavoidable; and although it might seem counter-intuitive, learning to fail is a good thing – learning to fail right, that is. Systems and software can fail in various ways. Failures can be mechanical (e.g., wear and tear), or they can be due to bugs in the system. Amidst such failures, attackers will try to make systems crash to reveal potential vulnerabilities in its start up routine. The job of security professionals and security minded developers is to engineer a solution that fails securely by determining what should happen if a component or components in a system were to fail. This concept, called “Fail Secure,” is defined as failing in such a way as to cause no harm or minimal harm to the system and the data contained therein.

Not without a trace: Uncovering computer forensic evidenceABA1
American Bar Association: Information Security & Privacy News

March 1, 2013

Today’s modern technology has taught us that unlike the old adage, dead men, indeed, do tell tales. Just ask any crime scene investigator. Leaving a host of clues behind, they actually tell myriad tales. Computers, too, leave a trail of valuable information behind when wrongdoing has been committed; clues that are not only the human equivalents of fingerprints and DNA, but clues that can lead to the who, what, when, where, and how of a computer crime. However, whether from shows like CSI, 48 Hours, or Without a Trace, the forensics that most people are familiar with are of the human – and not computer – kind.

Does Securing Healthcare’s Big Data require Big solutions or juHITSF_Journal_Vol1_no2st Big thinking?
HITSF Journal

April 27, 2013

Many recent innovations both in healthcare and other industries have been geared around the concept of big data. Big data is a collection of data that is so vast that it cannot be managed using traditional data management tools such as mainstream Database Management Systems (DBMS). Big data solutions try to find meaning in this vast and seemingly unmanageable collection of data. In healthcare, this information can be analyzed to identify ways to improve patient care, employee morale, operational efficiency or to provide new healthcare services.

Risk Homeostasis: An instinctive response to riskHITSF_Journal_Vol1_no3
HITSF Journal

July 8, 2013

How often do you speed? What is your investment strategy? Questions like these could provide insight on your level of acceptable risk. We embrace or avoid risk, consciously and unconsciously, based on the level of risk we are willing to accept. This applies to our use of computers as well. With the constant influx of new threats and the implementation of security controls, the level of risk felt by employees can fluctuate causing an increase or decrease in risk-taking behavior.

What’s Your Security Worth? Exploring the Vulnerabilities MarketeForensics_12_2013
eForensics Magazine

September 4, 2013

eForensics Magazine Vol. 2 No. 12 pages 52-55
ISSN 2300-6986

Software vulnerabilities are nothing new. The cycle is rather predictable. Bug finders discover vulnerability and report it, receiving the kudos of the community and sometimes a small reward. Next, software companies fix the vulnerability through a patch or hotfix and users and companies are protected once the patch or hotfix is deployed in their environment. The situation has changed. Now companies and governments are willing to pay large sums of money for undisclosed vulnerabilities. Since these vulnerabilities are never disclosed, they are never fixed and the software is exploitable to those who purchased information on the vulnerability.

Implementing a Best Practice Risk Assessment MethodologyGRIN4
GRIN Publishing, Munich, Germany

September 7, 2013

Implementing a best practice risk assessment involves a risk assessment
methodology describing how to perform Information Technology risk assessments. Risk assessments play a critical role in the development and implementation of effective information security programs and help address a range of security related issues from advanced persistent threats to supply chain concerns

The guidance provided here uses the key risk factors of threats, vulnerabilities, impact to missions and business operations, and the likelihood of threat exploitation of weaknesses in information systems and environments of operation, to help senior leaders and executives understand and assess the current information security risks to information technology infrastructure. The risk assessment guidance has been designed to have maximum flexibility so the process can meet the needs of many types of companies

USB and LNK File AnalysiseForensics_17_2013-1
eForensics Magazine

October 5, 2013

eForensics Magazine, Volume 2, Number 17
Pages 90-94
ISSN 2300-6986

Data moves so easily and freely between computers and devices, especially today with the inexpensive price of storage devices like flash drives and external Universal Serial Bus (USB) storage. Not only may data exist on a machine or in the cloud, but on many removable devices as well. It is tough for the average person to keep track of all this data. It is even more important for the forensic investigator to understand the role and value Link (LNK) files and USB devices have as evidence. This data can be helpful when trying to determine if sensitive data has been removed from a facility or if data relevant to a case is present on removable media that might need to be obtained my attorneys.

Email eDiscovery in a Microsoft World
eForensics Magazine

October 5, 2013

eForensics Magazine, Volume 2, Number 17
Pages 34-39
ISSN 2300-6986

Microsoft Exchange provides email services for organizations and enterprises in many companies. In fact, it is the dominant player in this space. eDiscovery efforts often focus on email messages and their associated attachments in litigation and Microsoft has built in preservation, searching and review features into their product to ease the burden of eDiscovery efforts.

Avoiding corporate espionage data breachesHITSF_Journal_Vol1_no4
HITSF Journal

October 21, 2013

The term “corporate espionage” often evokes images of big evil corporations, the latest high tech equipment, and skillfully trained spies. Such images have been reinforced through the narratives of movies like “The Net” and “Disclosure,” which were widely popular during the 90’s when the advancement of the Internet was underway. Still, as exciting, disturbing, and real as some of these movie scenarios seemed, the Hollywood fare seemed a far cry from the everyday mundane world of work that occupies the reality of most corporations, making the threat of corporate espionage of little concern for most organizations – and one far more suited to the screenwriters or top-selling authors such as John Grisham. Yet, the truth is that neither view is accurate. While corporate espionage requires none of these ingredients – no menacingly evil corporation, no spy vs. spy theatrics, not even high tech equipment – it is a very real threat in the everyday life of organizations everywhere.

Reducing Risk with Data MinimizationHITSF_Journal_Vol2_no1
HITSF Journal

January 20, 2014

Companies collect millions of gigabytes of information, all of which has to be stored, maintained, and secured. There is a general fear of removing data lest it be needed some day but this practice is quickly becoming a problem. Some call it “data hoarding” and I am here to help you clean your closet of unnecessary bits and bytes.

Relieving Subnet Miseryeforensics_03_03
eForensics Magazine

February 17, 2014

eForensics Magazine, Volume 3, Number 3
Pages 118-122
ISSN 2300-6986

IP addressing is essential for any IT professional. Why then is subnetting, a component of IP addressing, so often avoided? Subnetting is seen as an advanced, more difficult TCP/IP topic because of the math, formulas, and binary that is associated with it, but subnetting can become easy with the knowledge of a few simple steps. You will also find that it is a valuable skill for anyone in IT and a skill often tested on certification exams such as the Cisco Certified Network Associate (CCNA).

Data Classification Made SimpleHITSF_Journal_Vol2_no2
HITSF Journal

March 5, 2014

Few people are probably unfamiliar with the concept of classified data, yet what likely springs to mind for many is a government office deep within the confines of The Pentagon where a stack of top secret documents rests. There it is. Clearly stamped in red, bold-faced type. CLASSIFIED. While classification is imperative for government documents containing secret, top-secret, or other sensitive information, determined – for reasons of national security – to be in need of protection, data classification should not be misunderstood to be only for governments or for reasons of national security. Rather, data classification is a key measure critical to the everyday success and longevity of all organizations.

What to Expect when You’re Encrypting: Cryptographic Choices for Mac and WindowseForensics_20_2013
eForensics Magazine

March 12, 2014

eForensics Magazine, Volume 3, Number 5
Pages 36-40
ISSN 2300-6986

Cryptography is an interesting field of study and it forms the basis of much of the communication the average person takes for granted as they use computers, networks and the Internet.
Encryption is the process of making a message such as a data file or communication stream unreadable to anyone lacking the appropriate decryption key. Encryption uses mathematical formulas to modify the data in such a way that it would be extremely difficult to put back together without the key. The information is combined along with a different routine of information making it impossible for any user to decrypt unless the key and the routine are available.

Understanding Malware ForensicseForensics_06_2014-1
eForensics Magazine

March 24, 2014

eForensics Magazine, Volume 3, Number 6
Pages 8-12
ISSN 2300-6986

At this point, everyone is familiar with malware. It has been around for decades in the form of viruses, Trojans, bots and worms. Everyone with a computer has been infected at one point or another. In fact, the problem is so pervasive that, like the common cold, we have become used to and somewhat tolerant of these malicious programs. The malware of the past has given way to today botnets and fast acting worms that infect with impunity, stealing information, hijacking computers and causing all manner of harm. This leads us to malware forensics, the study of how such crimes happen. While remote hackers hide under a mast of anonymity, their programs do their dirty work and it is the forensic investigator who must determine the facts of the case.

Criteria for Selecting a Risk Assessment MethodologyHITSF_Journal_Vol2_no3
HITSF Journal

July 17, 2014

Risk assessment is the process of identifying vulnerabilities, threats, and risks associated with organizational assets and the controls that can mitigate these threats. Risk managers and organizational decision makers use risk assessments to determine which risks to mitigate using controls and which to accept or transfer. There are two prevailing methodologies for performing a risk assessment. These are the qualitative and quantitative approaches. A third approach, termed mixed or hybrid, combines elements of the qualitative and quantitative approaches.

Physical Security for Data in Transit
HITSF Journal

July 17, 2014

Physical security is a major component of information security. Physical security encompasses the actions taken to prevent attackers from accessing equipment, facilities, and other resources where data is stored, shared, or worked with. Physical security is often likened to a castle. Whereas a castle has tall walls, a moat, drawbridge, gate, guards, and lookouts, physical security systems likewise have cameras, sensors, guards, walls, authentication devices, GPS, and many other technologies.

Effective storage security strategies for enterprise dataHITSF_Journal_Vol2_no4
HITSF Journal

December 19, 2014

Data breaches are one of the biggest problems that companies face. According to the 2014 Data Breach Investigations Report by Verizon, there are 92% confirmed data breaches in 2013. In the case of Sony being hacked, there are more than 101 million records that were breached, but mostly email addresses. But a really worrying fact is the 273 breaches that involved over 20 million sensitive personal…

Logs that matter following a data breachHITSF_Journal_Vol3_no1
HITSF Journal

February 26, 2015

There are a lot of things that log files can tell you about a security incident such as a data breach. After all, logs are generated whenever there is system activity, even when it is just a failed login, if they are enabled. So whenever a data breach happens, you can use logs to determine what happened. Analyzing them can be likened to performing forensics of a crime scene. Logs help put…

How to build an effective security teamHITSF_Journal_Vol3_no2
HITSF Journal

April 11, 2015

The best security team should be able to protect your most prized possessions, assets and interests. In the business world, security can mean protection of office premises, employees and clients. Because this covers a wide range of aspects, it is only right that people who make up your security team come from different departments. So who should be part of your security team?

Essential elements of an incident response planHITSF_Journal_Vol3_no3
HITSF Journal

June 16, 2015

After a security incident appropriate actions need to be made to limit the damages and reduce recovery time and costs. The steps to take after such an incident is laid out in an incident response plan. So how do you create an effective plan?