Copyright Protection and Infringement Technologies
GRIN Publishing, Munich, Germany

December 11, 2003

ISBN 978-3-656-29862-5

Copyrights exist to protect creative works. This protection is given so that authors of these works can continue to create new content and to ensure that they are properly compensated for their work. If people are not properly compensated for their work, many will cease to produce it.

Those who continue to produce without compensation will do it for the pure enjoyment of creation much like freeware is today. In a society without copyright protection, the proliferation of these creative works would not be as great because the creatorÔÇÖs concern would be for creation rather than distribution. Furthermore, some would argue that the overall quality of creative works would increase without copyright protection and that in time more information would become available.

Despite these arguments, copyright law exists, and like any other law, we must comply with it. Technology has allowed many people to infringe upon copyrights in digital media, but it has also given content producers ways to guard against infringement. As of now, the future of digital content and digital copyright protection is still unknown. The environment evolves as a continual flow of new protection and infringement technologies emerge.

The Cutting Edge: New Technologies to Watch
Certification Magazine

May 2006

New technologies are touted every day as a way to increase productivity and decrease the time you spend doing mundane tasks. With so many to choose from, which should you spend your time learning about? Which ones will benefit you? And which ones will be used within corporations in the near future?

IT Training: Cardinal Virtues & Deadly Sins
Certification Magazine

August 2006

The organization from which you receive your IT training will have a substantial effect on your understanding and proficiency within the technology of your choice, the quality of your skill set and, of course, your marketability. Not all IT training organizations are created equal, and the choice of which organization to partner with (or switch to) should be made carefully and knowingly. If you find yourself at one of the virtuous organizations, as we like to call them, you will no doubt learn a lot and be satisfied. Alternatively, you might end up at one of the more sinful establishments that will be detrimental to your success. Because you are probably paying a lot of money for IT training, it is important to be able to identify these virtuous and sinful organizations before you get in a parable trap.

Up-to-Date: Earning the Certs the Market Demands
Certification Magazine

August 2007

Certification is an excellent way to enhance your skills and employ-ability, but although everyone wants to move ahead, many lack direction. Which certifications should be pursued to achieve the best return on your investment in time and money?

Implementation to Instruction ÔÇô Is teaching next on your Horizon?
Certification Magazine

June 2007

There are numerous avenues available to transform your skills from the corporate IT world to the IT educational environment. As technology advances, so will the need for technical instruction and learning. As a result, higher-education institutions of all levels need experienced certified professionals to educate and promote growth in the field. With experience as an IT professional, you can take your career to another possible arena: teaching.

Inside the Hacker’s Head
JurInnov White Paper

September 2, 2008

Those protecting systems must be able to think like the hacker to anticipate the moves they will make. This includes moves made during an attack but focuses on anticipating what hackers will do before an attack even happens. This will allow security professionals to lay down the proper controls well in advance of an attack so that the attack will be thwarted or significantly hindered so that the attacker does not continue to pursue the target or is caught while attempting to break in.

Critical Factors Contributing to a StudentÔÇÖs Decision to Pirate Software
GRIN Publishing, Munich, Germany

June 24, 2009

ISBN 978-3-656-31083-9

The goal of this study was to analyze the factors contributing to a studentÔÇÖs decision to pirate software. The study focused on students in computer technology disciplines. A quantitative approach was used to test the hypotheses of difficulty, impact, cost/value, risk, and right. The results of the study show that the moral attitudes of whether it is wrong to pirate software are present in those who do not copy software but absent in those who do. The research is valuable for practitioners and policy makers.less

Practical Considerations for Software Development
GRIN Publishing, Munich, Germany

November 18, 2011

ISBN 978-3-656-34879-5

This book provides a practical approach to developing software. It introduces a framework
concerned with the planning, analysis, design, and implementation of software. The framework is
concerned with the entire software development process starting from identifying the business need
for software and ending with the finished deliverables.

Developing a Security Oriented Corporate Culture
JurInnov White Paper

May 23, 2012

Managing the security of an organization can be quite confusing. It can seem like an uphill battle when basic security awareness concepts such as keeping passwords secret or refraining from discussing confidential topics outside the workplace are consistently ignored. Why do some security initiatives fail while others succeed? The answer may lie within the corporate culture. Corporate culture, also known as organizational culture, is the invisible lifeblood made up of the values, priorities, assumptions, and objectives of those within the organization. Just as the body rejects an incompatible organ, the greatest security initiative may fail because of an incompatible corporate culture.

Four keys to successful BYOD
Network World

February 14, 2012

The bring your own device (BYOD) movement formally advocates use of personal equipment for work and obligates IT to ensure jobs can be performed with an acceptable level of security, but how can risks be addressed given the range of devices used and the fact that you lack control of the end point? Companies looking to embrace BYOD — 44% of firms surveyed by Citrix say they have a BYOD policy in place and 94% plan to implement BYOD by 2013 — need to address four key areas: 1) standardization of service, not device, 2) common delivery methods, 3) intelligent access controls and 4) data containment.

Social Media ÔÇô After the Breach
American Bar Association: Information Security & Privacy News

December 3, 2012

Considerable effort can go into stealing personal and company information, but more and more individuals are just giving it away. Today, communication in the workplace has moved to Facebook walls and office gossip is tweeted around the world. YouTube videos portray ÔÇ£behind the scenesÔÇØ footage giving the entire world a glimpse into what once was restricted to employees and an occasional guest. Cast out into the Wild West of time and space that we call the Internet is all manner of private information, both personal and corporate. Telephone numbers, important contacts, addresses, social security numbers, banking and financial data, birth dates, private medical information, and even corporate decisions and strategy are readily and easily available. Moreover, comments made in a personal, trusting setting are now sent into the vast beyond, where they can remain permanently.

When to call for help after a data breach
Network World

January 10, 2013

In spite of best practices, it is likely that your organization may experience a serious data breach at some time. Once the initial shock of a breach wears off, numerous decisions must be made; and one significant decision is whether to seek help from outside professionals such as attorneys, computer forensics investigators, information security consultants, privacy consultants, or law enforcement.

Effectively gathering facts following a data breach
Outlook Series Newsletter

January 15, 2013

It is easy for miscommunication to happen after a data breach. There could be many people working on the incident and those people may document differently and without guidance, critical facts could be lost due to inconsistent or ineffectual documentation procedures. This can make it difficult for incident response teams to understand the relevant facts of the matter. Here are some guidelines in documenting a breach.

Implementing mHealth and protecting patient privacy
HITSF Journal

February 14, 2013

Mobile phones, PDAs and other mobile devices have long been promoted as an essential tool for health care and initiatives in these areas fall under the term mHealth. The two main barriers to this initiative have been mobile computing power and security. We are now at the point where one of these has been resolved. Can we resolve the other? Mobile computing devices are much more powerful today and capable of not only sending and receiving data but also processing and displaying that data in a usable and intuitive way but many are still uncomfortable with the use of mobile devices that have access to sensitive Protected Health Information (PHI) in a heavily regulated industry. The consistent flow of health care breaches further increases this feeling in both companies and consumers.

Fail Secure ÔÇô The right way to fail
PC Security World

February 18, 2013

Failure is unavoidable; and although it might seem counter-intuitive, learning to fail is a good thing ÔÇô learning to fail right, that is. Systems and software can fail in various ways. Failures can be mechanical (e.g., wear and tear), or they can be due to bugs in the system. Amidst such failures, attackers will try to make systems crash to reveal potential vulnerabilities in its start up routine. The job of security professionals and security minded developers is to engineer a solution that fails securely by determining what should happen if a component or components in a system were to fail. This concept, called ÔÇ£Fail Secure,ÔÇØ is defined as failing in such a way as to cause no harm or minimal harm to the system and the data contained therein.

Not without a trace: Uncovering computer forensic evidence
American Bar Association: Information Security & Privacy News

March 1, 2013

TodayÔÇÖs modern technology has taught us that unlike the old adage, dead men, indeed, do tell tales. Just ask any crime scene investigator. Leaving a host of clues behind, they actually tell myriad tales. Computers, too, leave a trail of valuable info rmation behind when wrongdoing has been committed; clues that are not only the human equivalents of fingerprints and DNA, but clues that can lead to the who, what, when, where, and how of a computer crime. However, whether from shows like CSI, 48 Hours, or Without a Trace, the forensics that most people are familiar with are of the human ÔÇô and not computer ÔÇô kind.

Does Securing HealthcareÔÇÖs Big Data require Big solutions or just Big thinking?
HITSF Journal

April 27, 2013

Many recent innovations both in healthcare and other industries have been geared around the concept of big data. Big data is a collection of data that is so vast that it cannot be managed using traditional data management tools such as mainstream Database Management Systems (DBMS). Big data solutions try to find meaning in this vast and seemingly unmanageable collection of data. In healthcare, this information can be analyzed to identify ways to improve patient care, employee morale, operational efficiency or to provide new healthcare services.

Risk Homeostasis: An instinctive response to risk
HITSF Journal

July 8, 2013

How often do you speed? What is your investment strategy? Questions like these could provide insight on your level of acceptable risk. We embrace or avoid risk, consciously and unconsciously, based on the level of risk we are willing to accept. This applies to our use of computers as well. With the constant influx of new threats and the implementation of security controls, the level of risk felt by employees can fluctuate causing an increase or decrease in risk-taking behavior.

What’s Your Security Worth? Exploring the Vulnerabilities Market
eForensics Magazine

September 4, 2013

eForensics Magazine Vol. 2 No. 12 pages 52-55
ISSN 2300-6986

Software vulnerabilities are nothing new. The cycle is rather predictable. Bug finders discover vulnerability and report it, receiving the kudos of the community and sometimes a small reward. Next, software companies fix the vulnerability through a patch or hotfix and users and companies are protected once the patch or hotfix is deployed in their environment. The situation has changed. Now companies and governments are willing to pay large sums of money for undisclosed vulnerabilities. Since these vulnerabilities are never disclosed, they are never fixed and the software is exploitable to those who purchased information on the vulnerability.

USB and LNK File Analysis
eForensics Magazine

October 5, 2013

eForensics Magazine, Volume 2, Number 17
Pages 90-94
ISSN 2300-6986

Data moves so easily and freely between computers and devices, especially today with the inexpensive price of storage devices like flash drives and external Universal Serial Bus (USB) storage. Not only may data exist on a machine or in the cloud, but on many removable devices as well. It is tough for the average person to keep track of all this data. It is even more important for the forensic investigator to understand the role and value Link (LNK) files and USB devices have as evidence. This data can be helpful when trying to determine if sensitive data has been removed from a facility or if data relevant to a case is present on removable media that might need to be obtained my attorneys.

Email eDiscovery in a Microsoft World
eForensics Magazine

October 5, 2013

eForensics Magazine, Volume 2, Number 17
Pages 34-39
ISSN 2300-6986

Microsoft Exchange provides email services for organizations and enterprises in many companies. In fact, it is the dominant player in this space. eDiscovery efforts often focus on email messages and their associated attachments in litigation and Microsoft has built in preservation, searching and review features into their product to ease the burden of eDiscovery efforts.

Avoiding corporate espionage data breaches
HITSF Journal

October 21, 2013

The term ÔÇ£corporate espionageÔÇØ often evokes images of big evil corporations, the latest high tech equipment, and skillfully trained spies. Such images have been reinforced through the narratives of movies like ÔÇ£The NetÔÇØ and ÔÇ£Disclosure,ÔÇØ which were widely popular during the 90ÔÇÖs when the advancement of the Internet was underway. Still, as exciting, disturbing, and real as some of these movie scenarios seemed, the Hollywood fare seemed a far cry from the everyday mundane world of work that occupies the reality of most corporations, making the threat of corporate espionage of little concern for most organizations ÔÇô and one far more suited to the screenwriters or top-selling authors such as John Grisham. Yet, the truth is that neither view is accurate. While corporate espionage requires none of these ingredients ÔÇô no menacingly evil corporation, no spy vs. spy theatrics, not even high tech equipment ÔÇô it is a very real threat in the everyday life of organizations everywhere.

Reducing Risk with Data Minimization
HITSF Journal

January 20, 2014

Companies collect millions of gigabytes of information, all of which has to be stored, maintained, and secured. There is a general fear of removing data lest it be needed some day but this practice is quickly becoming a problem. Some call it ÔÇ£data hoardingÔÇØ and I am here to help you clean your closet of unnecessary bits and bytes.

Relieving Subnet Misery
eForensics Magazine

February 17, 2014

eForensics Magazine, Volume 3, Number 3
Pages 118-122
ISSN 2300-6986

IP addressing is essential for any IT professional. Why then is subnetting, a component of IP addressing, so often avoided? Subnetting is seen as an advanced, more difficult TCP/IP topic because of the math, formulas, and binary that is associated with it, but subnetting can become easy with the knowledge of a few simple steps. You will also find that it is a valuable skill for anyone in IT and a skill often tested on certification exams such as the Cisco Certified Network Associate (CCNA).

Data Classification Made Simple
HITSF Journal

March 5, 2014

Few people are probably unfamiliar with the concept of classified data, yet what likely springs to mind for many is a government office deep within the confines of The Pentagon where a stack of top secret documents rests. There it is. Clearly stamped in red, bold-faced type. CLASSIFIED. While classification is imperative for government documents containing secret, top-secret, or other sensitive information, determined ÔÇô for reasons of national security ÔÇô to be in need of protection, data classification should not be misunderstood to be only for governments or for reasons of national security. Rather, data classification is a key measure critical to the everyday success and longevity of all organizations.

What to Expect when YouÔÇÖre Encrypting: Cryptographic Choices for Mac and Windows
eForensics Magazine

March 12, 2014

eForensics Magazine, Volume 3, Number 5
Pages 36-40
ISSN 2300-6986

Cryptography is an interesting field of study and it forms the basis of much of the communication the average person takes for granted as they use computers, networks and the Internet.
Encryption is the process of making a message such as a data file or communication stream unreadable to anyone lacking the appropriate decryption key. Encryption uses mathematical formulas to modify the data in such a way that it would be extremely difficult to put back together without the key. The information is combined along with a different routine of information making it impossible for any user to decrypt unless the key and the routine are available.

Understanding Malware Forensics
eForensics Magazine

March 24, 2014

eForensics Magazine, Volume 3, Number 6
Pages 8-12
ISSN 2300-6986

At this point, everyone is familiar with malware. It has been around for decades in the form of viruses, Trojans, bots and worms. Everyone with a computer has been infected at one point or another. In fact, the problem is so pervasive that, like the common cold, we have become used to and somewhat tolerant of these malicious programs. The malware of the past has given way to today botnets and fast acting worms that infect with impunity, stealing information, hijacking computers and causing all manner of harm. This leads us to malware forensics, the study of how such crimes happen. While remote hackers hide under a mast of anonymity, their programs do their dirty work and it is the forensic investigator who must determine the facts of the case.

Criteria for Selecting a Risk Assessment Methodology
HITSF Journal

July 17, 2014

Risk assessment is the process of identifying vulnerabilities, threats, and risks associated with organizational assets and the controls that can mitigate these threats. Risk managers and organizational decision makers use risk assessments to determine which risks to mitigate using controls and which to accept or transfer. There are two prevailing methodologies for performing a risk assessment. These are the qualitative and quantitative approaches. A third approach, termed mixed or hybrid, combines elements of the qualitative and quantitative approaches.

Physical Security for Data in Transit
HITSF Journal

July 17, 2014

Physical security is a major component of information security. Physical security encompasses the actions taken to prevent attackers from accessing equipment, facilities, and other resources where data is stored, shared, or worked with. Physical security is often likened to a castle. Whereas a castle has tall walls, a moat, drawbridge, gate, guards, and lookouts, physical security systems likewise have cameras, sensors, guards, walls, authentication devices, GPS, and many other technologies.