Print Friendly

IT Security White Papers

Technical White Papers

“Risk Assessment of Social Media”
Robert Shullich, SystemExperts Corporation

“Looking at the SANS 20 Critical Security Controls”
Brad C. Johnson, SystemExperts Corporation

“Using BitLocker As Part Of A Customer Data Protection Program: Part 1”
Philip C. Cox, SystemExperts Corporation

“Using BitLocker As Part Of A Customer Data Protection Program: Part 2”
Philip C. Cox, SystemExperts Corporation

“How To Use BitLocker To Go In Windows 7: A Primer”
Philip C. Cox, SystemExperts Corporation

“Your BitLocker To Go Active Directory Policy Options”
Philip C. Cox, SystemExperts Corporation

“Introduction To Windows Rights Management Services”
Philip C. Cox, SystemExperts Corporation

“IWindows 7 Backup and Restore”
Philip C. Cox, SystemExperts Corporation

“Top Cloud Identity Management Considerations”
Philip C. Cox, SystemExperts Corporation

“Access Management Services In The Cloud”
Philip C. Cox, SystemExperts Corporation

“IaaS Threats In The Cloud – Part 1”
Philip C. Cox, SystemExperts Corporation

“IaaS Threats In The Cloud – Part 2”
Philip C. Cox, SystemExperts Corporation

“IaaS Threats In The Cloud – Part 3”
Philip C. Cox, SystemExperts Corporation

“PaaS Threats In The Cloud”
Philip C. Cox, SystemExperts Corporation

“Virtual Desktop Threats”
Philip C. Cox, SystemExperts Corporation

“Is Your Application Cloud-Worthy?”
Philip C. Cox, SystemExperts Corporation

ISSA Journal, September 2008″
Brad C. Johnson, SystemExperts Corporation

“Payment Card Industry Data Security Standard Compliance Overview”
Brad C. Johnson & Philip C. Cox, SystemExperts Corporation

“SHA1 Cryptographic Hash Update”
Landon Curt Noll, SystemExperts Corporation

“Internet Penetrations: Thinking Like an Attacker”
Brad C. Johnson, SystemExperts Corporation

“Configuring Secure Linux Hosts”
Landon Curt Noll, SystemExperts Corporation

“Appreciating the Security Threats Associated with your Handheld Device”
Brad C. Johnson and Richard E. Mackey, Jr., SystemExperts Corporation

“National Security Agency (NSA) INFOSEC Assessment Methodology (IAM)”
Brad C. Johnson, SystemExperts Corporation

“The SSL Handshake”
Brad C. Johnson, Donald T. Davis, and Jonathan Gossels, SystemExperts Corporation

“HIPAA Compliance”
Landon Curt Noll and Jonathan Gossels, SystemExperts Corporation

“A Better Way to Evaluate Large Code Sets in Today’s Fast-Paced Web Environment”
Brad C. Johnson, SystemExperts Corporation

“Intrusions and their Detection: Addressing Common Hacker Exploits”
Brad C. Johnson, SystemExperts Corporation

“Wireless 802.11 LAN Security: Understanding the Key Issues”
Brad C. Johnson, SystemExperts Corporation

“Wireless 802.11 Security: Questions and Answers to Get Started”
Brad C. Johnson, SystemExperts Corporation

“Internet Penetration Testing: A Seasoned Perspective”
Brad C. Johnson, SystemExperts Corporation

“Hardening Windows 2000”
Philip C. Cox, SystemExperts Corporation

“How Web Spoofing Works”
Brad C. Johnson, SystemExperts Corporation

“More Than You Ever Wanted to Know About NT Login Authentication”
Philip C. Cox, SystemExperts Corporation and Paul B. Hill, Massachusetts Institute of Technology

“Wardialing: Practical Advice to Understand Your Exposure”
Cheng Tang and Jonathan Gossels, SystemExperts Corporation

Executive Insight Series

“Managing Third Party Risk”
Richard Mackey, Jr., SystemExperts Corporation

“Network Security Tools and Their Limitations”
Brad C. Johnson, SystemExperts Corporation

“The Power of a Trusted Relationship”
Peter S. McLaughlin, SystemExperts Corporation

“Thinking About Protecting Data on Portable Devices”
Richard Mackey, Jr., SystemExperts Corporation

“ISO 2700X: A Cornerstone of True Security”
Jonathan G. Gossels & Richard Mackey, Jr., SystemExperts Corporation

“Service Oriented Architectures: Security Challenges”
Jonathan G. Gossels, SystemExperts Corporation

“Top Security Trends in 2005”
Jonathan G. Gossels, SystemExperts Corporation

“Internet Penetrations: Profiles of an Attacker”
Brad C. Johnson, SystemExperts Corporation

“Certifications: Where’s the Beef?”
The ISSA Journal: September 2005
Brad C. Johnson & Philip Cox, SystemExperts Corporation

“Identity Theft and the Renewed Focus on Authentication”
Technical Support: August 2005
Jonathan G. Gossels, SystemExperts Corporation

“A Perspective on Practical Security”
Business Briefing: Data Management, Storage, & Security Review 2005
Jonathan G. Gossels, SystemExperts Corporation

“Top 10 Hot Topics in Security”
Jonathan G. Gossels, SystemExperts Corporation

“Identity Theft and the Renewed Focus on Authentication”
Jonathan G. Gossels, SystemExperts Corporation

“Understanding the FDIC’s Report On Account-Hijacking Identity Theft”
Jonathan G. Gossels and Richard E. Mackey, SystemExperts Corporation

“Secure Electronic Voting: A Challenge Ahead”
Jonathan G. Gossels, SystemExperts Corporation

“The National Security Agency’s IAM Assessment. Reviewing Your IT Information Assets”
Brad C. Johnson, SystemExperts Corporation

“Privacy: Our Two Cents”
Jonathan G. Gossels, Pete McLaughlin, and Dick Mackey, SystemExperts Corporation

“SAS70: The Emperor Has No Clothes”
Jonathan G. Gossels, SystemExperts Corporation

“ISO 17799: Pay Attention To This One”
Jonathan G. Gossels, SystemExperts Corporation

“Living With Insecurity: A Practical Philosophy”
Jonathan G. Gossels, SystemExperts Corporation

“Should You Care About Biometrics?”
Jonathan G. Gossels, SystemExperts Corporation and Matthew Martin, JPMorgan-Chase

Cloud Security Resources

“Is Your Application Cloud-Worthy?”
Most companies or organizations that investigate using the Cloud are driven by the desire to reduced costs or provide dynamic scalability. Some do it for both reasons.

“IaaS Threats in the Cloud – Part 1”
This is part 1 of a 3 part Tech Tip on likely threats in Public Cloud Infrastructure as a Service (IaaS) Cloud.

“IaaS Threats in the Cloud – Part 2”
In this Tip, we’ll be covering the second biggest threat I see to IaaS: Vulnerabilities in the remote management solutions (VPNs, Remote Desktop, Remote Shell, and Web Console UIs).

“IaaS Threats in the Cloud – Part 3”
This tip will focus on exposures in the Domain Name System (DNS) and how this affects Infrastructure as a Service.

“PaaS Threats in the Cloud”
In PaaS, control (and security) of the application is moved to the consumer, and the provider secures the underlying cloud infrastructure (i.e., firewalls, servers, operating systems, etc).

“SaaS Threats in the Cloud”
This Tech Tip will focus on the top three threats I see to Software as a Service (SaaS) consumers. We’ll be talking about the threats you can mitigate, not those that you rely on your provider to mitigate.

“Virtual Desktop Threats”
This Tech Tip is focused on identifying the most common security issues that solution providers run into when deploying virtual desktops for customers and some practical ways to solve them.