Enterprise Security Management
|
Log Analysis, Log Management and Data Correlation
|
Regulatory and Policy Compliance
In Russian:
|
Policy and people issues of information security
|
Malicious hacker attacks
|
Honeypots and honeynets
|
Security Tools and Intrusion Detection
|
UNIX/Linux Security
|
Application security
|
VPN, IPSec and encryption
- (08/2001) "Future IP Security" outlines the future of IP addressing (IPv6) and focuses on the security components of next generation IP services (IPsec) [published
at SecurityWatch]
- (03/2007) "Five mistakes of data encryption" covers some of the other mistakes that often occur when organizations try to use encryption to protect data at
rest and data in transit and thus improve their security posture.) [published at ComputerWorld]
|
Vulnerability Analysis
Hack-of-the-Week
series takes a recent vulnerability in some popular operating
system or other software and studies it. Realistic exploit scenarios
are developed, and suggested ways of mitigating risks are considered
and new ones proposed [published at SecurityWatch]
Other vulnerability and penetration testing articles
- (05/01/2002) "Standardizing
Penetration Testing" Gives an outlines of popular penetration
testing methodology
(OSSPTMM) and challenges with standartizing penetration testing. [published at SC Magazine web portal]
- (04/22/2003)
"Covert Channels" A modern review of network covert channeling methods
which compares them with classic "Rainbow Series" covert channles on
secure operating systems [submitted for publication]
|
Security Basics and FAQs
Information Security FAQs
|
Other IT issues (non-security)
|
Digital risks
- (09/2001) "Digital
risks taxonomy" A diagram that structures digital risks (such as
hacking,
Do, etc) in the form useful for impact assessment for the purposes of
insurance [local
copy]
- (09/2001) "Impacts of digital risks on enterprise" [under development]
- (12/05/2001)
"Infrastructure Protection: Infosec Perspective" The paper covers
issues in critical infrastructure protection and information security,
lists several focus areas that need efforts and summarizes the results
of recent meeting in New England on infrastructure protection. [published at
SC Magazine web portal]
- (11/11/2001)
"Protecting New England: A Call to Action" The paper summarizes the
results of joint meeting on critical infrastructure protection in New
England and infosecurity community role in increasing information
sharing [published at ISSA
web site in PDF format]
|