Bestselling security author and expert urges the technology community to “pay it forward” to help fellow veterans and service members
SAN ANTONIO, May 4, 2011 — Shon Harris, security expert and author of the bestselling CISSP All-in-One Exam Guide, is offering her training courses and study materials free of charge to military members who are deployed in war zones and cannot afford the cost of classes offered by her company, Logical Security. The broad roster of classes includes her premiere CISSP certification training, along with a variety of other IT certifications. Harris hopes that others in the technology community will join her to create a “pay it forward” movement to thank U.S. servicemen and women for their service.
Harris, who served in the U.S. Air Force and comes from a military family, understands the sacrifice servicemen and women make for our country. Harris’ father retired from the Army after several tours to Vietnam, her husband recently retired from the Air Force after serving 23 years and serving a tour in Iraq, and her grandfather served the U.S. as part of the Air Corps in World War II.
“It does not matter if I believe in our current wars or not; I DO believe in the people who are doing this work and fighting in these wars. My frustration and concern is that these wars and the soldiers fighting them have been pushed out of our country’s consciousness by the current state of our country’s economy and other unrest in various parts of the Middle East. What many people don’t realize is that military people are ALWAYS going through difficult economic times. No one gets rich serving our country,” Harris says.
Harris has published a number of information security books, including the bestselling CISSP All-in-One Guide, which is now in its fifth edition. She is also the president of Logical Security, a training and consultancy firm, which is known for its premiere CISSP training. “I have worked hard in my life but have been very fortunate, and I am finally in a position to give back. I want to ‘pay it forward’ to the men and women who make our way of life possible,” says Harris.
Harris is offering free seats in her open classes and study materials to anyone who is serving in Iraq or Afghanistan and cannot afford the training they need. Harris encourages these servicemen and women to contact her directly at info@logicalsecurity.com.
Harris’ course offerings include a five-day Logical Security CISSPÒ course, which is praised by industry professionals for its quality and robustness. The course goes beyond preparing students for the exam, by arming students with the knowledge to practice the security concepts, principles and methodologies expected of a security professional.
Harris invites other technology companies to follow suit and “pay it forward” in their own way. “Servicemen and women take their responsibility of protecting our country seriously and we should take our responsibility to them seriously,” says Harris. “If you are in a position to help, do it without hesitation. No matter who we are, someone has helped us get where we are today and we should hold ourselves responsible to do the same for others. Let’s “pay it forward” for our troops and show them that we care.”
Related Links
Complete Logical Security Course Listing
http://www.logicalsecurity.com/education/education_overview.html
Schedule of Logical Security’s open classes
http://www.logicalsecurity.com/education/education_courses_cissp.html
Download complete chapters from Harris’ books
http://www.logicalsecurity.com/resources/resources_bookchapters.html
About Shon Harris and Logical Security
Shon Harris, CISSP, is a former Air Force Information Warfare unit member. She is a consultant and has written or contributed to over ten information security books. Harris founded Logical Security in 2003 and as president has guided the company to become a leader in certification education and security consulting. Logical Security’s training programs include on-site and online classes, self-study and computer-based materials for students and companies preparing for certification exams, performing security audits on IT infrastructure and complying with security regulations. The company’s areas of expertise are broad, with specialties in CISSP certification, Microsoft exams, .NET development, career refreshers for security pros and other IT certifications. Logical Security is headquartered in San Antonio, Texas.
For years IT organizations have focused on securing the computer network. Technologies such as firewalls and network access control (NAC) are designed to keep malware and unauthorized traffic from coming in. That makes sense from an operational integrity standpoint. Viruses, worms, spam, phishing attacks, etc. can bring a network to a standstill. But, while the focus has been on keeping bad traffic out, data packets have moved freely – for the most part – through and beyond the private network. After all, that’s what the network is for. It plays a supporting role to the star of the show: your data. Without data, there’s little need for a network. But therein lies the rub! Even as organizations block traffic and prevent infected or noncompliant endpoints from connecting to the network, they allow confidential, sensitive and proprietary information to flow between departments, between LAN segments, between private networks and across the Internet.
Increasingly, companies are recognizing the vulnerability this creates and the need to secure not just the network but also the data that is stored and transmitted across it. That is where data loss prevention comes in. Data loss prevention (DLP) refers to a category of information security products that aim to prevent the unauthorized distribution or loss of sensitive information. It is a complex set of technologies designed to identify confidential information, monitor the network for the transmission of this information and enforce policies accordingly. DLP solutions typically have three components: one at the endpoint where it monitors and controls activities, one at the network where it filters data streams and a component in storage devices to protect data at rest.
The Need for Data Loss Prevention
It used to be there was only one way to steal a company’s valuable assets – through the door. Not so today. Many businesses live and die based on the information they possess, be it customer data, trade secrets or other intellectual property. And that information can leave an organization any number of ways. Perhaps the most high profile means of data loss of late is through the theft or loss of mobile data-bearing devices, such as laptops, thumb drives and smartphones. The storage capacity on these types of devices continues to grow, and companies are eager to enable their users to work anytime anywhere. This means an increasing dependence on mobile devices. Sales teams have access to Web-based CRM applications. Executives email sensitive documents while on the road. While the functionality enables a more productive workforce, it also increases the vulnerability of the company’s data. Smartphones and laptops areleft in taxis,at airport checkpoints, at conferences and hotel rooms – where they can be easily picked up by the next passerby. In fact, according to Ponemon Institute’s Business Risk of a Lost Laptop study,the most vulnerable time to lose a laptop is during travel. But these devices are vulnerable wherever they are used. Laptops have been stolen from office buildings, and even end users’ homes and vehicles. For example, in January 2008 a laptop was taken from a Horizon Blue Cross Blue Shield employee in Newark, New Jersey. The laptop, which was being taken to the employee’s home, held more than 300,000 member names, Social Security numbers and other personal information.
Mobile data-bearing devices are a weak point in your company’s data security, but an even larger threat to data loss is email. In its seventh annual study of outbound email and data loss prevention issues, Proofpoint Inc. found that email is the number one source of data loss risks in large enterprises. According to the study, 35% of respondents investigated a leak of confidential or proprietary information via email in the previous 12 months. Consider how many of your end users use email and have access to sensitive information. Even authorized users sending sensitive information to legitimate recipients put your data at risk if said data is transmitted in clear text. Then there’s the possibility that data is sent to the wrong recipient or perhaps the sender or recipient shouldn’t have access to the data at all. On Sept. 2, 2010 medical technology provider Kinetic Concepts Inc. announced that an attachment with sensitive employee information was accidentally emailed to company employees*. With a simple click of a mouse unauthorized recipients had access to their colleagues’ Social Security numbers, addresses, dates of birth and salary information. Imagine the mess that created for HR!
And that brings us to another looming threat – the insider. Data can be lost by end users via accidental disclosure. These are folks who have access to sensitive information but don’t know how to use it safely. Again, perhaps they are emailing confidential documents to an appropriate recipient but are not encrypting them. Then there are users who intentionally disclose sensitive and confidential information to “get back” at their employer. In February 2010, ITPro.co.uk reported that a database containing contact information of 170,000 Royal Dutch Shell workers was emailed to organizations campaigning against the oil giant. The database is “thought to have been sent by a disaffected former employee of the company,” according to the report. That’s just the tip of the iceberg. According to the Privacy Rights Clearinghouse, 77 data breach incidents resulting from intentional disclosure by insiders were made public from January through October, 2010. Those 77 breaches exposed 1,268,807 records.
Malware and Web applications also pose a risk to corporate data. Users can download myriad Web apps to their smartphones that use or store data from the phone. For example, software marketed to catch cheating partners can be downloaded onto an unsuspecting user’s phone. The software then records all communications and stores the information on a server where it can be accessed by a third party. Other Web apps aren’t as seemingly malicious. They may enable smartphone users to send and receive virtual business cards or record telephone conversations for later playback. But these applications potentially expose sensitive and confidential information to third parties, especially if it is stored on the Web app providers’ (unsecure) servers.
Malware writers have also come to realize that there is money to be made in possessing sensitive data. Hackers create viruses, spyware and the like to steal data that can later be used to commit identity theft or blackmail, or be resold. Case in point: The United States’ fourth largest credit card payments processing company fell victim to a malware attack in 2008. Heartland Payment Systems’ system became infected with malware that allowed attackers to collect unencrypted payment card data in transit. This went on for several months.
Full articles includes information on following things:
- The Cost of a Data Breach
- Symantec DLP Solutions
- Discover Where Confidential Data is Stored
- Monitor How Confidential Data is Being Used
- Protect and Prevent Confidential Data Loss
- Manage and Enforce Unified Data Security Policies
- Data Loss Prevention Best Practices
For full article visit Logical Security Resources
Other Information:
Zeus, or Zbot, is a software toolkit that enables malware coders to build hard-to-detect Trojan horses, ones typically employed against the bank accounts of unsuspecting owners. (A Trojan horse is malicious software, secretly embedded in a system or application, that is “turned on” at a time of the attacker’s choosing.) Launched from behind command and control servers, Zeus is known by various names— Zeus, Zbot, Wsnpoem, PRG, Kneber, and Gorhax.
Since 2007, illicit organizations have employed Zeus to launch damaging, highly publicized attacks targeting the login credentials and other personal data associated with millions of computers, thousands of organizations, and uncounted numbers of users and their accounts. Relatively small groups of sophisticated criminal bands based in various nations–particularly in Eastern European countries such as Russia and Ukraine–have stolen tens of millions of dollars. Computers in 196 countries have been subject to attack. The countries most affected include the U.S., U.K., Saudi Arabia, Egypt, and Turkey.
In a typical scenario, malicious developers generate malware. The malicious code can be purchased on the cyber underground. Black-hat hackers who are part of criminal organizations break into and compromise computers. On the machines, they insert a Trojan which, when activated, pilfers the credentials of targeted persons, and penetrates the targets’ bank accounts. Meantime the thieves’ command and control server collects this sensitive data. The targets can be banks, ATM machines, credit card companies, social networking sites, telecommunication and other firms, and private individuals.
The hackers then transfer funds from these accounts to “mules.” Networks of mules consist of developers, non-technical individuals, and other illicit organizations. Often, they are foreigners who acquire fake passports and other identification in order to enter the country whose individuals and corporations are the targets of the attack. After opening bank accounts, they “launder” the funds in the accounts to prevent tracking of the stolen funds. In addition, they transfer the funds to the organizers of the illicit scheme, in return for a percentage of the moneys procured.
For full article visit Logical Security Resources
Other Information:
Smartphones are infiltrating businesses of all sizes. Decreasing price points and increasing functionality puts enterprise-class capabilities in the palm of every Tom, Dick and Harry who connects to the corporate network. No big deal, right? Blackberrys, iPhones and Androids – among many others – enable your users to work more efficiently. But, like every other piece of technology, smartphones come with a price to your organization. That price is in the form of risk. Let’s look at some of the ways smartphones introduce risk to your environment, and then look at some of the best practices for managing that risk.
Data Loss
Perhaps the most significant risk posed by smartphones is that of data loss. There are a number of ways data can be lost or stolen from smartphones. Most obvious is the loss or theft of the device itself. These small handheld devices can be easily forgotten in public places or picked up by casual passersby. Many users either don’t password protect their phone because of the inconvenience it poses or, if they do, use a simple four-character password that can easily be cracked. So all of the data – be it sensitive company data or personal data – is accessible by an unauthorized user.
There are also occasions upon which users have legitimate possession of another’s smartphone, but have no business accessing the data on it. For example, it is not unusual for a user to give an old phone to a friend who has lost their own or to donate an outdated phone to a charity. Data can also be exposed if a smartphone is resold or sent in to the manufacturer for repair.
But physical possession is not required to steal data off of a smartphone. Mobile applications can access the data on your users’ smartphones and, in some cases, even store that information on third-party servers. For example, applications marketed as tools to catch cheating partners and protect children can be downloaded to an unsuspecting users’ smartphone. The application captures emails, texts, browsing history and telephone calls, and stores that information on a server where it can be retrieved by an unauthorized individual. If any of those communications include corporate data then it too is saved and accessed by a third-party.
All of these scenarios put companies at risk of being noncompliant with laws and regulations around data privacy. If a user loses a smartphone storing unprotected corporate data or your data is stored on an unauthorized third-party server, your company is liable and can face fines.
Common vulnerabilities
Contrary to popular belief, smartphones are no better protected against denial-of-service attacks or malware infections than an unprotected PC. In fact, the applications that run on smartphones are subject to all of the same vulnerabilities. Consider Web applications, which have been used to spread malware, spyware, phishing attempts, etc., via PCs. Users are downloading similar applications to their smartphones, the difference being that smartphones typically do not have antivirus protection, so these infected files can propagate onto an IP network.
The smartphone’s small form factor further facilitates propagation of malware. It’s more difficult to identify risk web sites and suspicious emails and links on pared down sites built specifically for a small screen. Plus, users tend to be more trusting of the data they receive on their smartphones because the devices represent a more intimate communications channel. Thus, they are more likely to click on potentially dangerous links.
For full article with Ten Smartphone Security Best Practices please visit Smartphone Security Article at Logical Security.
Other Information:
The online predator, Joel Garcia, finally got what he deserved. The 29-year-old Texan had been communicating online for some time with a 12-year-old. He’s sent the child a number of pornographic images. In other postings he discussed having sex with the child. Finally, he and the child agree to meet to have sex.
When Garcia arrived at the agreed-on place, however, he was met by FBI agents and Corpus Christi police. One official had masqueraded online as the child. In Garcia’s car, investigators found 14 child sex videos, and hundreds of photographs of child pornography. The arrested man was later sentenced to 14 years without parole.
The Internet is a great boon for learning, including children. Yet children, due to their age and trusting nature, are at particular risk to the dangers of the Internet. The Web Wide Web poses a great many and growing risks to children.
Online predators trawl the Web seeking to involve youngsters inappropriate and illegal sexual relationships. The Internet allows sexual deviants to more easily gain access to information about youths they may be targeting. Such information can include a youth’s email address, web site, birth date and age, photos, family data, other friends, hobbies, and individual likes and dislikes. Based on such information, predators can begin to befriend impressionable youths, perhaps gaining their trust over a long period of time, perhaps through enticements such as the provision of free software games. At the same time, predators can maintain relative anonymity about themselves, or readily post false or misleading information. Once friendship is gained, predators may seek to physically meet their targets, sometimes by sending them money, tickets, or other means to travel to a rendezvous.
Common “hunting grounds” for predators include email, blogs, and social networking sites such as Facebook and MySpace. Another is online chat rooms, which by their nature promote anonymity on the one hand and encourage children eager to converse and make friends to let down their defenses. By their very nature, children are vulnerable to predators. Emotionally immature, they crave attention. They have a natural curiosity, especially about topics that their parents may have declared off limits. They are accustomed to obeying the requests of adults, and are unlikely to doubt such requests are illegitimate.
The Internet is awash with pornography sites, including children’s porn sites. Predators may seek to photograph or film children and young adults for use by such sites. To gain material for such sites, or for their own illicit purposes, predators may “cyberstalk” children, constantly harassing them, or attempting to gain their trust in online “friendships” leading to destructive real-life encounters.
A great many free online resources are available for parents, children, and other concerned individualson how to safely and effectively use Internet tools and devices.
14-year-old Phil loved his parents’ new laptop, and the Internet, and spent hours on the Web playing games and conversing with friends on Facebook. One week, however, Phil began receiving disturbing messages. A “friend” from middle school posted messages on Phil’s Facebook “wall” using offensive language and made-up slurs. An adult stranger commented weirdly about Phil’s Facebook photos, while requesting Phil’s personal email. Phil was bothered by the messages, and told his mother about it.
Phil’s mom was herself, for her job as a marketing manager, a practiced user of social networking sites. She got on Facebook with her son, and showed him how to tighten up the security and privacy of his account. Together they changed his privacy settings to allow access to his photos and profile only to certain actual friends and relatives. They blocked messages from the adult stranger. And Phil’s mother stressed to him that he should in the future only accept messages and friend requests from persons and organizations he knew and trusted.
One site full of information about the risks the Internet can pose to children, and how to mitigate those risks, is Web Wise Kids, located at: http://www.webwisekids.org/
Web Wise Kids, sponsored in part by the Department of Justice, is a 501(c)3 non-profit organization that offers informative and easy-to-understand programs for both children and adults on matters such as online predators and stalking, safe blogging and cell phone use, and computer fraud and piracy.
Programs include interactive games where children and teens play detective to “turn the tables” on Internet predators, by investigating and collecting evidence about their illicit use of spyware and counterfeit software. For parents, instructors, and law enforcement personnel, the Wired with Wisdom program is a user-accessible, online game that explores topics such as chat rooms, personal web sites, and email and social networking.
The federal government provides a number of such resources, in particular free publications from theFederal Trade Commission (FTC). The FTC publications include:
Net Cetera: Chatting with Kids about Being Online
Helps parents protect their kids and to talk to them about living their lives online. Topics covered include: parental controls, protecting the family computer, sexting, social networking sites, and increasing the safety of mobile phones. 56 pages.
Social Networking Sites: A Parent’s Guide
Urges parents and kids to talk about the risks involved in using social networking sites. Offers tips for using such sites safely. Helps parents with issues like: keeping information private, how their kids get online, avoiding sex sites, reviewing your children’s friends list, computer privacy settings.
Social Networking Sites: Safety Tips for Tweens and Teens
Deals with such issues as: limiting the posting of personal information such as photographs, street address, and credit card data, being wary of meeting online “friends,” how posted information stays online “forever”.4 pages.
For full article with 7 Practices for Safer Computing please visit Logical Security Resources
Other Information:
October 10, 2010
Interview with Shon Harris
Shon Harris discusses some of the upcoming threats companies face in information security today and what she and her company, Logical Security, is doing to help in these efforts. Here is the interview with Shon Harris, Owner and President of Logical Security.
- 1. Please provide us with some background information on your organization and your industry.
I work in the information security industry, which has critical impacts on businesses, organizations and nations. Our society only increases its dependence upon technology, and properly securing it can come down to the life or death of an organization.
The information security industry is relatively new compared to other industries as in financial, medical, and telecommunications. The industry is currently going through many different ‘growth pains’ as it moves from a chaotic and infant entity to a more mature and disciplined space. I and my company have been seen as visionaries in helping some of the largest corporations and government agencies secure their most precious assets against the largest threats they face today.
Logical Security is going into its 8th year of existence, while I have been in the industry for 15 years. My company specializes in risk management consulting services and training. We build enterprise-wide risk management programs that not only allow our customers to identify their vulnerabilities and stop their adversaries, but correlate and integrate information security issues into their overall business decisions and vision.
- 2. What are some of the primary challenges your industry faces?
The threat landscape that companies face today is not the same that they had to deal with even five years ago. Today’s threats are not the lone hackers but organized, trained, and funded groups that are backed by organized crime rings or nation states.
Attackers are no longer interested in spreading benign viruses, but have very focused goals of obtaining an organization’s most sensitive data as in social security numbers, credit card information, medical data, and privacy and financial information. The attackers are using our technology against us and we are constantly being outsmarted.
Companies and government agencies are finding it difficult to keep up with a threat that can morph and adapt at the rate of speed that is currently taking place. Anti-virus products capture around 23% of the malware that is on our systems, meaning that most systems are infected and being used by an underground criminal without our knowledge.
Organizations have a false sense of security because they have anti-virus, firewalls, intrusion detection, intrusion prevention and other technologies in place. While these are necessary defenses, the enemy is circumventing them and covertly embedding themselves into the technology and devices we use day in and day out.
To view the entire Article, click here.
Other Information:
Data security breaches are a concern for every organization that holds sensitive data. Until now, studies released have covered data that either must be kept confidential, or that contain a small number of breaches for analysis. ”The Leaking Vault – Five Years of Data Breaches” analyzes over 2,800 data loss incidents from publicly accessible sources, with a known disclosure of 271.9 million records. This study—the largest of its kind to date—provides analysis on which breach vectors carry the most risk, and should help provide organizations with more accurate information when combating this problem.
To assist organizations and current and future members of this workforce, the Department of Homeland Security National Cyber Security Division (DHS-NCSD) worked with experts from academia, government, and the private sector to develop a high-level framework that establishes a national baseline representing the essential knowledge and skills IT security practitioners should possess to perform.
DHS-NCSD developed the IT Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development as an umbrella document that links competencies and functional perspectives to IT security roles fulfilled by personnel in the public and private sectors.
Other Information:
September 29, 2010
Is There Really Someone Out to Get You?
Many times hackers are just scanning systems looking for a vulnerable running service or sending out malicious links in emails to unsuspecting victims. They are just looking for any way to get into any network. This would be the shotgun approach to network attacks. Another, more dangerous attacker has you in his crosshairs and he is determined to identify your weakest point and do with you what he will.
As an analogy, the thief that goes around rattling door knobs to find one that is not locked is not half as dangerous as the one who will watch you day in and day out to learn your activity patterns, where you work, what type of car you drive, find out who your family is, and patiently wait for your most vulnerable moment to ensure a successful and devastating attack.
In the computing world, we call this second type of attacker an advanced persistent threat (APT). This is a military term that has been around for ages, but since the digital world is becoming more of a battleground – this term is more relevant each and every day.
How APTs differ from the regular old vanilla attacker is that it is commonly a group of attackers, not just one hacker, who combines its knowledge and abilities to carry out whatever exploit that will get them into the environment they are seeking. The APT is very focused and motivated to aggressively and successfully penetrate a network with variously different attack methods and then clandestinely hide its presence while achieving a well-developed, multi-level foothold in the environment. The ‘advanced’ aspect of this term pertains to the expansive knowledge, capabilities, and skill base of the APT. The persistent component has to do with the fact that the attacker is not in a hurry to launch and attack quickly, but will wait for the most beneficial moment and attack vector to ensure that its activities go unnoticed. This is what we refer to as a “low-and-slow” attack. This type of attack is coordinated by human involvement, rather than just a virus type of threat that goes through automated steps to inject its payload. The APT has specific objectives and goals and is commonly highly organized and well-funded – which makes it the biggest threat of all.
A virus is not an APT, a worm is not an APT, a bot is not an APT. An APT is commonly custom developed malicious code that is built specifically for its target, has multiple ways of hiding itself once it infiltrates the environment, may be able to polymorph itself in replication capabilities, and has several different ‘anchors’ so eradicating it is difficult if it is discovered. Once the code is installed, it commonly sets up a covert back channel (as regular bots do) so that it can be remotely controlled by the attacker himself. The remote control functionality allows the attacker to transverse the network with the goal of gaining continuous access to critical assets.
APT infiltrations are usually very hard to detect with host-based solutions because the attacker puts the code through a barrage of tests against the most up-to-date detection applications on the market. A common way to detect these types of threats is through network traffic changes. When there is a new
IRC connection from a host that is a good indication that the system has a bot communicating to its command center. Since there are several technologies that are used in environments today to detect just type of traffic, the APT may have multiple control centers to communicate with so that if one connection get detected and removed – it still has an active channel to use. The APT may implement some type of VPN connection so that its data that is in transmission cannot be inspected.
The ways of getting into a network are basically endless (exploit a web service, email links and attachments to users, gain access through remote maintenance accounts, exploiting os and application vulnerabilities, compromise connections from home users, etc.) Each of these vulnerabilities has their own fixes (patches, proper configuration, awareness, proper credential practices, encryption, etc.). It is not only these fixes that need to be put in place, we need to move to a more effective situational awareness model. We need to have better capabilities of what is happening throughout our network in near to real time so that our defenses can react quickly and precisely.
Our battlefield landscape is changing from ‘smash-and-grab’ attacks to ‘slow-and-determined’ attacks. Just like military offensive practices evolve and morph as the target does the same, so must we as an industry.
Other Information:
SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. SIEM solutions come as software, appliances, or managed services and enable companies to respond to attacks faster, log security data and generate compliance reports. In spite of the economic downturn, the Security Information and Event Management marketplace is growing rapidly. There are several factors driving the rise of the SIEM market: it is ideal for reporting and compliance, exposes internal and external threats, improves operational efficiencies while cutting administrative expenses, and the technology’s flexibility allows it to be used as a managed service.
EMC, IBM, Novell, Cisco, CheckPoint, Symantec, CA, Attachmate, Q1Labs, eIQ Networks, SenSage and others all have SIEM products. Because of the technology’s relatively new emergence in the marketplace, there are few publications that address more than one vendor’s product. SIEM Implementation shows how to implement multiple products, and also discusses the strengths, weaknesses, and advanced tuning of these various systems. SIEM Implementation covers the gamut of topics a network administrator or security professional needs – from basic concepts and components to high-level configuration, analysis, interpretation and response. It aids in the performance of risk analysis, threat detection, threat analysis and threat response for IT systems and businesses of every size.
Written by security and compliance experts and speakers, Security Information and Event Management Implementation shows IT professionals how to effectively implement SIEM in order to efficiently analyze and report data, respond effectively to inside and outside threats, and follow compliance regulations. This book also shows the separate pieces that make up a complete and cohesive SIEM. These pieces are what most small and medium size businesses are forced to implement, due to the relatively high cost to acquire, implement, maintain and reap benefits from the full scale SIEM systems. This teaches the IT professional how to implement a more integrated collection of discrete SIEM pieces, approaching similar utility of a full featured SIEM tool. Further, SIEM Implementation shows readers how to use the SIEM tool to develop business intelligence, beyond the realm of being just a fancy security tool.
SIEM Implementation is a valuable addition to our security plan for 2010.
Key Selling Features
- Includes a Smartbook – a knowledge base of business use cases: real world examples of business needs that can be satisfied by using a finely tuned SIEM system.
- Covers the top SIEM products/vendors: ArcSight, Q1 QRadar, and Cisco MARS
- Authors are security, SIEM, and compliance experts who speak globally around the world, are famous published authors, and have close ties with the government and multiple corporate vendors.
- Foreword by Shon Harris
- Includes product feature summaries, and analysis and trending examples
- Covers regulatory compliance issues
- Provides Incident Response solutions
Market / Audience
- Targeted at IT/security professionals and compliance professionals
- Fueled originally by stealthy threats such as worms and more recently by compliance, the SIEM market is projected to grow from about $380 million last year to $873 million in 2010, according to research firm IDC.
- RSA Security, the security division of EMC, estimates that the SIEM market is expanding at a rate of between 25 percent and 35 percent annually.
Author Profiles
David R. Miller (SME, MCT, MCITPro Windows Server 2008 Enterprise Administrator, MCSE Windows NT 4.0, 2000, and Server 2003:Security, CISSP, LPT, ECSA, CEH, CWNA, CCNA, CNE, Security+, A+, N+). David is an IT security consultant specializing in information systems security, compliance and network engineering. He is a lecturer, an author and technical editor of books, curriculum, certification exams and computer based training videos. He regularly performs as a Microsoft Subject Matter Expert (SME) on product lines including Microsoft Server 2008, Microsoft Exchange Server 2007 and Microsoft Windows Vista.
Shon Harris, CISSP, is the CEO of Logical Security, a computer security consultant, a former engineer in the Air Force’s Information Warfare unit, an instructor and an author. She has authored three best selling CISSP books, is a contributing author to the book Gray Hat Hacking, and developed a full digital information security product series for Pearson publishing. Shon was recognized as one of the top 25 women in the Information Security field by Information Security Magazine.
Allen Harper, CISSP, is founder and president of N2NetSecurity, Inc., a consulting company specializing in advanced security and vulnerability analysis, penetration testing, SIEM implementation, and compliance. He served as a security engineer in the U.S. Department of Defense, and is a coauthor of Gray Hat Hacking.
Stephen VanDyke, CISSP, BCCPA, BCCPP, MCSA, Security+, Network+, was a founding member of the U.S. Army Reserve global network Computer Emergency Response Team and helped design and deploy its NetForensics SIEM. He implemented high end, multi-tiered security systems for the Multi-National Force – Iraq (MNFI) network.
Chris Blask, Vice President of Marketing at AlienVault, is on the faculty at the Institute for Applied Network Security, Co-founded Protego Networks (now Cisco MARS) and founded Critical Infrastructure Cybersecurity company Lofty Perch. Chris invented the BorderWare Firewall Server in the early days of the Internet Security market and built the Cisco Systems firewall business.
Other Information: