Tom Olzak is a security researcher for the InfoSec Institute and an IT professional with over 27 years of experience in programming, network engineering and security. He has an MBA as well as CISSP and MCSE certifications. He is currently an online instructor for the University of Phoenix.
The number of annual security incidents caused by insider threats is increasing. In The CERT Guide to Insider Threats, Capelli et al write, “Insider threats
No information security guide is complete without a chapter about securing physical access to information resources. After all, physical access gives even the moderately skilled
Passwords are not secure and are useless as an access control… at least that is what many vendors and security consultants try to tell managers
Access controls help us restrict whom and what accesses our information resources, and they possess four general functions: identity verification, authentication, authorization, and accountability. These
Virtualization brings significant value to business managers and engineers attempting to keep pace with business pressure for additional servers. It enables maximum use of hardware
Remote access is no longer just about a laptop or home desktop user connecting to catch up on some work or update customer and order
Traditional boot processes cannot stop sophisticated attacks instantiated before operating system load. Consequently, we need a method to ensure that when the operating system (OS)
After its human resources, information is an organization’s most important asset. As we have seen in previous chapters, security and risk management is data centric.
This is Chapter 6 in Tom Olzak‘s book, “Enterprise Security: A practitioner’s guide.” Chapter 5 is available here: VLAN Network Segmentation and Security- Chapter 5
This is Chapter 5 in Tom Olzak‘s book, “Enterprise Security: A practitioner’s guide.” Chapter 4 is available here:Attack Surface Reduction – Chapter 4 Chapter 3
This is Chapter 4 in Tom Olzak‘s book, “Enterprise Security: A practitioner’s guide.” Chapter 3 is available here: Building the Foundation: Architecture Design – Chapter 3
In this chapter, we define the various types of enterprise architectures, how to integrate them into strategic and tactical business objectives, and how to build
Managing security is managing risk. As explained in Chapter 1, Security ensures the confidentiality, integrity, and availability of information assets through the reasonable and appropriate
Chapter 1Security: A working definition Managing Risk Probability of Occurrence Business Impact Threat Sources Human Threats Geographic Threats Natural Threats Technical Threats Security as a
Table of Contents Trusted Computing Boot Path Security Challenges Boot Path Attack Surface The Trusted Memory Module (TPM) TPM Architecture and Functionality TPM Concepts and
Incident management (IM) is a necessary part of a security program. When effective, it mitigates business impact, identifies weaknesses in controls, and helps fine-tune response
Virtualization brings significant value to business managers and engineers attempting to keep pace with business pressure for additional servers. It enables maximum use of hardware
