877.791.9571 |

About the Author:

Tom Olzak is a security researcher for the InfoSec Institute and an IT professional with over 27 years of experience in programming, network engineering and security. He has an MBA as well as CISSP and MCSE certifications. He is currently an online instructor for the University of Phoenix.

He has held positions as an IS director, director of infrastructure engineering, director of information security, and programming manager at a variety of manufacturing, health care, and distribution companies. Before joining the private sector, he served 10 years in the United States Army Military Police with four years as a military police investigator.

He has written two books, "Just Enough Security" and "Microsoft Virtualization." He is also the author of various papers on security management and a blogger for CSOonline.com, TechRepublic, Toolbox.com, and Tom Olzak on Security.
insider-threats-sized

Managing insider threats

The number of annual security incidents caused by insider threats is increasing. In The CERT Guide to Insider Threats, Capelli et al write, “Insider threats are an intriguing and […]

Physical-Security-sized

Physical Security: Managing the Intruder

,

No information security guide is complete without a chapter about securing physical access to information resources. After all, physical access gives even the moderately skilled attacker access to the […]

identification system interface

Chapter 12 – Applications of Biometrics

Passwords are not secure and are useless as an access control… at least that is what many vendors and security consultants try to tell managers today. Instead, these purveyors […]

identification system interface

Chapter 11 – Identity Management and Access Controls

Access controls help us restrict whom and what accesses our information resources, and they possess four general functions: identity verification, authentication, authorization, and accountability. These functions work together to […]

jan10_virtsurvey

Chapter 10 – Virtualization Security

Virtualization brings significant value to business managers and engineers attempting to keep pace with business pressure for additional servers. It enables maximum use of hardware resources while introducing an […]

remote12

Chapter 9: Securing Remote Access

,

Remote access is no longer just about a laptop or home desktop user connecting to catch up on some work or update customer and order information. The explosion of […]

ASUS-EFI-01

Chapter 8 – UEFI and the TPM: Building a foundation for platform trust

,

Traditional boot processes cannot stop sophisticated attacks instantiated before operating system load. Consequently, we need a method to ensure that when the operating system (OS) loads and the user […]

sn-cryptography

Chapter 7: The Role of Cryptography in Information Security

,

After its human resources, information is an organization’s most important asset. As we have seen in previous chapters, security and risk management is data centric. All efforts to protect […]

ch6

Chapter 6 – End-user Device Security

This is Chapter 6 in Tom Olzak’s book, “Enterprise Security: A practitioner’s guide.”
Chapter 5 is available here: VLAN Network Segmentation and Security- Chapter 5
Chapter 4 is available here:Attack Surface […]

ozlak5

VLAN Network Segmentation and Security- Chapter 5

This is Chapter 5 in Tom Olzak’s book, “Enterprise Security: A practitioner’s guide.”
Chapter 4 is available here:Attack Surface Reduction – Chapter 4
Chapter 3 is available here: Building the Foundation: […]

olzak4

Attack Surface Reduction – Chapter 4

This is Chapter 4 in Tom Olzak‘s book, “Enterprise Security: A practitioner’s guide.”
Chapter 3 is available here: Building the Foundation: Architecture Design – Chapter 3
Chapter 2 is available here: Risk Management […]

olzak3

Building the Foundation: Architecture Design – Chapter 3

This is Chapter 3 in Tom Olzak’s book, “Enterprise Security: A practitioner’s guide.”
Chapter 2 is available here: Risk Management – Chapter 2
Chapter 1 is available here: Enterprise Security: A […]

risk2

Risk Management – Chapter 2

,

Managing security is managing risk. As explained in Chapter 1,
Security ensures the confidentiality, integrity, and availability of information assets through the reasonable and appropriate application of administrative, technical, and […]

Enterprise Security: A practitioner’s guide – Chapter 1

Chapter 1Security: A working definition

Managing Risk
Probability of OccurrenceBusiness Impact

Threat Sources
Human Threats
Geographic Threats
Natural Threats
Technical Threats

Security as a Business Enabler
Government Regulations
Litigation
Public Perception
Corporate Espionage
Cyber-warfare
Security Objectives
Summary
References
Security is defined in various ways, depending on […]

UEFI and the TPM: Building a foundation for platform trust

Table of Contents

Trusted Computing
Boot Path Security Challenges
Boot Path Attack Surface
The Trusted Memory Module (TPM)
TPM Architecture and Functionality
TPM […]

Five Steps to Incident Management in a Virtualized Environment

,

Incident management (IM) is a necessary part of a security program. When effective, it mitigates business impact, identifies weaknesses in controls, and helps fine-tune response processes. Traditional […]

Microsoft Virtual Server Security: 10 Tips and Settings

Virtualization brings significant value to business managers and engineers attempting to keep pace with business pressure for additional servers. It enables maximum use of hardware resources while introducing an […]