Tag Archives: GIAC Gold

GSEC Gold Paper Accepted: Securely Integrating iOS Devices into the Business Environment

This past weekend, I was put on notice that my GSEC Gold paper was accepted and published by SANS. Here is the abstract:

“Driven primarily by the end user, iOS devices continue to inundate businesses at an ever-increasing rate.  Because these devices are housing sensitive organizational data, it is imperative that it is understood what risks to the organization are involved in allowing users to utilize these devices for business.  Ascertaining what the risks are, and what the compensating controls would be, should be a critical component of any business risk assessment. The security features of the device itself, how applications are utilized on the device, and the actual usage of the device needs to be evaluated. Beyond the aforementioned areas, a major consideration that needs to be taken into account is whether the device is personally owned or business owned, as well as how it is managed, as these will be the primary factors by which controls are evaluated to manage the incurred risk.  Finally, users need to be made aware of the risks, and trained in what their responsibility is to reduce the risk to an acceptable level.”

Here is a link to the paper.

-Josh

Tagged , , ,

GCIH Gold Paper Accepted

As I alluded to in a past post, I have been working on my GCIH Gold paper for the past 6 months.  Well, I submitted it last month, and just found out that it has been accepted/passed!  This means that I now have my GCIH Gold certification.  I will be working on my GSEC Gold certification next.

As for the paper itself, I decided to do original research on social engineering on social networks–specifically, on the amount of information that people give up on the “harmless” quizzes they take on social networks like Facebook.

Below is the abstract:  (You can find the paper online here)

Social engineering for identity theft has always been around. But now, with the advent of
social networking sites such as Facebook, MySpace, and a host of others, it has become
easier than ever to harvest personal information from unsuspecting targets. This paper
looks into just how much personal information can be gathered by the seeminglyharmless
“What type of personality are you?” quizzes that are so prevalent on social
networking sites. The paper will then look at what the information could be used for, and
how to protect against this particular vector of social engineering.

-Josh

Tagged , , ,