The Effects of Computer Crimes on the Management of Disaster Recovery (2018)

The effects of a technology disaster on an organization can include a prolonged disruption, loss of reputation, monetary damages, and the inability to remain in business. Although much is known about disaster recovery and business continuance, not much research has been produced on how businesses can leverage other technology frameworks to assist information technology disaster recovery. The problem was the lack of organizational knowledge to recover from computer crime interruptions given the maturity level of existing disaster recovery programs. The purpose of this Delphi study was to understand how disaster recovery controls and processes can be modified to improve response to a computer crime caused business interruption. The overarching research question in this study was to understand what factors emerge relative to the ability of disaster recovery programs to respond to disasters caused by computer crimes. The conceptual framework included a maturity model to look at how programs might be improved to respond to the computer crimes threat. Research data were collected from a 3 round Delphi study of 22 disaster recovery experts in the fields of disaster recovery and information security. Results from the Delphi encompass a consensus by the panel. Key findings included the need for planning for cybersecurity, aligning disaster recovery with cybersecurity, providing cybersecurity training for managers and staff, and applying lessons learned from experience. Implications for positive social change include the ability for organizations to return to an acceptable level of operation and continue their service benefiting employees, customers, and other stakeholders.

https://scholarworks.waldenu.edu/dissertations/5252/

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk? (2013)

Many organizations have deployed Snort sensors at their ingress points. Some may have deployed them between segmented internal networks. Others may have IDS sensors littered throughout the organization. Regardless of how the sensor is placed the IDS can provide a significant view into traffic crossing the network. With this data already being generated, how many organizations create metrics for further analysis? What metrics are valuable to security teams and how are they used? What insights can one gain by good metrics and how can that be used to reduce risk to the organization? The paper will cover current technologies and techniques that can be used to create valuable metrics to aide security teams into making informed decisions.

https://www.sans.org/reading-room/whitepapers/detection/build-leverage-snort-ids-metrics-reduce-risk-34350

Forensic Analysis of iOS Devices(2012)

With a “bring your own device” (BOYD) movement, smartphones and tablets have exploded onto the corporate environment and show no sign of receding. This “consumerization” of endpoints means users will be performing work on devices other than the traditional organizational desktop or laptop running windows. Since smartphones and tablets are outfitted with more hardware than ever before they are being used to surf the internet, transfer data and to communicate with corporate mail servers. A large section of these BOYD devices are running Apple’s iOS and the ability to perform accurate and clear forensics on these devices will be valuable to an organization. This paper will cover the forensically sound methods that can be performed on an iOS device.

https://www.sans.org/reading-room/whitepapers/forensics/forensic-analysis-ios-devices-34092

Meeting Compliance Efforts with the Mother of All Control Lists (MOACL) (2010)

With the multitude of different compliance efforts an organization could be subjected to, it is not uncommon to hear confusion on what may or may not apply. What compliance regulations does the organization fall under? What must the organization do to meet a specific compliance effort and not conflict with a separate one? How can the organization know it is meeting required compliance controls? Can anything be done to reduce the amount of work needed to meet these objectives? The answers lay in the details of the many controls of each of these efforts and the ability of technology practitioners to find commonalities that will ease redundant testing. By reviewing each of the compliance frameworks, technologists can define a set of generic controls such that when a control is met for one objective it can meet additional objectives in other compliance frameworks. The creation of the Mother of all Control Lists (MOACL) will be a one-to-many relationship between a general control and varying compliance controls.

https://www.sans.org/reading-room/whitepapers/compliance/meeting-compliance-efforts-mother-control-lists-moacl-33299

Simple Windows Batch Scripting for Intrusion Discovery (2009)

A universal saying in the security world is that there is no completely secure system. With that realization, security practitioners should have a reoccurring procedure in place to determine if their information systems are being compromised by unauthorized individuals. This paper will discuss a procedure that utilizes common tools in conjunction with automated batch scripting to
identify successful intrusions into a Microsoft Windows environment.

https://www.sans.org/reading-room/whitepapers/incident/simple-windows-batch-scripting-intrusion-discovery-33193

Is Virtual Desktop Infrastructure (VDI) Right for Me?(2009)

Virtual Desktop Infrastructure (VDI) is a solution for server-hosted, virtual desktop computing that leverages thin client architecture and centralizes endpoint images as virtual machines. Although VDI presents numerous and substantial benefits, is it the panacea for all types of environments? Is this technology mature enough to deliver what is virtually promising? The focus of our research is to help companies that plan to evaluate this new technology for deployment. We hope you will find it useful!

https://www.sans.edu/cyber-research/white-papers