SANS Information Security Reading Roomhttp://www.sans.org/reading-room/Last 25 Computer Security Papers added to the Reading RoomKohanaPHPA Concise Guide to Various Australian Laws Related to Privacy and Cybersecurity Domainshttps://www.sans.org/reading-room/whitepapers/legal/concise-guide-australian-laws-related-privacy-cybersecurity-domains-36072There are many laws in Australia related to privacy and cyber security domains. In this paper, the author intends to collate the current laws related to privacy and cyber security domains so that interested readers could get relevant information specific to Australia in one concise document. Additionally, there are no industry specific acts or regulations like HIPAA, SOX or GLBA. Because of this, some organizations do not know their obligations in relation to these laws. This paper presents research on the current applicable cyber security related laws, Acts and regulations published by the Federal and State Governments, established relationship with other applicable Acts, performed a gap assessment and identified relevant industry frameworks that can be adopted as best practices. For ease of future research, the source of these current artefacts and database are cited for throughout the document. Disclaimer: Contents of this document must not be construed as legal advice. Readers are encouraged to seek legal advice prior to consideration. Mon, 06 Jul 2015 00:00:00 +0000A Framework for Assessing 20 Critical Controls Using ISO 15504 and COBIT 5 Process Assessment Model (PAM)https://www.sans.org/reading-room/whitepapers/auditing/framework-assessing-20-critical-controls-iso-15504-cobit-5-process-assessment-model-36067The 20 critical controls, maintained by the Council on CyberSecurity, present a prioritized road map for organizations to enhance their information security posture. However, an initial review that serves as a "baseline" must first be performed to know the current information security posture and to ascertain the effort required to implement the critical controls. Furthermore, assessments or audits should be performed periodically to gauge the continual improvement in information security as well as to what extent the critical controls have been implemented. This paper presents a unified and repeatable framework that could be used for the initial gap analysis as well as to measure the continual enhancements in implementation of the critical controls. The concepts presented in this paper draw heavily from the contents contained in "ISO/IEC 15504 Information technology - Process assessment" standard and COBIT5 Process Assessment Model (PAM). The information presented in ISO 15504 and COBIT 5 PAM is adapted for the assessment of critical controls. A unified approach in assessing the implementation status of each critical control as well as the sub-controls is presented based on an incremental measuring scale. The other peripheral elements of the assessment such as the details of assessment process (planning, initiation, fieldwork reporting), assessor qualifications, and competency are also detailed out resulting in a comprehensive framework for assessing the 20 critical controls.Mon, 06 Jul 2015 00:00:00 +0000Securing Single Points of Compromise (SPoC)https://www.sans.org/reading-room/whitepapers/bestprac/securing-single-points-compromise-spoc-36062Securing the Single Points of Compromise that provide central services to the institution’s environment is paramount to success when trying to protect the business. (Fisk, 2014) Time Based Security mandates protection (erecting and ensuring effective controls) that last longer than the time to detect and react to a compromise. When enterprise protections fail, providing additional layered controls for these central services provides more time to detect and react. While guidance is readily available for securing the individual critical asset, protecting these assets as a group is not often discussed. Using best business practices to protect these resources as individual assets while leveraging holistic defenses for the group increases the opportunity to maximize protection time, allowing detection and reaction time for the SPoCs that is commensurate with the inherent risk of these centralized services Tue, 30 Jun 2015 00:00:00 +0000Tactical Data Diodes in Industrial Automation and Control Systemshttps://www.sans.org/reading-room/whitepapers/firewalls/tactical-data-diodes-industrial-automation-control-systems-36057In recent years, there has been an increased interest in the use of Data Diodes (also known as unidirectional gateways) within Industrial Automation and Control System (IACS) networks. As a result, there has been a substantial amount of confusion around where and how best to use this effective barrier technology. Although not a direct replacement for Firewalls, Data Diodes are well suited for specific tasks within IACS networks such as data replication, system state monitoring, remote backup management and patch management. This paper demystifies the use of Data Diodes within the IACS domain by detailing the process and challenges of building a simple Data Diode and applying it an IACS network. Tue, 30 Jun 2015 00:00:00 +0000BYOD: Do You Know Where Your Backups Are Stored?https://www.sans.org/reading-room/whitepapers/mobile/byod-backups-stored-36047Ever striving to reduce costs, companies in increasing numbers are testing Bring Your Own Device (BYOD) as a mobile solution. Although security has become a hot topic, ensuring the protection of confidential information during synchronization of a mobile device to a personal storage location may be overlooked. This paper will touch on elements of how and where data is stored on a mobile Apple and Android device, the default backup solutions, a few legal aspects to consider, and some security solutions offered by AirWatch and Good.Tue, 30 Jun 2015 00:00:00 +0000Accessing the inaccessible: Incident investigation in a world of embedded deviceshttps://www.sans.org/reading-room/whitepapers/internet/accessing-inaccessible-incident-investigation-world-embedded-devices-36052There are currently an estimated 4.9 billion embedded systems distributed worldwide. By 2020, that number is expected to have grown to 25 billion. Embedded systems can be found virtually everywhere, ranging from consumer products such as Smart TVs, Blu-ray players, fridges, thermostats, smart phones, and many more household devices. They are also ubiquitous in businesses where they are found in alarm systems, climate control systems, and most networking equipment such as routers, managed switches, IP cameras, multi-function printers, etc. Unfortunately, recent events have taught us these devices can also be vulnerable to malware and hackers. Therefore, it is highly likely that one of these devices may become a key source of evidence in an incident investigation. This paper introduces the reader to embedded systems technology. Using a Blu-ray player embedded system as an example; it demonstrates the process to connect to and then access data through the serial console to collect evidence from an embedded system non-volatile memory. Wed, 24 Jun 2015 00:00:00 +0000The State of Security in Control Systems Todayhttps://www.sans.org/reading-room/whitepapers/analyst/state-security-control-systems-today-36042By reading this report, ICS professionals will gain insight into the challenges facing peers, as well the approaches being employed to reduce the risk of cyberattack. Wed, 24 Jun 2015 00:00:00 +0000Six Steps to Stronger Security for SMBshttps://www.sans.org/reading-room/whitepapers/awareness/steps-stronger-security-smbs-36037An Analyst Program whitepaper by Dr. Eric Cole. It describes a six-step approach that small and medium-size businesses can use as a template for enhancing their overall security posture.Tue, 23 Jun 2015 00:00:00 +0000Security Spending and Preparedness in the Financial Sector: A SANS Surveyhttps://www.sans.org/reading-room/whitepapers/analyst/security-spending-preparedness-financial-sector-survey-36032Financial services organizations are being breached too often. Find out how the threat landscape and the tools to secure data are changing in the 2015 SANS Financial Services Survey.Tue, 23 Jun 2015 00:00:00 +0000eAUDIT: Designing a generic tool to review entitlementshttps://www.sans.org/reading-room/whitepapers/sysadmin/eaudit-designing-generic-tool-review-entitlements-36027In a perfect world, identity and access management would be handled in a fully automated way.Mon, 22 Jun 2015 00:00:00 +0000Case Study: Critical Controls that Sony Should Have Implementedhttps://www.sans.org/reading-room/whitepapers/casestudies/case-study-critical-controls-sony-implemented-36022What would soon characterize one of the worst hacks in recent history began when screenwriter Evan Goldberg and actor Seth Rogen joked about making a comedy about assassinating the leader of North Korea, Kim Jong-un.Mon, 22 Jun 2015 00:00:00 +0000Enabling Big Data by Removing Security and Compliance Barriershttps://www.sans.org/reading-room/whitepapers/analyst/enabling-big-data-removing-security-compliance-barriers-36017The rewards that big data can bring are widely recognized: scientific insight, competitive intelligence and improved fraud detection, as well as the benefits derived from sophisticated analyses of vast sets of transactional and behavioral data.Wed, 17 Jun 2015 00:00:00 +0000Using windows crash dumps for remote incident identificationhttps://www.sans.org/reading-room/whitepapers/forensics/windows-crash-dumps-remote-incident-identification-36012With the proliferation of defense mechanisms built into Windows Operating System,, such as ASLR, DEP, and SEHOP, it is getting more difficult for malware to successfully exploit it. Tue, 16 Jun 2015 00:00:00 +0000Conquering Network Security Challenges in Distributed Enterpriseshttps://www.sans.org/reading-room/whitepapers/analyst/conquering-network-security-challenges-distributed-enterprises-36007Enterprises continue to have difficulties detecting, blocking and responding to threats.Thu, 11 Jun 2015 00:00:00 +0000The Perfect ICS Stormhttps://www.sans.org/reading-room/whitepapers/internet/perfect-ics-storm-36002As manufacturing Industrial Control System (ICS) architectural designs have evolved from isolated and proprietary systems with physical separation to a layered architecture using more standard IT components to the latest “trend” of Industrial Internet of Things (IIoT); so too have the challenges associated with securing these environments.Mon, 08 Jun 2015 00:00:00 +0000Applying Lessons Learned for the Next Generation Vulnerability Management Systemhttps://www.sans.org/reading-room/whitepapers/threats/applying-lessons-learned-generation-vulnerability-management-system-35997The objective of this paper is to recommendations for improving a vulnerability management system in development. Mon, 08 Jun 2015 00:00:00 +0000New Critical Security Controls Guidelines for SSL/TLS Managementhttps://www.sans.org/reading-room/whitepapers/analyst/critical-security-controls-guidelines-ssl-tls-management-35995Security flaws like Heartbleed, POODLE, BEAST and a series of high-profile certificate thefts and misappropriations have shaken public confidence in "secure" SSL/TLS certificates. It is possible for organizations to safeguard themselves and retain most of the benefits of using the web's most common authentication system, however, as long as they're rigorous about setting and enforcing the right policies on who do trust among many questionable nodes in the global network of trust.Thu, 04 Jun 2015 00:00:00 +0000Practical Attack Detection, Analysis, and Response using Big Data, Semantics, and Kill Chains within the OODA Loophttps://www.sans.org/reading-room/whitepapers/warfare/practical-attack-detection-analysis-response-big-data-semantics-kill-chains-withi-35990The traditional approach to using toolsets is to treat them as independent entities – detect an event on a device with one tool, analyze the event and device with a second tool, and finally respond against the device with a third tool. The independent detection, analysis, and response processes are traditionally static, slow, and disjointed. Wed, 03 Jun 2015 00:00:00 +0000Improving Detection, Prevention and Response with Security Maturity Modelinghttps://www.sans.org/reading-room/whitepapers/analyst/improving-detection-prevention-response-security-maturity-modeling-35985An Analyst Program whitepaper written by Byron Acohido. It discusses various security maturity models and how organizations can use them to improve their defense posture while reducing the time needed to respond to incidents and contain the damage.Fri, 29 May 2015 00:00:00 +0000Integration of Network Conversation Metadata with Asset and Configuration Management Databaseshttps://www.sans.org/reading-room/whitepapers/bestprac/integration-network-conversation-metadata-asset-configuration-management-databases-35980As an alternative the loss of access to plaintext IP payloads in an increasingly encrypted and privacy conscious world, network layer security analysis requires a shift of attention to examination and characterization of the packet and network conversation meta- information derived from packet header information. These characteristics can be incorporated into and treated as an integral part of asset and configuration management baselines. Changes detected in the expected endpoints, frequency, duration, and packet sizes can be flagged for review and subsequent response or adjustment to the baseline.Tue, 26 May 2015 00:00:00 +0000Knitting SOCshttps://www.sans.org/reading-room/whitepapers/incident/knitting-socs-35975Over time, the list of "must-have" security appliances and services has become ever larger. Tue, 26 May 2015 00:00:00 +0000Automated Security Testing of Oracle Forms Applicationshttps://www.sans.org/reading-room/whitepapers/testing/automated-security-testing-oracle-forms-applications-35970To keep up with the increasing rate of web application attacks (Imperva, 2014) a wide variety of automated security testing tools have been developed (OWASP, 2014). Tue, 26 May 2015 00:00:00 +0000Lenovo and the Terrible, Horrible, No Good, Very Bad Weekhttps://www.sans.org/reading-room/whitepapers/casestudies/lenovo-terrible-horrible-good-bad-week-35965For one week in February of 2015, the largest personal computer manufacturer in the world had a “Terrible, Horrible, No Good, Very Bad Week.” Lenovo’s customers discovered that the company had been selling computers with pre-installed adware based software from a company called Superfish. Security researchers discovered that Superfish was not just annoying, but opened up the customers to significant vulnerabilities.Thu, 21 May 2015 00:00:00 +0000Honeytokens and honeypots for web ID and IHhttps://www.sans.org/reading-room/whitepapers/incident/honeytokens-honeypots-web-id-ih-35962Honeypots and honey tokens can be useful tools for examining follow-up to phishing attacks. Thu, 14 May 2015 00:00:00 +0000IPv6 and Open Source IDShttps://www.sans.org/reading-room/whitepapers/detection/ipv6-open-source-ids-35957This paper will examine the current support of IPv6 amongst three of the most popular open source intrusion detection systems: Snort, Suricata, and Bro. It will also examine support of the IPv6 protocol within the publicly available signatures and rules for each system, where applicable. Thu, 14 May 2015 00:00:00 +0000