2005 ISSA Journal Archive

Note: documents are in PDF format. You may need to download free Adobe Acrobat Reader software to view them.

Contribute to the journal

Are you interested in contributing an article to the ISSA Journal? Please contact editor@issa.org, and review the Editorial Guidelines (PDF, 48kb).

Advertise in the journal

To learn about sponsorship opportunities, please request a Media Kit.

December

ISSA Journal December 2005
Full Issue
Privacy Management: What Management Should Know
Marc Vael
Service Oriented Architecture: Security Challenges
Jonathan G. Gossels & Richard E. Mackey, Jr.
Computer Forensic Investigations Require The Skills Of Trained E-Discovery Specialists
Stephen P. Tarr
Open Intelligence Sources for ITSEC Professionals
Ronald L. Mendell, MS
Data Privacy In a World Without Perimeters
Oscar Mitchell
Staying Safely Connected: The Challenges of Securing Endpoint Devices
Zvi Gutterman
Evolving Hardware Security Standards
Luther Martin
Think Outside the Botnet
Benjamin Tuttle
Bayes' Theorem In Security Posture Analysis
Serge Krasavin
Bugged in the Board Room
Lee Anderson
Securing Enterprise Access via a WIFI Hotspot
Mark Emmett
Legal Perspectives: FFIEC Issues New Guidance on Authentication in Online Transactions
Benjamin S. Hayes and Jeffrey B. Ritter
Career Corner: The New Breed of Security Professionals: Part One
Joyce Brocaglia

November

ISSA Journal November 2005
Full Issue
Handle With Care: Protecting Sensitive Data
C. Warren Axelrod
ISO 17799: Is This the New Universal Security Standard?
Bruce Gorman
Reverse-Engineering Java Class Files and Common Mitigation Techniques
Larry Moore
The Rise of the Analog Hacker: A New Physical Security Concern
Leonard Gallion
Vulnerability Management: From Conception to Execution
Aurobindo Sundaram
Of ATMs and Phishing
Andy Cottrell
Information Security Standards: A Closer Look
Vicente Aceituno Canal
The CISSP, The CIPP and HIPAA
David Nelson
Vulnerability of Gullibility
Javier Soto
Log Data Management: A Smarter Approach to Managing Risk
Dominique Levin
A Paradigm Shift in Remote User Authentication Systems
Tara Chand
Holistic IPS: The Convergence of Intrusion Prevention Technologies
Avi Chesla
Career Corner: A Risk Any Other Name…
Jeff Combs

October

ISSA Journal October 2005
Full Issue
The Changing Face of Computer Crime
Ira Winkler
Steganography: The Last Digital Hiding Place
William J. Meador
Social Engineering: What You Need to Know to be Able to Foil Attacks
Mathieu Gorge
The Simplicity of Attacking a Wireless Network
Thomas Fisher
Testing User Access Control For SOX Compliance: Lessons Learned
Nalneesh Gaur
Modern Cybercrime
Kevin Overcash
If Security Auditors are from Mars and Developers are from Venus…
John Viega
Trusted Security Zones: Challenges for a Layered Approach to Security
Rafael Etges, CISSP, and Karen McNeil
Endpoint Intrusion Prevention
Eric Haley and Albert Caballero
Upgrading Your Cryptography
Luther Martin
Convergence: First Telephony and Now Security
Vern Williams, CISSP/EP, CBCP, IAM
Collegiate Cyber Defense Competitions
Gregory B. White, Ph.D., and Dwayne Williams
Storage, Security, and SOX
David Miner and Mike Marchi
Planning on Leaving the Dance With the One Who Brought You? A Look at MSSPs
Kris Zupan
Legal Perspectives: Data Processors May Be Subject to FTC Information Security Regulations
Benjamin S. Hayes

September 2005

A Brief Guide to the Common Criteria
Alex Ragen, CISSP
Information Leak Prevention: Tackling The Insider Threat
Ariel Peled
Honeypots: The Past, Present and Future
Lance Spitzner
The SRAD-I Security Layers: A Model for Secure, Rapid Architecture and Design for Infrastructure
Keith T. Hall
From Perimeter Security to Database Security: Protecting the Crown Jewels
Aaron Newman
802.11 Wireless Networks
Jason G. Andress
VOIP Security: What are we Talking About?
Dharminder Dargan
Weaknesses in SHA-1
Luther Martin
Securing the Operating System, Not Just the Application
Paul Kincaid
On Information Security Paradigms
Vicente Aceituno Canal
Legal Perspectives: Corporate Liability for Data Loss/Identity Theft and Defensive Legal Strategies
Jeffrey B. Ritter and Benjamin S. Hayes
CISOSpotlight: When Legal Agreements Collide: The Patriot Act Meets Canadian Privacy Legislation
Dave Tyson, MBA, CPP, CISSP
Career Corner: Money Isn't Everything
Erin Fallon

August

ISSA Journal August 2005
Full Issue
Certifications: Where’s the Beef?
Philip Cox and Brad Johnson
IT Operations Security: Considerations for Backup and Recovery
Brian Nickel
Fixing E-mail
IronPort Systems
Implementing a Security Operations Center
Park Foreman
Forensic Implications of Alternate Data Streams
Fernando Maymí
How Security Evaluations Can Improve Customer Confidence in Commercial IT Products
Wesley Higaki
Web Application Exposure
Mike Shema

July

ISSA Journal July 2005
Full Issue
Social Engineering Through Human Intelligence
Ira Winkler and Lance Hayden
When Irish Guys Are Dialling
Brian Honan
Federated Identity: A Fairytale or Reality?
Ray Tam
VPNs: Choosing the Right Solution For Your Enterprise
Chris Downing
Risk Management Returns Results
Aurobindo Sundaram and Michelle Ward
Authentication: The Development of Biometric Access Control
Robby Fussell
Spyware Tops List of Security Threats in the Enterprise
Sarah Gordon

June

ISSA Journal June 2005
Full Issue
The ISSA 2005 International Board: Election Results Are In!
Special Feauture
Building An Identity and Access Management Infrastructure
Ray Tam
The Benefits of Integrating Corporate Security and eDiscovery Processes
John Patzakis and Victor Limongelli
Configuring Secure Linux Hosts
Landon Curt Noll
Identity-Based Encryption: A Closer Look
Luther Martin
Why You Need to Consider Every Angle Before You Make Your Next Security Purchase
Elizabeth M. Ferrarini
Ten Security Lapses and SAP
Corwin R. Slack, CPA, CMA

May

ISSA Journal May 2005
Full Issue
The Demise of Passwords: Have Rumors Been Exaggerated?
C. Warren Axelrod
Why "Always-On" Stateful Inspection and Deep Packet Analysis are Essential to Deliver Non-Stop Protection
Sanjay Raja
Security Event Management
Yahya Mehdizadeh
Data Security: An Essential Component of Network Security
Drew Meyer
Identity Theft and the Renewed Focus on Authentication
Jonathan G. Gossels

April

ISSA Journal April 2005
Full Issue
The BSA/ISSA Information Security Survey: Results Are In
Stephen Scharf, CISSP, MCSE, CCSE, CCNA
Dialing Up New Security Woes
John Bumgarner, MA, CISSP, GCIH, IAM, SSCP
Evaluating and Implementing Security Information Management Systems
Aurobindo Sundaram, CISSP, CISM, CISA, CCSA
Assuring Global Information Security Across the Organization
Martin Bean
Learning from Our Enemies
Donn B. Parker, CISSP
The Art Of Staying Thin
Raj Samani, MSc, CISSP, CCNA, CCA, CCSE, RSA

March

ISSA Journal March 2005
Full Issue
Phishing: How Gullible Can People Be?
David Zumwalt
Top 10 Hot Topics in Security
Jonathan Gossels
Rethinking Endpoint Security
Mitchell Ashley
Using Computer Forensics to Identify Sources of Attack
Joel Weise and Brad Powell
Creating an ROI to Justify Information Security Budgets
Ron Lepofsky
Prioritizing Security Projects: A Framework
Nalneesh Gaur and Kevin Faulkner

February

ISSA Journal February 2005
Full Issue
Security Breaches and the Cost of Downtime
Jeff Schmidt
Challenges in Achieving Sarbanes-Oxley Compliance
Michael R. Grimaila, GSEC, B.S., M.S., Ph.D. and Abhijit S. Kulkarni, B.S., M.B.A.
IT Security: The Human Factor
Paul Stich
Firewall High-Availability Strategies
Park Foreman, CISSP, CCSE
A Computer Health Plan: An Extended Metaphor
Richard Mosher, CISSP, CBCP
Internet E-mail Security
Bradley Schaufenbuel

January

ISSA Journal January 2005
Full Issue
Security by (Industry) Association
Special Feature
Worms: The New Weapons of Mass Destruction
John Bumgarner
Managing Root Passwords
Kris Zupan
Regulating the Network: The Next Stage of Compliance
Eric D. Vasbinder, CISSP
The Extended Enterprise: Securing the Application Layer
Nat Kausik
Top Five Best Practices for Information Systems Auditing for Government Compliance
Dan Barahona
Adding Multi-Tiered Spam Filters to Your Security Arsenal
Roger Matus