Members
- Log In
- Renew Online
- Discount Programs
- Membership Card
- Webcasts
- Member Search
- Your Profile
- Support Materials
- ISSA Journal
- E-News
- Volunteer Committees
ISSA Journal Archive
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
2007
2006
2005
2004
2003
Older
Note: documents are in PDF format. You may need to download free Adobe Acrobat Reader software to view them.
Contribute to the journal
Are you interested in contributing an article to the ISSA Journal? Please contact editor@issa.org, and review the Editorial Guidelines (PDF, 48kb).
Advertise in the journal
To learn about sponsorship opportunities, please request a Media Kit.
December
- ISSA Journal December 2006
Full Issue - Make a Match for Your Organization: Security roles and job definitions
By Sekar Sethuraman - Return On Security Investment
By Vicente Aceituno - Complexity: Addressing the big threat to your organization
By Joel Weise - Gaining with Gateway Encryption and Signing
By Luther Martin - Trade Secrets: An information security priority
By Steve Luebke - Bridging the Great Divide: The convergence of physical and logical security
By David Ting - Real Test Plans for Real Results
By Mark S. Kadrich - How To Apply Strong Cryptographic Controls
By Arpad Janko - Detection Isn’t Optional: Monitoring-in-depth
By Robert Graham - Customer Service and Security: Social engineering without even trying
By Mikhael Felker - toolsmith
By Russ McRee - Career Corner
By Joyce Brocaglia
November
- ISSA Journal November 2006
Full Issue - VoIP Security: Asserting the trust boundary
Sridhar Ramachandran - Beyond NAC: The value of post-admission control in LAN security
Jeff Prince - Pandemic of Fear: Thinking about disaster recovery planning
Craig Lucca - The Usual Suspects: Textbook Web application vulnerabilities
Jason Reed - Managing a Different Kind of Identity
Mark Mac Auley - Key Management: The biggest issue in storage encryption
Dore Rosenblum - Covert and Overt Protection for Valuable Documents
Fred Jordan - The Inside Threat
Angus MacDonald - ISO/IEC 27001: The future of infosec certification
Taiye Lambo - Securing Remote Control: Fundamentals for security in remote environments
Mike Baldwin - toolsmith - Wireshark
Russ McRee - Career Corner
Joyce Brocaglia
October
- ISSA Journal October 2006
Full Issue - Implementing Quantum
Key Distribution in
Today’s Networks
Andrea Pasquinucci - Achieving a Smoother Network Access Control Implementation
Phillip Lin - Security Through Obscurity
Nathan Ouellette - ISM3: A Standard for Information Security Management
Vicente Aceituno - Tips on Selecting an IT Security Software Vendor
Mark Azzolina - Diffie-Hellman Key Exchange: A Non-mathematician’s Explanation
Keith Palmgren - Making Sense of Cryptography
Mark J. House - Introduction to ITIL Service Management and Security Management
Mark Azzolina - Infosec LiveDistros: Must-haves for the
information security practitioner
Russ McRee - How to Hire the Person You Want
Joyce Brocaglia and Erin Fallon
September
- ISSA Journal September 2006
Full Issue - The Evolution of Phishing
Michael Urban - Digital Forensics and the Role of the Sysadmin
Rob Bainbridge - A Microsoft-ISSA Partnership
Lori Woehler - The Next Generation of CISOs
Patricia A. Myers - Security Concerns for RFID Technology
Michael Grimaila - Identity Management for the Security Professional
Mark MacAuley - Identity Theft’s Impact on the Information Security Program
Pamela Fredericks - Measuring Security Effectiveness with ISO 27001
Steve Wright - Protecting Your PC: IT Security Awareness
Louis Gamon - Legal Perspectives - The Passage from Paper to Bit in Italy
Daniela Rocca - Career Corner - What Are Your Differentiators
Erin Fallon - Association News - How an ISSA University Liaison Benefits Everyone
Harry Smith
August
- ISSA Journal August 2006
Full Issue - IAVA Management
Derek Isaacs - Nimble Risk Management
Randy S. Lindberg, CISSP, CISM, PMP - What’s Your View of the Network? Detecting and Preventing Attacks and Monitoring Network Behavior Through sFlow Technology
John Jerrim - The Breach Notice Dilemma: Keeping it Simple
Gerald Pinzino - Geeks and Guards: Leveraging the Corporate Guard Force
Dave Tyson, MBA, CPP, CISSP - Alternate Data Streams: What’s Hiding in Your Windows NTFS
Keith Palmgren, CISSP - BCM Mismanagement
Marc Vael, CISM, CISA, ITIL and Vicky De Neyer - With Great Power Comes Great Responsibility: Testing for Security in the Ajax Age
Bryan Sullivan - Internet Rhetoric for Security
Ronald L. Mendell, MS, CISSP - Compliance Is Only Part of the Equation
Craig Carpenter - Seven Steps to Information Protection in 2006
Naomi Fine, Esq. - Satisfying IT Security Educational Needs: A Success Story
Mark Azzolina - The Importance of Human Capital
Joyce Brocaglia
July
- ISSA Journal July 2006
Full Issue - Does FOSS Pay? Risks and Benefits of Open Source Software
Warren Axelrod - Identities: The New Black Market Currency
Andrew Stern - Why Obtain Security Certifications?
Tim Smit - Information Security Governance: Setting the Tone at the Top
Apolonio Garcia - Practical Implementation of CVSS
Justin Hall, Mike Schuetter - Tracking Assets in a Heterogeneous IT Environment
Mike Baldwin - Contingency Planning: A Process
Michel Landry - Using Two-Factor Authentication to Battle Online Fraud
Andy Cottrell - Network Security in a Fast-Paced World
Mick Johnson - Enhancing Security Compliance in Your Distributed Operations with Self-Assessment and Automation
Sekar Sethuraman, A. J. Vijayakumar - Electricity Utilities: Welcome to the World of Information Security Compliance
Ron Lepofsky - Seven Myths About Information Security
Dr. Gary Hinson
June
- ISSA Journal June 2006
Full Issue - Information Security: Organizing and Managing for Success
Aurobindo Sundaram - Key Management: The Biggest Issue in Storage Encryption
Dore Rosenblum - The Payment Card Industry (PCI) Data Security Standard and the Role of Network Intrusion Prevention
Mike Paquette - Certifiably Qualified
Jack King - Denial of Service Attacks: Should it Mean Denial of Service?
Hema Krishnamurthy - A More Secure Front Door: ESSO and Strong Authentication
Chris Feeney, CISSP - Quantum Information and Security
Andrea Pasquinucci - Thwarting Stealthy Attacks with Anti-Reconnaissance
Don Davidson - The Brave New World of Distributed IT Security
Peter Rive - Facilitating Sarbanes-Oxley Compliance with the Capability Maturity Model Integrated (CMMI)
Ken DiStefano - Systematic Removal of Accesses: Pull the Key from the Lock
Gideon T. Rasmussen
May
- ISSA Journal May 2006
Full Issue - Making the Case for Replacing Risk-Based Security
Donn B. Parker, CISSP - Security Challenges in RFID Implementations
Mary Brown, MS, CISSP, CISA - Dealing with the "Insider Threat"
Ronald L. Mendell, CISSP - The Intersection of Compliance and Security
James Hietala, CISSP, GSEC, GCFN - IT Security Operations: Contradictory or Complementary Terms?
Mike Schuetter, CCIE, CISSP - Identity Management Issues In Healthcare
John Christly, MBA, CISSP, PMP, CHSS, PI - Building an Effective and Sustainable IT Compliance Program
Mark Azzolina and Maggie Albrecht - USB Mass Storage: Security Threats and Opportunities
Larry Hamid - Gateway Solutions to HIPAA-Related Security Challenges
Ken Seitz - Database Misinformation and Integrity: The Slow Corruption Attack
Matthew Toczek - Tracking Risk Over Time
Ron Lepofsky - Career Corner: The Comeback of Business Continuity and Disaster Recovery
Jeff Combs
April
- ISSA Journal April 2006
Full Issue - The Top Five Wireless Security Threats
Jess Ward - Physical Security: It is Your Job
Ira Winkler - Security and Sarbanes-Oxley: What About the Spreadsheets?
Dr. Raymond R. Panko - A Practical Guide to Biometrics
Luther Martin - The Perimeter Isn't Dead, It Just Needs A Makeover
Vaughn Hazen - How Secret is a Secret?
Vicente Aceituno Canal - How to Deal with the Legal "Catch 22" of Electronic Data Destruction
Dan Bayha - Protecting Our Keystrokes
Avner Rosenan and Zvi Gutterman - Trusted Computing: A Boon or a Curse?
Urvish Khandwalla - Network Security: Protecting IT Networks and Their Services
Louis Gamon - Security Control Selection And Tailoring
Michel Landry - The Security Architect: Bridging the Gap Between Business, Technology and Security
Ron Collette, CISSP and Mike Gentile, CISSP - Identity Management: Tackling the 400-Pound Gorilla
Richard E. Mackey, Jr. - Career Corner: A Guide to Conferences
Erin Fallon
March
- ISSA Journal March 2006
Full Issue - Protecting Talent
Donn B. Parker - Choosing Hardware for a Computer Forensic Lab
Aaron Stanley and Evan McGoff - Eliminating Card Numbers to Minimize PCI Exposure
Branden Williams - Remote Vendor Access (RVA): Not All Access Should be Treated Equally
Kris Zupan - Three Critical Elements in Data Backup and Disaster Recovery
Frank Jablonski - Application Security 101: Buffer Overflows
Luther Martin - What's on Your Security Checklist?
Richard Williams - Maximizing Your Managed Security Services Strategy
Bart Vansevenant - Patch Management: The Gloves Are Now Off
Raj Samani - How to Put Your Network Systems Through the Security Test
Elizabeth M. Ferrarini - FISMA and the Certification and Accreditation Process
Michel Landry - Security Awareness Training For Small Businesses
Jeff Wold - The Application Security Crisis: Why Manual Testing Has Become Ineffective for Securing Applications
Mandeep Khera - Legal Perspectives: Update on Security Breach Notification Laws
Benjamin S. Hayes - Career Corner: Handling Conflict Diplomatically
Joyce Brocaglia
February
- ISSA Journal February 2006
Full Issue - Why the eDiscovery Revolution is Important to InfoSec
John Patzakis, Esq. - It's The Law: An Overview Of FISMA and Its Impact On Current Security Practices
Michel Landry - Calculating IT Security Risk
Ron Lepofsky - The Information Security Health Scorecard: An Effective Way to Engage Your Organization in Information Security Initiatives
Sekar Sethuraman - Avoiding A Victim Mentality
Andrew Lochart - Experiences with a Honeypot
Patricia L. Garlick, MSCIT - Crafting Standards that Matter: An Insider's View of an E-mail Authentication Standard
Jon Callas and Rajiv Dholakia - Best Practices in DNS and BIND
Cricket Liu - Effective Operational Security Metrics
J. Patrick Ravenel - Out of Sight, Out of Mind, Out of Compliance?
Dore Rosenblum - Understanding Voice-Over-IP (VoIP) Security
Bogdan Materna - Trust, Relationships and the Future of Compliance
Marv Goldschmitt and Ashwani Kaul - 12-Step Security Program for Small and Medium Businesses
Mike Wysocki - E-mail Security: A Review of Available Technologies
Wole Akpose - Career Corner: The Work-Life Balance Demystified
Erin Fallon
January
- ISSA Journal January 2006
Full Issue - Digital Signatures Are Not Enough
Jeff Stapleton and Steven Teppler - Dot1x Provides an Additional Wall In Your Security Fortress
David Lam, CISSP - Building Security into Applications
Marco Morana - ISO 17799: A Closer Look
Scott Sweren - The Risks of IM in the Workplace
Carlos Valiente, Jr., CISSP, CISA, CISM - Security in the Software Development Life Cycle
Janeine Charpiat and Jarvis Robinson - Best Practices for Implementing Homeland Security Presidential Directive 12
Tom Gilbert - Identity Management: A Closer Look
Joe Anthony - Eliminating the Threat from Within
Lance Masten - Mobile Malware: A Clear and Present Danger
Shane Coursen - Keeping DNS Trustworthy
Richard Hyatt - A Process Mindset: A Foundation for Information Security
Ken DiStefano - The Path to Assured Solutions
Carlos Trigoso - Legal Perspectives: New Publication Available to Help ISSA Members Prepare Written Commercial Contracts
Benjamin Hayes and Jeffrey Ritter - Career Corner: The New Breed of Security Professionals: Part Two
Joyce Brocaglia