Friday, December 18, 2015

Cybersecurity Fundamentals – Top 3 Project Papers.

After reviewing roughly 30 projects, these are my top 3 for the semester. There's another one that also I absolutely love about insider threat anomaly detection. I've included the summaries below of each of these well-written papers.

First, Lance created a survey asking users about smartphone security. Population size 117, statistically significant with a +/-10% margin of error. Contains interesting findings highlighting differences between Apple and android users. Great writing style.

Next, Harrison decides he's interested in learning about the dark web. He also has a great writing style which made this a fun and interesting read. Check this one out.

Finally, Seyed dove into Amazon Web Services security. I'm well aware of the wealth of information he had to go through to put this together, and I'm proud of the outcome and effort.

Head on over to the documents tab to view!
https://sites.google.com/site/cloudauditcontrols/

Smartphone Security Assessment

Lance Giles

Summary
In 2014, my laptop fell victim to a Basic Input Output Operating System (BIOS) rootkit, which left it irreparable. My good friend who ran diagnostics on the laptop and discovered the rootkit recommended that I start shopping for a new computer. The news that my laptop was not responsive to repairs stunned me. My use of the internet was limited to emailing, banking, shopping occasionally, and monitoring my credit. I had active antivirus and antimalware software on my laptop. No unusual behavior was detected in my laptop until it seemed abnormally slow one day. How could my laptop be penetrated by a rootkit that nestled in the BIOS when my usage was low risk and security measures were in place? When I discussed my puzzlement with my friend, he highly recommended that I visit Security Investigative Reporter Brian Krebs’ blog at ‘https://krebsonsecurity.com/’ and learn more about malware, firewall, identify theft prevention, and mobile device security.

Since then, my interest in acquiring tips and techniques for securing information systems has accelerated. My interest drives me to evaluate the current practices of securing smartphones. To me, it seems that smartphones are rapidly becoming more commonly used than a laptop, desktop, or tablet. As of April of 2015, approximately 64 percent of “American adults now own a smartphone of some kind, up from 35% in the spring of 2011. Smartphone ownership is especially high among younger Americans, as well as those with relatively high income and education levels.”(3) Similar to laptops and desktops, smartphones are vulnerable to malware transmitted through emails, web traffic, and external media such as USB; however, unlike laptops and desktops, they are also vulnerable to malware transmitted by text messages, apps, and games. (6, page 40)
 

Into the Heart of Darknets

Harrison Van Riper

Summary
America has developed a fascination with the dark web. In the first season of House of Cards, one of the characters accesses the dark web to get in touch with a hacker. In dramatic fashion, he is introduced to the shady and covert services on the internet underbelly. Over the last couple of years, Silk Road has gained high media attention. The site provides an anonymous marketplace for drugs to be sold to its’ anonymous user base. The public perspective of the dark web is that it hosts all kinds of vile and illegal activities, like the aforementioned Silk Road or illegal pornography. I thought to myself, how can something so seemingly criminal exist? I’d never accessed it before or talked to anyone who had. Why not dig in and see what all the fuss is about?
 

Public Cloud Security (AWS)

Seyed Ahmadreza Amin

Summary
Information security is of paramount importance to Amazon Web Services (AWS) customers. Security is a core functional requirement that protects mission-critical information from accidental or deliberate theft, leakage, integrity compromise, and deletion.

Under the AWS shared responsibility model, AWS provides a global secure infrastructure and foundation compute, storage, networking and database services, as well as higher level services. AWS provides a range of security services and features that AWS customers can use to secure their assets. AWS customers are responsible for protecting the confidentiality, integrity, and availability of their data in the cloud, and for meeting specific business requirements for information protection.

This article describes best practices that customers can leverage to build and define an Information Security Management System (ISMS), that is, a collection of information security policies and processes for their organization’s assets on AWS. Although it is not required to build an ISMS to use AWS structured approach for managing information security that is built on basic building blocks of a widely adopted global security approach will help customers improve organization’s overall security posture.