Criteria for Selecting an Information Security Risk Assessment Methodology: Qualitative, Quantitative, or Mixed

An information security risk assessment is the process of identifying vulnerabilities, threats, and risks associated with organizational assets and the controls that can mitigate these threats. Risk managers and organizational decision makers use risk assessments to determine which risks to mitigate using controls and which to accept or transfer. There are two prevailing methodologies for […]

December 10, 2010 |

The Essential Link between Awareness and Security Policies

Eric Vanderburg Information security policies and security awareness go hand in hand. Frankly, a policy is worthless if it sits on someone’s desk. Information security policies find value when they are understood, adhered to, and enforced. In order to do this, employees must be made aware of the policy, the policy’s reason for being, and how […]

November 15, 2010 |

Developing a Virtualization Security Policy

Eric Vanderburg Since many organizations are rapidly virtualizing servers and even desktops, there needs to be direction and guidance from top management in regards to information security. Organizations will need to develop a virtualization security policy that establishes the requirements for securely deploying, migrating, administering, and retiring virtual machines. In this way a proper information security framework can […]

November 12, 2010 |

Understanding Data Loss Prevention (DLP)

Eric Vanderburg Data Loss Prevention (DLP) is one of those terms that is often mentioned but less often defined. The term can be as ambiguous as its scope which can be both large and small. So what is DLP and why does it matter? Data Loss Prevention (DLP) is an effort to reduce the risk of […]

October 29, 2010 |

Reducing privacy and compliance risk with data minimization

Eric Vanderburg Companies collect millions of gigabytes of information, all of which has to be stored, maintained, and secured. There is a general fear of removing data lest it be needed some day but this practice is quickly becoming a problem that creates privacy and compliance risk. Some call it “data hoarding” and I am […]

October 7, 2010 |

Business Continuity and Backups in the Virtual World

Eric Vanderburg Virtualization has really become a mainstream technology and an effective way for organizations to reduce costs. As mentioned in previous articles, it simplifies processes but also creates new information security risks to handle. This article is concerned with business continuity and how virtualization can create many new opportunities and efficiencies in your business […]

September 27, 2010 |

Critical security considerations for server virtualization

Eric Vanderburg Virtualization is an excellent way to make better use of existing IT resources but utilizing them for multiple tasks.  It also allows for hardware and software to be further abstracted so that hardware compatibilities become less of an issue.  Virtual machines can be highly specialized since an entire physical box does not need […]

August 10, 2010 |

MAC times in computer forensics

Written by: Eric Vanderburg MAC times are a form of metadata that record when files were created, modified and accessed and are named as follows: Created time: ctime Modification time: mtime Access time: atime You should be aware that the MAC times differ by file system and operating system and this can impact a forensic […]

October 10, 2009 |

Inside the Hacker’s Head – White paper

It is important to know about hacking because these skills, under controlled circumstances and with the proper authority can be used to determine system vulnerabilities by taking actions a hacker would do.  It is also important to understand this topic to better be able to counter the attempts of others to break into or misuse […]

September 2, 2008 |

Request Info

TCDI | Computer Forensics | Cybersecurity | Litigation Technology