Digital Forensics

Information and Resources Related to Digital Forensics, Incident Response, Forensic Lab Management, Technical Investigations, and more...

Cybersecurity

Information and Resources Related to Cybersecurity, Information Security, Internet Safety, Cyberstalking, Metrics, Cyber Management, and more...

Information Technology

Information Technology, IT Management, IT Metrics, Risk Management, Change Management, IT Leadership, Communications, and more...

Cybersecurity Considerations with Bring Your Own Device (BYOD) Implementations

  Bring Your Own Device (BYOD) refers to allowing end users the ability to use their own personal mobile devices (e.g., phones, tablets, laptops, etc.) to conduct business instead of having a corporate device issued to them.  BYOD is often seen as a cost savings and a step toward a “21st Century Workforce” by executives. 

Making a Risk-Based IT Change Management Process

  A key component to any successful and mature Information Technology (IT) team is a disciplined change control process.  Few things are more frustrating to an IT manager than having a service affecting outage and not being able to immediately identify recent changes to the environment. Change control requires rigor, discipline, auditing, and a commitment from

Reducing Classified Spillage Incidents

  A classified spillage (commonly referred to as a spill) incident occurs when information is transmitted, processed, or stored on an information system that is not accredited to contain that level of information.  Usually, this occurs when a classified document (confidential, secret, top secret, etc.) is created, stored, or emailed on unclassified systems or networks. The

Why Multifactor Authentication is so Important

  As a cybersecurity professional I get frequent questions from people who want to know how to keep their personal or business data secure.  While it is true that the tools and techniques used by hackers are getting more sophisticated, the reality is that most breaches, even the very large and highly publicized breaches, could

Sitting in the Hot Seat: OPM Director Answers Tough Questions about 2015 Breach

  The Office of Personnel Management (OPM) data breach takes cyberattacks against the United States to a new level.  The motivation of the cybercriminals responsible for the OPM breach was not financial or hacktivism, but purely intelligence gathering.  For context, the OPM is responsible for conducting security clearance investigations for many federal agencies and this

Digital Forensics / Incident Response Forms, Policies, and Procedures

  For my Master of Science Degree in Information Security and Assurance (MSISA) I wrote my thesis about the overall lack of standards, certifications, and accreditation in the digital forensics discipline (available here).  This lack of rigor within our profession may very well jeopardize the credibility of our discipline. Over the past decade that I have

Disheveled Digital Forensics: The Impact of Inconsistent Standards, Certifications, and Accreditation

Abstract   Technology and digital evidence are at the forefront of nearly every criminal, civil, and corporate investigation in the world. For the past thirty years digital evidence such as computers, cellular phones, tablets, servers, GPS devices, gaming consoles, storage devices, and network infrastructure devices have been forensically analyzed and presented in legal proceedings. In many