A Silent Wake for the Network Perimeter Model
by Ron McFarland, PhD, CISSP
For many years, security experts have touted various models of network security based on a defensible network perimeter. Initially, the network perimeter (aka perimeter-based security) was fairly basic and provided a rudimentary level of security between the external/unmanageable Internet and a company’s internal/manageable IT environment. To enhance network security, the more elementary DMZ (Demilitarized Zone) network model evolved into a layered architecture and included many iterations over the past 20 to 30 years. In early 2005, the SANS Institute published an article entitled “Design Secure Network Segmentation…
New video uploaded on youtube.
Title: Cloud Service Models: Video 1
Description: Cloud Computing — Training by Highervista LLC. This video is an introductory video and #1 in a series of training videos about Cloud Computing. First, we discuss the definition of Cloud Computing (based off of the NIST definition). Next, we discuss Additional Cloud terms that are important to discuss with your users who may not understand particular definitions that are essential during the definition phase for a project. Following that, we discuss the essential characteristics of Cloud Computing and cloud technology. Finally, we discuss the Cloud Computing service models. These concepts are a prelude to further discussion that will be posted on the Highervista LLC YouTube channel.
Video Link: https://youtu.be/ROFQya2RBSA
Channel Title: Ron McFarland
Published On: 2021–03–02T00:56:55Z
Training slides for SQLite. Please feel free to use. Also, if you do use, please cite me and other sources noted in the slides. As these presentations refer to the “SQL Quickstart Guide” by Walter Shields, please consider a purchase of his book to receive the database (sTunes) as described in these presentations (Amazon, etc.).
Let me know if there are any changes/modifications.
Module 1 of 9: https://www2.slideshare.net/highervista/sq-lite-module1
Module 2 of 9: https://www2.slideshare.net/highervista/sq-lite-module2
Module 3 of 9: https://www2.slideshare.net/highervista/sq-lite-module3
Module 4 of 9: https://www2.slideshare.net/highervista/sq-lite-module4
Module 5 of 9: https://www2.slideshare.net/highervista/sq-lite-module5
Module 6 of 9: https://www2.slideshare.net/highervista/sq-lite-module6
Module 7 of 9: https://www2.slideshare.net/highervista/sq-lite-module7
Module 8 of 9: https://www2.slideshare.net/highervista/sq-lite-module8
Module 9 of 9: https://www2.slideshare.net/highervista/sq-lite-module9
Due to the increasing volume of cybersecurity incidents caused by bad actors, organizations, there is a pressing demand for organizations to protect their information systems and networks. One type of cybersecurity attack that has caused havoc on organizational information systems and networks is the ransomware attack, where organizational information and data assets are locked up and held for ransom by an attacker. To address this type of attack on the critical infrastructure, a plan to address ransomware that includes its prevention, mitigation strategies, and procedures to restore system services if an attack was successful. A business continuity plan (BCP) must…
by Prudence Calabrese, MAI and Ron McFarland, Ph.D.
Artificial Intelligence in the Manufacturing Supply Chain
Individually, Artificial Intelligence (AI) and blockchain are two disruptive technologies. Each offers advantages to a wide array of technology, financial, healthcare, business, and the manufacturing supply chain sectors. AI provides the promise of building software and machines that are capable of performing tasks that involve more computation and applied intelligence. In the meantime, blockchain can be considered a new file system for storing information in an encrypted form on a distributed ledger format (Marr, 2018).
Combined, AI and blockchain will lead to both a technical…
A key aspect of database technology is that security of data that resides on databases is at continual risk from hackers. The landscape of database technology has rapidly changed over the past decade. Database technology has morphed into many variants, which serve to better express how data is managed in the organization. The rapid changes and the increased ways that data is managed creates a swelling risk for database security. In this brief article, please find a summary of a few popular database types, as a prelude to future discussions on database security. …
By Ron McFarland, Ph.D.
June 1, 2019
The largest problem with open source solutions is that there is generally no vetting process for much of the open source communities in terms of cybersecurity efficacy. For example, the Equifax hack was as a result of an open source java component being used in a framework that afforded attackers to exfiltrate consumer PII. I recently read that over 1,000 downloads per day occur in the software development space for open source modules. …
Data Leakage & Application Programming Risk Mitigation: A starter for the Java Programming Language
by Ron McFarland, Ph.D.
Risk mitigation continues to evolve in the cybersecurity space. A key observation that speaks to the shifting sands of risk mitigation is noted in the Hewlett Packard Enterprise Cyber Risk Report of 2016. HP researchers indicated that attackers have shifted their focus from servers and operating systems directly to applications (Enterprise, 2016). For application development teams, this shift places even greater emphasis on the development of secure code and the protection of code once deployed. …
A few years back, I earned the CCFP Computer Forensics certification from ISC2. ISC2 (isc2.org) is a highly reputable certification organization, but they decided to pull back from the forensics certification as a business decision. They have since expired the CCFP certification.
The CCFP was a recognized certification and, at the time, covered the essential aspects of Computer Forensics. The intent of the certification was noted on the ISC2 website: “The CCFP exam covers a number of domains including legal and ethical principles, investigations, forensic science, digital forensics, and hybrid and emerging technologies. The examination, which costs $549, is a…