ISSA Journal Gennaio 2019

la rivista mensile riservata ai Soci AIPSI

Gli articoli del numero di Dicembre 2018 includono:

• The Post Exploitation Malware Era, by Meir Brown. This article analyzes seven of the most advanced malware evasion behaviors that are both pervasive in the wild and continue to pose a serious challenge to detection tools.
• How Cybersecurity Teams Can Support and Facilitate Compliance with the GDPR, by Grace Buckler - ISSA member, National Capital Chapter. The General Data Protection Regulation (GDPR) gives residents of the European Union control over their own personal information regarding how organizations are allowed to collect and handle their private data. This article discusses how security teams can contribute to compliance efforts right away and long term.
• Spoofing a Hardware Security Module, by Jeff Stapleton - ISSA member, St. Louis Chapter. This article compares valid key management techniques using a cryptographic hardware security module (HSM) with commonly used untrustworthy software-based crypto methods that basically spoof the HSM. Two hardware-based techniques are contrasted with three hybrid-based methods. Security issues for the software-based methods are discussed, and an alternative standards-based scheme is introduced.
• The Art of Pushing Left in Application Security, by Kelley Bryant - ISSA member, Puget Sound Chapter. This article outlines the importance of integrating security activities into the software development life cycle in today's corporate marketplace.
• Net Neutrality: What Is It and Is It Necessary? by Nima Zahadat - ISSA member, Northern Virginia Chapter. This article presents an examination of the laws regarding net neutrality and deliberates both sides of the divide in terms of how net neutrality and its regulations impact consumers and end users, companies that depend on the Internet and its services, and the ISPs that provide broadband and other services.
• Practical Approaches to Overcome Security Challenges in Cloud Computing: Part 2: Private Cloud, by Seetharaman Jeganathan. In this 2-part article the author focuses on various security challenges in adopting cloud computing models and how to overcome them using practical approaches. Part 2 examines security challenges and concerns of private cloud computing models and then analyzes possible practical approaches to overcome the challenges and minimize security risks.

Le rubriche della Rivista 

• From the President
• Sabett's Brief
• If Blockchain Results in Smart Contracts, Does That Make All Other Contracts Dumb?
• Gray Hat
• Encryption Misdirection?
• Cryptic Curmudgeon
• Risk Management, Cost/Benefit, and Hockey
• Security Awareness
• The Craziest Information Security Stories of 2018
• Open Forum
• Role-Based Security Awareness Training for Technology
• Security in the News
• Crypto Corner
• Yes, Johnny Can Encrypt