The previous post were technical links.
This next collection also goes back a few months, and it covers most-excellent white-papers, musings, and other perspectives in ForSec and incident response handling.
Brainwashed by The Cult of the Quick - TaoSecurity
Linkz for SIEM - Journey Into Incident Response - Corey Harrell goes into great detail on security information and event management (SIEM).
SIEM Use Case Implementation Mind Map - Journey Into Incident Response - an expansion on the above post.
Where's the IR in DFIR Training? - Journey Into Incident Response - Corey Harrell touches on a subject I continually struggle and get frustrated with. It seems that so much of what I personally see (from my admittedly limited “sysadmin” perspective) is reactive response; something tripped an alert rule, it matches some pattern descriptions, instructions are received to drop everything and go wipe and reload it! It leaves me wondering about where the role of post-incident response activities should come in organizationally; such as evaluating what happened, what was the impact, is this event part of a larger trend, and what can we learn? I really gobbled down this post and the lively follow-on discussion in the post comments.
A guide to leading and motivating highly driven professionals - (PDF link) - SANS Institute Reading Room whitepaper by George Khalil.
Practical Threat Management and Incident Response for the Small- to Medium-Sized Enterprises - (PDF link) - SANS Institute Reading Room whitepaper by Jacob Williams.
Implementing an Information Assurance Awareness Program: A case study for the Twenty Critical Security Controls at Consulting Firm X for IT Personnel - (PDF link) - SANS Institute Reading Room whitepaper by John Dittmer.
Under Threat or Compromise - Every Detail Counts - (PDF link) - SANS Institute Reading Room whitepaper by Jake Williams.
Case Study: Critical Controls that Could Have Prevented Target Breach - (PDF link) - SANS Institute Reading Room whitepaper by Teri Radichel.
Incident Response in a Microsoft SQL Server Environment - (PDF link) - SANS Institute Reading Room whitepaper by Juan M. Walker.
(IN)SECURE Magazine - ISSUE 42 (June 2014) - (PDF link here) - articles include control/privacy discussion, “Incident response and failure of the ‘Just Fix It’ attitude” written by Mike Horn, and “Are you ready for the day when prevention fails?” written by Tom Cross which is another good IR-focused article.
Browser Fingerprinting and the Online-Tracking Arms Race - IEEE Spectrum - Not from your typical ForSec source, IEEE Spectrum looks into browser tracking beyond the stale cookie objects. Lessons for the ForSec community?
Incident Response with Triage-ir - SANS Diary post
USB firmware: An upcoming threat for home and enterprise users - Microsoft Malware Protection Center blog
Security of Password Managers - Schneier on Security- great post with links to some supporting whitepapers on the subject.
So on that last article, here’s a question for those still reading…what (Windows-based) options are available if password manager software is not approved in your organization? Seriously. How could one manage (and/or securely store) lots of credentials/strong-passwords on a “stock” Windows system? The easiest solution is to stretch that grey matter and just memorize them; a modern twist perhaps to the great oral storytelling traditions of Homer and the bards that followed? Writing them down seems like an anathema. And then there is the challenge of “manually” generating strong/complex and/or random passwords that many password managers can assist with. Bother. (This was interesting: XKPasswd - Secure Memorable Passwords). Thoughts or suggestions?
Stay sharp my friend!