May 16, 2010
Cyber-Terrorism: Are We There Yet?
This report by stratsec consultants Nick Ellsmore and Arun Raghu the state of cyber-terrorism in the wake of 9/11.As society’s reliance on technology has continued to grow, so too has the possibility of terrorists seeking to advance their cause through a cyber-attack of some kind. READ MORE
Jul 27, 2009
System Security Primer
This paper was written to be a lightweight, easily adoptable primer and checklist to assist an organisation in better understanding security requirements and controls. This is intended to allow development teams to build a minimum level of security into a system without the overhead of incorporating an unwieldy process into the system development lifecycle or forcing large amounts of documentation upon system implementers. READ MORE
Oct 15, 2008
WiMAX addendum to Wireless Security CIO and CEO Reports
stratsec (as SIFT) was engaged by the IT Security Expert Advisory Group (ITSEAG) of the Trusted Information Sharing Network (TISN) to update the previously developed wireless security reports to reflect changes in the wireless technology landscape. READ MORE
Oct 15, 2008
User Access Management: A Defence in Depth Control Analysis
stratsec (as SIFT) was engaged by the IT Security Expert Advisory Group (ITSEAG) of the Trusted Information Sharing Network (TISN) with the purpose of providing guidance and practical advice on developing a layered defence in depth approach to user access management. READ MORE
Oct 15, 2008
Defence in Depth
stratsec (as SIFT) was engaged by the IT Security Expert Advisory Group (ITSEAG) of the Trusted Information Sharing Network (TISN) to provide advice for implementing defence-in-depth security controls and highlight the concept’s importance when it comes to dealing with modern information risk management. READ MORE
Aug 25, 2008
APEC VoIP Security Guide
stratsec (as SIFT) was engaged by the Asia-Pacific Economic Cooperation (APEC) organisation to develop a website and supporting material to assist small and medium enterprise SMEs in understanding the issues around VoIP security and to aid in safely using VoIP. READ MORE
Oct 26, 2007
Future of the Internet Project – Reliability of the Internet
stratsec (as SIFT) was engaged by the IT Security Expert Advisory Group (ITSEAG) of the Trusted Information Sharing Network (TISN) to analyse the reliability of the Internet as public and private infrastructure in Australia, including the likelihood and consequences of failure. READ MORE
Jul 2, 2007
Secure Your Information: Information Security Principles for Enterprise Architecture
stratsec (as SIFT) was engaged by the IT Security Expert Advisory Group (ITSEAG) of the Trusted Information Sharing Network (TISN) to define a set of information security principles to assist organisations to better protect and secure their information assets and achieve regulatory compliance. READ MORE
Jun 15, 2007
APEC Information Security Skills Guide
stratsec (as SIFT) was engaged by the Asia-Pacific Economic Cooperation (APEC) organisation to develop a guide to assist small & medium enterprise and IT Professionals in understanding the range of Information Security Certifications available. READ MORE
Feb 14, 2007
Log Injection Attack and Defence
This paper by stratsec Managing Consultant Daniel Grzelak examines the anatomy of log injection attacks. A log injection vulnerability occurs when a poorly-written program uses user-provided data to write to a system or application log without any security pre-processing. If an attacker controls this data they can then manipulate entries in the log for their purposes. Based on their level of knowledge of log format and content, this often results in the ability to add new entries and falsify events and actions. READ MORE