GIAC Gold Topic Suggestions
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
ABCEFGHIJKLMNOPQRSTU
1
TimestampTopic TitleDescribe the topicTo what GIAC certification(s) does the topic apply?approvedinprogress
2
10/10/2013 6:40:20Enterprise Key Management Best PracticesOrganizations are expected to manage valuable key material for business critical applications on a daily basis. This paper would outline the basics of enterprise key management, provide a broad overview of what commercial and open source solutions exist, and provide a framework/best practices that can be used to manage and implement such solutions.GSNA
3
10/13/2013 10:49:35industrial
4
11/1/2013 16:21:50Is Cyber Risk Insurance Worth itInsurance companies start offering insurance for cyber security related incidents. What should one consider before signing up for insurance like this? When is it good to have?

1) Does your org have enough cash to self insure, that can be the best choice financially
2) If not, the premium and the level of coverage are rational
3) Carefullly read the policy to see any exceptions or limitations
GLEG
5
12/2/2013 10:32:03Datavisualization in Network Forensics
6
12/6/2013 7:21:46Equitable Forensics in a Global EnvironmentNOTE: THIS IS IN PREPARATION FOR GCFA RENEWAL IN 2014
My GCFA renewal is late 2014. I wish to assure I have approval prior to any effort on this topic.

The following is the planned abstract.

Successful multi-national corporation forensics is more than acquisition, data discovery and presentation to the target audience. It is a balancing act of corporate expectations, legal constraints and assuring investigation due care. Most corporate forensic investigations are not criminal misconduct. The investigation focus is tort or corporate misconduct. The investigator faces management restraints, legal constraint and urgency for discovery completion.
The mature multi-national forensic investigation will utilize documented good security practice and incident flow. The mature investigation will require access to legal resources assuring investigations will not violate local law. The corporate investigator may have hurdles such as no direct physical access or presence. Use of third party on-site investigators may be required. Clear qualitative forensic analysis will always be more valuable than quantitative analysis. Positive proof in country A may not be considered conclusive in country B.

GCFA
7
1/28/2014 7:03:03managing skills for auditing networksPlanned Abstract:

The reasons why professionals enter the IT audit field vary widely. With the tremendous growth of technology, many auditors see IT audit as a way to set them apart from their peers.

At a particular advantage are individuals who already have extensive IT experience and wish to capitalize on this knowledge in the audit field. Prentice believes that it is easier to teach an IT person audit skills than for an auditor to learn IT skills from scratch. Regardless of what causes a professional to enter the field, he or she should have certain characteristics important to a successful IT audit career.
GLSC
8
2/1/2014 6:25:46Managing an application security team, the challenge of the numbersMost of the application security specialists today have something in common : there moved their career from development to security. And even in 2014, the number of them making the move is still not common.

70% of the vulnerabilities are from the applications, but the number of university and colleges teaching secure development is still very low.

Then the challenge become clear : limited number of application security specialist on one side, and an army of non trained developers one the other side.

I will explain challenges related to humans, the management, growing the practices, managing multiple disciplines, training our people, open source, etc. So you will get a 360 degrees view on how our team, in a large financial institution, were able to make a difference. Making sure security is taking care at the beginning of the project is even more important when each vulnerabilities cost ~20k once in production.

My paper will talk about ISO 27034, training, awareness, secure code review, penetration testing and scanning, open source, and also hardware hacking.

Thanks!
GSLC
9
2/3/2014 10:03:24securityGSEC
10
4/9/2014 15:59:08Sandboxing and APTThere is a hype on APT protection now in the market, and most of control that run towards the attack talking about sandboxing technology. But the fact is in cyber kill chain, there are many ways APT can be detected and can be protected. The question now where does sandboxing technology can be use, and how effective does this sandboxing technology be implement to protect against APT and what kind of other technology can be used to protect environment from APT.GSEC
11
5/7/2014 0:43:35Auditing using Vulnerability tools to identify today’s threats Business PerformanceUsing a variety of data sources, including vulnerabilities tools, prioritizes the risk mitigation resources while lowering the overall risk status. This is critical for reducing any open gaps and ensuring that business analytics are balanced. Vulnerabilities tools enable to quickly score, organize, and combine hundreds of thousands of vulnerabilities and emphasize the critical few risks.GLSC
12
10/9/2014 6:43:56A practical approach to application security monitoringThe goal of the paper is to describe a project approach or methodology on how to setup application security monitoring for an application/information system. I would like to structure the approach in the following phases:

1) information inventory of the application: where you assess which information you want to protect/monitor. You'll also map
2) Scoping the monitored security events or application events you would like to include. I'm having the idea to actually include a toolkit in the paper in the form of an Excel spreadsheet which people could use to guide them in the process of building a monitoring initiative.
3) Offer an overview of standard application security metrics/indicators which are used to measure the health status of your application and shows the actual risks in the system.
4) Build the monitoring initiative.
5) Maintain the monitoring initiative.
GSEC, GCIH
13
10/19/2014 11:51:54How will Mobile Forensics look in the future?Mobile Forensics has long been the exploitation and analysis of data mainly retrieved from a forensically acquired image of the mobile device. With the advancements of technology and the growing increase for Secure personal data, are the Device manufacturers pushing the forensics world into exploiting other aspects of the phone i.e the cloud (Google, ICloud), 3rd party applications or the phone backups.

I will explore the way manufacturers have moved to encrypting devices by default, how applications are potentially the new risk of mobile devices and also how the introduction of paired devices will introduce an opportunity for forensic investigators to alleviate additional devices that are directly linked to the original evidential device.
FOR585
14
7/27/2016 5:00:56Deploying a Netflow Architecture Using SilkA useful paper would be a readable, clear deployment guidance document on building out a Netflow arcthitecture using Silk. They do have a guide but it is tough to follow.GCIA
15
4/5/2017 14:34:48Artificial Intelligence and Law EnforcementAfter the 9/11 terrorist attacks against the United States, the law enforcement and intelligence communities began efforts to combine their talents and information gathering assets to create an efficient method for sharing data. The central focus of these cooperative efforts for sharing information was state fusion centers, tasked with collecting data from several database sources and distributing that information to various agencies. This vast amount of intelligence data eventually overwhelmed the investigative organizations. The use of Artificial Intelligence (AI) to parse data and extract patterns of behavior that can create actionable intelligence for the recipient agencies is a technology that is desperately needed in order to shape the methodology of critical data sharing for crime and terrorism prevention. AI can analyze threat data and historical information and then create attack hypotheses for predicting when and where crimes will be committed. Statistical and tactical analysis of criminal and terrorist patterns of behavior by AI’s intelligent software agents can provide economical operations and resource management. By predicting the most logical locations for criminal activity, equipment and personnel can be directed to those areas to prevent those events from occurring. Financial resources must be allocated to allow for the development of these applications and for the exhaustive study of test results to ensure the accuracy and efficacy of AI’s machine-learning techniques for increasing the crime fighting options available to law enforcement and the intelligence communities.
16
9/11/2017 12:13:36Secure that flowFlow Computers, the front line cash register for the commodity world. Energy assets are operationally controlled by an ICS (Industrial Control System), often the afterthought, bolt on FC (Flow Computer) are sloughed off as someone else's problem and mostly forgotten in the security planning process. Flow Computers monitor and totalize the product transfer between two companies' and can vary from tens of thousands to millions of dollars of custody transfer a day. These little forgotten about electronic devices, if compromised could shift energy commodity markets globally. GICSP
17
3/8/2018 10:12:19Pen testing and automated adversarial planningUtilizing the pen test framework and newer deployed automated adversarial programs develop a plan for pen testing systems based on these new techniques and how they apply across enterprises. Look at specific info gathering tools, change management to update the automation and passive/active gathering to update attacks, also apply MITRE ATT&CK framework to such a tool. GPEN
18
3/23/2018 9:40:11Best Practices user Terraform for AWS Infrastructure as CodeThe idea with this Gold paper is to discuss best practices in using Terraform to write infrastructure as code for the AWS Cloud Environment and building a simple cloud resource, protecting the source code, following change controls and code review and using automation to update the code and apply. This could even split into a few topic white paper series.GCED
19
5/15/2018 20:06:35Real Time Phish Brand DetectionThis paper will discuss methodology, tools and techniques being used to detect phish brands by ingesting 3rd party sources and also in addition to that it will collect whole lot of information which will be beneficial in threat hunting e.g (looking for ip addresses hosting multiple phishing campaigns, look for html comments, taking md5 hash for page etc.) using elastic search capabilities. GCIH
20
7/18/2018 4:46:46Enterprise-wide Network Monitoring with ROCK NSMNetwork attacks have been increasing in number and complexity over the last few years. Network monitoring tools and NIDS/NIPS systems have evolved to protect organizations against new attack types and campaigns. As such, these solutions are commonly listed in the Preparation phase of many Incident Response (IR) playbooks. However, as of 2018, a limited number of solutions offer an all-in-one solution that allows companies to have a single point of control over their network.

Response Operation Collection Kit Network Security Monitoring (ROCK NSM) platform encompasses the capabilities of both network monitors (Bro) and NIDS/NIPS (Suricata/Snort) to provide organizations with an all-in-one, plug-and-play network monitoring and prevention solution.

The purpose of this paper is to provide a comprehensive view on how organizations can benefit from ROCK NSM features by describing how it can be deployed and tuned for enterprise use with the idea of making ROCK NSM enterprise ready. We will describe how the different components can be configured, how they interact with each other and how their output can be integrated with existing SIEM solutions.

Further information about ROCK NSM to be found here: http://rocknsm.io/
GCIH
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
Main menu