Thursday, 13 November 2008

Text Data Mining vs. Information Retrieval / information, Access

Although only one of many factors, a driving force behind the growth of text mining has been the Web (Hastie, Tibshirani & Friedman, 2001). The growth of Internet commerce has created large repositories of documents, customer information, records and other information. The increasing need to record business and personal transactions and the growing volumes of logging within systems has provided an increasing amount of unstructured content. With the millions of new documents being produced each every year by the average company, knowledge discovery for forensic analysis is increasingly becoming reliant on text mining operations.

1. Hastie T., Tibshirani R. & Friedman J. (2001) “The Elements of Statistical Learning: Data Mining, Inference and Prediction”, Springer-Verlag

Wednesday, 12 November 2008

Why GIAC Certification with SANS Training

There are many reasons.

First, the training offered by SANS is second to none. The GIAC certifications demonstrate real world knowledge (esp. the Gold levels).

Next, there is the added benefit of re-training.

GIAC certifications need to be renewed ever 4 years. In my case this is not exactly true as I have a couple GSE platinum level certifications. The thing is that even with the requirement removed, I still re-certify.


The training of course!

SANS has some of the best training for information security offered anywhere in the world. The benefits of training through SANS are too numerous to note in a simple blog post, but they are why I keep coming back.
At the moment I am re-certifying my G7799 and GLEG certificates. Once I complete these I shall move to my re-certifying in my GCFA. The former two I shall have completed by Dec this year, the later shall be re-taken by Jan/Feb 09.

As a GSE-Compliance, my G7799 is covered and I do not need to re-certify but for the GSE. The same applies for the GCFA that I shall do early next year. The GSE-Malware I sat in October covers this. The reasons are two-fold. First, they keep my skills sharp. Practice is the way to becoming a successful IT Security professional.

Just ask any of my staff, I make sure that they train. I have people doing the GCFA certification, the GSEC, G7799, GISP and other SANS training as we speak. In fact, the GISP is one of the best ways to train for the CISSP exam. I know, I have staff doing this now!

Next - and more importantly, the re-certification process gives you updated books and MP3 files as a part of the process. Next, the "On-Demand" bundle is offered for a minimal cost. These CBT (Computer Based Training) sessions are the best in the industry. You have the SANS instructors and fellows, the material and can learn in your free time.

Finally, the STI (Sans Technology Institute) offers a couple of Post Graduate degree qualifications. The Master of Science Degree in Information Security Management and the Master of Science Degree in Information Security Engineering are two of the best post graduate info-sec courseware masters degrees that are available anywhere and they incorporate the elite GSE certification as well to have you graduate as a professional who can be trusted to know the essentials from the start.

As for me, I shall continue to do more training with SANS and will keep working to have their certifications added into the courses at my local University (CSU). To this end, a Masters degree in Digital Forensics based on a combination of University subjects and industry certifications (including those from SANS) will be available soon.

As soon as SANS gets their new SEC 501 course offered online, expect to see me sign up. This looks a great extension to the SEC 401 offering that leads to the GSEC certification. Why not show that you have the 37337 (hacker 4 elite) skills to make it in the IT Security industry and at the same time meet a set of contacts that will help you throughout your career. Plan to take the training or challenge the certification today!

Next for me... The GIAC Secure Software Programmer - Java (GSSP-JAVA) certification and then the final GSE to complete the trio later in 2009. What better way to show that you know your stuff in secure coding! The GSE requires the GCIH, GCIA and GSEC certifications, all of which I have. One REAL benifit is that I will get the material for the GSEC before I take the GSE exam next year.

I have the GCIA and GCIH material already (though I am looking forward to seeing all the updates for they change regularly). I challenged the GSEC and thus do not have these books or MP3's. I guess this is something to look forward to.

P.S. I am not even being paid to say this.

Tuesday, 11 November 2008

What am I up to?

I am busy writng at the current time for a number of sources. I have a number of posts up on the SANS Forensic blog and I have another later this week.

I am preparing a presentation around the paper I have published for ICISS08. I am presenting the paper:
Overwriting Hard Drive Data: The Great Wiping Controversy
by Craig Wright, Dave Kleiman and Shyaam Sundhar R.S..

I am also preparing a preliminary presentation that I shall be making on this topic at CSU next week. I am presenting this as a lecture to the post-graduate computer science students at Charles Stuart University. I shall be discussing the format of the new Masters degree in Digital Forensics at this time, so I should be able to offer some more concrete information to those prospective students who have been waiting this.

I am completing my section of the book, "CISCO ROUTER AND SWITCH FORENSICS". I am a little behind on the section on collecting volitile data from routes, but will have this complete tomorrow.

Added to this, I am completing the final draft for the legal and ethics chapter of "Official (ISC)2 Guide to the CISSP(R)-ISSMP(R) CBK ((Isc)2 Press)"

Next is White Hat. This is an innovative security focused summit aimed are correcting the issues, not just finding them. This will be in the USA and UK and we are looking at starting it here in Australia in 2010.

MISTI - IT Security World
On top of this, I am preparing my paper for MISTI new year (IT Security World 2009). I have a couple presentations at this conference:

H7 SaaS: Gaining On-Demand Application Benefits and Better Security
Dr. Craig Wright, Manager of Information Systems, BDO Kendalls
Date: Tuesday, 10 March 2009Time: 3:45pm - 5pmTrack: Application Security
• The deep potential of SaaS security solutions • Economic factors that now favor SaaS: maximizing low acquistion cost of SaaS and other cost benefits• How virtualization makes SaaS easy – what about security?• Utilizing SOA and SaaS together for better results • Key security considerations for adapting to SaaS model


F8 Effective Patch Management: Saving Time and Getting Better Security
Dr. Craig Wright, Manager, Information Systems, BDO Kendalls
Date: Wednesday, 11 March 2009Time: 9:45am - 11:15am
• How to update your current patch management framework• Methods hackers use to exploit unpatched systems to obtain access to protected networks and sensitive information• Can you rely upon automation and system integration?• Tips for staying on top of the patches

Finally, I have a few new research topics that I shall be preparing to turn into papers. My team has already started on one based on network graph analysis for chat and log analysis to be published next year. On top of this I shall be publishing a paper with Dave Kleiman.

I am also working on my GCUX Gold paper for GIAC. This is the GIAC Certified UNIX Security Administrator (GCUX) certification paper.

Title 100 Unix Commands
Abstract 100 UNIX commands to issue on other people's systems. This paper will analyse and present the top 100 commands in Unix/Linux that an attacker (and most crucially, a security tester) can use. These will range from commands to gain access to a system or extend access, to altering logs and other files (including the kernel) and to monitoring what is going on. The paper will also provide scripting techniques and examples based on these commands to provide the basics needed by any budding *NIX security professional.

This is due by early Jan 2009.

This ia only a sample of what I am up to... So, I am a little slow when replying at the moment.