Choose Your Own Whitepaper Adventure (and Upcoming Papers)

By Rich | February 10, 2010

We are in the process of finalizing some research planning for the next few months, so I want to see if there are any requests for research out there.

First, here are some papers we anticipate completing over the next 3 months:

  • Understanding and Selecting a Database Encryption or Tokenization Solution

  • Understanding and Selecting a Database Assessment Solution

  • Project Quant for Database Security

  • Quick Wins with DLP

  • Pragmatic Data Security

  • Network Security Fundamentals

  • Endpoint Security Fundamentals

  • Understanding and Selecting a SIEM/Log Management Product

  • Understanding and Implementing Network Segregation

  • Data Security for the Cloud

Some of these are sponsored, some aren’t, and all will be released for free under a Creative Commons license.

But we’d also like to know if there are any areas you’d like to see us develop. What the heck – since we give it away for free, you might as well take advantage of us. The one area we aren’t ready to cover yet is identity management, but anything else is open.

Seriously – use us. We like it. Oh, yeah.

14 Comments

A
Allen Baranov 2010-02-17
Assessing 3rd parties... But, I agree those topics are exactly what I'd like to see. Done in the Securosis way - brilliant writing, easy to read but not hiding the technical details. I can't wait.
B
Ben 2010-02-16
I would like to see what you can add to this area of Security: Understanding and Selecting a SIEM/Log Management Product +1
M
Montez Fitzpatrick 2010-02-15
"Understanding and Selecting a SIEM/Log Management product" I would like to see this one written about a little more. Possibly with an ear to some of the new tools we have to help solve large dataset issues (efficient storage implementation), large indexing issues (map reduced inverted indexes), concurrency issues and integrity.
S
Slavik Markovich 2010-02-15
"Data Security for the Cloud" +1 Slavik
M
Michael Babao 2010-02-14
I like the ff articles: * Quick Wins with DLP * Network Security Fundamentals * Endpoint Security Fundamentals * Understanding and Selecting a SIEM/Log Management Product
C
Chris Carpinello 2010-02-12
Much <3 for the relaunched Securosis. I'd love to see fundamentals demystifying the alphabet soup of security frameworks (ITIL, COBIT, ISO 17799/27001, NIST SP 800). Aside from doing what everyone else in the same industry is doing, why choose one over the other? I prefer Mike's pragmatic approach to security programs, but there's no escaping the bureaucracy of these frameworks and certifications.
D
David Page 2010-02-11
Network Security Fundamentals + 1 Understanding and Selecting a SIEM/Log Management Product +1 Project Quant for File Permissions. I know File servers are about the easiest thing out there, but I believe there's a size and complexity threshold that could be identified as a reference point where certain alternative permissioning strategies or even technologies (i.e. Document Management Systems) is a best practice and MORE IMPORTANTLY shows a financial investment in those tools is better than continuing to attempt to centrally manage permission granularity on file servers
D
DMc 2010-02-11
Quick Wins with DLP Honestly I'm interested in any DLP deep dive. I work on detecting content for a DLP vendor and I deal with the limitations all the time. Every vendor will of course tell you that they have the best way to detect content but each strategy comes with different advantages and limitations. I'm interested in hearing about the different approaches and the methods of minimizing those disadvantages.
M
Mark Arnold 2010-02-11
Perhaps "Understanding and Selecting Manual Penetration Testers/Assessors (Network/Application/.etc.)". Looking forward to the SIEM piece.
L
Larry Dietz 2010-02-11
Rich, I'd like to see something on Data Security and the Cloud that addresses how you vet and secure overseas outsourcers. Larry
D
Dave Taylor 2010-02-11
Rich, I would like to read "Data Security for the Cloud." Seems to be an evolving topic especially now. Also, I stumbled upon this resource for <a href="http://www.hoffmanmarcom.com/writing-whitepapers.php" rel="nofollow ugc">white paper analysis</a>, check it out. Thanks, Dave
C
Catherine Franke 2010-02-11
Would it be possible for you to point me to your paper that will assist me to ensure availability/confidentiality of information in a (MS SQL) database that resides on a virtual machine? [Each DB instance on separate OS installed on a single HW server.] Thank you. --Cathy
A
Andre Gironda 2010-02-10
"Understanding and Selecting a SIEM/Log Management product" +1
A
Anton Chuvakin 2010-02-10
"Understanding and Selecting a SIEM/Log Management product" Awesome idea! I just wrote one of these, but there is definitely more education on that needed. I also like: "Project Quant for Database Security" Maybe "Project Quant for Vulnerability [not patch] Mgt" "Project Quant for Change Mgt" etc