20 Critical Controls Reading List

Executive Summary:

The seminar papers required in your course of study are an opportunity for you to reflect on what you have learned in so far in The SANS Technology Institute's ISE 5100 and ISM 5100. You should view this first paper as a chance to establish a general theme for your studies, consistent with the overall goals you enumerated in the outcomes statement you submitted as part of your admission application.

Review your outcomes statement and if necessary, update it to reflect any changes in your goals. (Updates should be submitted to info@sans.edu so that we always have your most recent version.) Review the technical material in the SANS class, and especially the aspects regarding practical implementation of the technology. Review the 20 Critical Controls, your paper must include at least one aspect of the appropriate controls. We have provided a list of readings below, a mix of threats and solutions illustrating various aspects of the critical controls which mention recent security related events. Choose to read the ones you feel might be relevant to your environment, and you are welcome to use other sources as appropriate. Your paper should discuss practical application of security technology in a context that is consistent with your stated outcomes. You paper should also serve to increase the knowledge of security and implementation and should have at least five sources not listed below. Your paper should be five to ten pages in length and should be the beginning of your research for your monograph, part 4 of this course.

Learning Outcome:

The student will demonstrate mastery of the 20 Critical Controls as a framework to implement enterprise security.

Grading rubric:

Relation of paper subject matter to student outcome statement 10 possible
Relation of paper subject matter to at least one control 10 possible
Paper contributes to the body of knowledge 10 possible
Length of paper is between five and ten pages, 1 point per page
Writing quality ( grammar, spelling, flow) 10 possible

Critical Security Controls - Version 3.1

Critical Control 1: Inventory of Authorized and Unauthorized Devices Exploiting Embeded Devices http://www.sans.org/reading_room/whitepapers/testing/exploiting-embedded-devices_34022Signing chips
http://defense.aol.com/2012/10/08/dla-demands-chip-makers-tag-products-with-plant-dna-a-war-on-co/
Michael Baxter stole hw from Verizon and Cisco http://www.theregister.co.uk/2012/10/05/sysadmin_jail_kit_theft/
Illegal imports of hw to Russia http://news.cnet.com/8301-1009_3-57528353-83/worm-spreading-on-skype-im-installs-ransomware/

Critical Control 2: Inventory of Authorized and Unauthorized Software Malware on medical devices http://www.technologyreview.com/news/429616/computer-viruses-are-rampant-on-medical-devices-in-hospitals/
Downloading trojan (phone) http://www.h-online.com/security/news/item/French-hacker-captures-EUR500-000-with-smartphone-trojan-1734182.html
Mobile malware http://news.cnet.com/8301-1009_3-57532937-83/fbi-warns-users-of-mobile-malware/
Malware spreading through Skype - Ransomware http://news.cnet.com/8301-1009_3-57528353-83/worm-spreading-on-skype-im-installs-ransomware/

Critical Control 3: Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers

Critical Control 4: Continuous Vulnerability Assessment and Remediation Security business- Tenable http://www.baltimoresun.com/business/technology/blog/bs-bz-tenable-raises-capital-20121029,0,7059459.story

Critical Control 5: Malware Defenses
Microsoft report on root kits http://blogs.technet.com/b/security/archive/2012/10/19/new-mmpc-threat-report-on-rootkits-now-available.aspx
State sponsored mini=flame http://www.wired.com/threatlevel/2012/10/miniflame-espionage-tool/all/
Sandboxing http://www.computerworld.com/s/article/9232562/Adobe_bolsters_Reader_Acrobat_XI_security?taxonomyId=17
Attributes of Malicious Files http://www.sans.org/reading_room/whitepapers/malicious/attributes-malicious-files_33979
Microsoft Report on Malware in Romania, Poland, Bulgaria http://blogs.technet.com/b/security/archive/2012/10/22/cyber-threats-in-the-european-union-first-half-2012.aspx

Critical Control 6: Application Software Security BEAST http://www.theregister.co.uk/2012/10/18/ssl_security_survey/

Critical Control 7: Wireless Device Control Symantec consumer wireless guide http://spotlight.getnetwise.org/wireless/wirelessguide.pdf
NIST Checklist http://www.itl.nist.gov/lab/bulletns/bltnmar03.htm
NIST Wireless Special Publication http://csrc.nist.gov/publications/nistpubs/800-153/sp800-153.pdf

Critical Control 8: Data Recovery Capability Computerworld overview http://www.computerweekly.com/feature/Computer-data-recovery-Essential-Guide
One of the many Scott Moulton Youtube videos http://www.youtube.com/watch?v=Kx-D1nJcv0k

Critical Control 9: Security Skills Assessment and Appropriate Training to Fill Gaps
Netwars http://www.sans.org/cyber-ranges/netwars
Why certify? http://www.giac.org/certifications/why-certify

Critical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches Router vulnerabilty http://www.h-online.com/security/news/item/HP-asks-researcher-not-to-publish-security-vulnerabilities-1733216.html

Critical Control 11: Limitation and Control of Network Ports, Protocols, and Services Using SNORT for intrusion detection in MODBUS TCP/IP communication http://www.sans.org/reading_room/whitepapers/detection/snort-intrusion-detection-modbus-tcp-ip-communications_33844

Critical Control 12: Controlled Use of Administrative Privileges
Admin privileges in Windows 8 http://www.forumswindows8.com/general-discussion/how-promote-administrative-privilege-windows-8-a-2214.htm

Critical Control 13: Boundary Defense HSBC http://news.cnet.com/8301-1009_3-57535500-83/hsbc-hit-by-broad-denial-of-service-attack/ Social related hacking - null crew http://www.infosecurity-magazine.com/view/29035/nullcrew-continues-its-hacking-spree-with-a-new-international-operation/ SCOCKS proxies http://www.computerworld.com/s/article/9232197/Malware_infected_computers_rented_as_proxy_servers_on_the_black_market

Critical Control 14: Maintenance, Monitoring, and Analysis of Security Audit Logs Logging and Monitoring to Detect Network Intrusions and Compliance Violations in the Environment http://www.sans.org/reading_room/whitepapers/detection/logging-monitoring-detect-network-intrusions-compliance-violations-environment_33985 Evil Through the Lens of Web Logs http://www.sans.org/reading_room/whitepapers/logging/evil-lens-web-logs_33950

Critical Control 15: Controlled Access Based on the Need to Know Jitterbit and Workbench http://www.youtube.com/watch?v=19Q3kq_x-HE

Critical Control 16: Account Monitoring and Control Shortened URLs http://www.nextgov.com/mobile/2012/10/think-twice-you-click-dot-gov-link-your-cellphone/58914/?oref=ng-HPtopstory Encrypted Disk Detector ( opportunity to help ) http://computer-forensics.sans.org/blog/2012/10/29/help-improve-edd-encrypted-disk-detector

Critical Control 17: Data Loss Prevention Warantless wiretaps http://www.computerworld.com/s/article/9232580/High_court_nixes_appeal_of_AT_T_NSA_wiretap_Case?taxonomyId=17
BYOD exposure http://news.cnet.com/8301-1009_3-57537298-83/some-android-apps-could-leak-personal-data-researchers-find/
Google in Europe http://www.bbc.co.uk/news/technology-19953241 New Zealand Job seekers http://www.theregister.co.uk/2012/10/14/nz_mnd_leaks_data/

Critical Control 18: Incident Response Capability
Ireland Domain Registry http://arstechnica.com/security/2012/10/irelands-domain-registry-suspends-some-operations-following-security-breach/
http://www.darkreading.com/database-security/167901020/security/attacks-breaches/240008928/florida-university-breach-exposes-data-on-279-000.html
Facebook response to data breach http://arstechnica.com/security/2012/10/facebook-tries-cloaking-probe-into-data-leak-involving-1-million-accounts/
Zappos unenforceable EULA http://boingboing.net/2012/10/31/zapposs-crappy-eula-found-un.html

Critical Control 19: Secure Network Engineering
Pacemaker attack http://www.computerworld.com/s/article/9232477/Pacemaker_hack_can_deliver_deadly_830_volt_jolt?taxonomyId=85 Letter to energy producers ( Sen. Rockefeller) http://assets.nationaljournal.com/pdf/1209_ElectricLetterRockefeller.pdf Secure OS for control systems http://www.eweek.com/security/kaspersky-lab-developing-secure-os-for-industrial-control-systems/

Critical Control 20: Penetration Tests and Red Team Exercises
IPhone backup files. A penetration tester’s treasure trove? http://www.sans.org/reading_room/whitepapers/apple/iphone-backup-files-penetration-testers-treasure_33859
Systems Engineering: Required for Cost-Effective Development of Secure Products http://www.sans.org/reading_room/whitepapers/physcial/systems-engineering-required-cost-effective-development-secure-products_34000


Technology forces at work, not sure how cloud fits 20 CC
Fault Modeling for Cloud Services http://blogs.technet.com/b/trustworthycomputing/archive/2012/10/11/fault-modeling-for-cloud-services.aspx
Cloud Security Alliance https://cloudsecurityalliance.org/csa-news/csa-releases-siem-guidance/
Google email under state sponsored attack http://www.nbcnews.com/technology/technolog/google-users-your-account-may-be-under-attack-6259428