I do not usually post non GIAC focused job postings and have deep concern with the use of "Special Forces", but it sounds like an interesting job so here is the link:
http://jobs.jobvite.com/careers/servicenow/job/oaQd4fw1?__jvst=Employee%20Referral&__jvsd=s3WsTfw4&__jvsc=LinkedIn&bid=n2aSYyw5
Thursday, December 22, 2016
Monday, December 5, 2016
CISO - In project planning define what "it" is
I reviewed project plans from four teams of really smart technical people today and after doing so, I am a bit troubled. One of the big problems in cybersecurity is that management is not convinced cyber-techies have any idea of what they are doing. Management may be right.
Two of the plans were, to be kind, minimalistic. Maybe a half page of cryptic notes. The third looked like a government RFP with 12 pages of writing for a 100 hour effort and the forth struck a balance between using as much paper as possible and actually laying out the work breakdown structure.
All four plans had the same serious flaw. They did not put any effort in defining what "it"is. This is one of the classic communication failures. The boss knows, (or at least thinks), she knows what she wants. So she directs her team, "build me a framus". So they go to work to build a framus, but they don't wait to define what "it" is. The most common definition of course is a vintage stringed instrument. However, for people familiar with the space program and that still have a moonshot flight jackets with the mission patches know it can be a synonym for a gizmo, or gadget, or more recently app or chatbot.
This is not a new problem, everyone has heard of garbage in - garbage out. However, hearing about a thing and dealing with it well are separate issues.
The good news is that this was not an effort to deflect an asteroid from striking the earth. All four were graduate level programs to increase the documented level of cybersecurity defensive information.
The bad news is the first week of the assignment is dedicated to the planning part. If we are dedicated to creating the next generation of cybersecurity leaders, we are going to have to solve the problem of teaching them to define what "it" is or we will end up with every imaginable framus.
Two of the plans were, to be kind, minimalistic. Maybe a half page of cryptic notes. The third looked like a government RFP with 12 pages of writing for a 100 hour effort and the forth struck a balance between using as much paper as possible and actually laying out the work breakdown structure.
All four plans had the same serious flaw. They did not put any effort in defining what "it"is. This is one of the classic communication failures. The boss knows, (or at least thinks), she knows what she wants. So she directs her team, "build me a framus". So they go to work to build a framus, but they don't wait to define what "it" is. The most common definition of course is a vintage stringed instrument. However, for people familiar with the space program and that still have a moonshot flight jackets with the mission patches know it can be a synonym for a gizmo, or gadget, or more recently app or chatbot.
This is not a new problem, everyone has heard of garbage in - garbage out. However, hearing about a thing and dealing with it well are separate issues.
The good news is that this was not an effort to deflect an asteroid from striking the earth. All four were graduate level programs to increase the documented level of cybersecurity defensive information.
The bad news is the first week of the assignment is dedicated to the planning part. If we are dedicated to creating the next generation of cybersecurity leaders, we are going to have to solve the problem of teaching them to define what "it" is or we will end up with every imaginable framus.
Wednesday, November 23, 2016
Detecting indications of compromise while decreasing response time
Detecting Indications of Compromise
and Decreasing Response Time
ISE 6100 – Security Project Practicum – CIO Report
Authors: Gordon Fraser, gordon.fraser@ctipc.com
Tobias Mccurry, tobiasmccurry@gmail.com
Wesley Earnest, wes.earnest@gmail.com
Advisor: Stephen Northcutt
Accepted: November 23, 2016
Abstract
GIAC Enterprises, a small to
medium sized business specializing in Fortune Cookie sayings, is faced with the
risk of its intellectual property being compromised. One of the most common vectors used by
attackers to gain access to this intellectual property via phishing emails
which lure users into executing malicious programs on their computers. To address this risk, GIAC’s CIO established
a tiger team to investigate and examine ways to streamline the incident
response process. Research shows that
only 3% of users report possible phishing emails (Verizon, 2016). Because of
this gap, the team focused on ways to automate detection. The team also looked for ways to decrease the
amount of time it takes for an analyst to respond to a suspected incident. The proposed solution combines open source
tools, Bro and Cuckoo, to analyze incoming email attachments and escalate only
the attachments that deemed suspicious to the SOC Analyst. The proposed solution also includes updates
to GIAC’s incident response procedures to quickly identify compromised systems
using indicators of compromise.
1.
Introduction
GIAC Enterprises, a small to medium sized business
specializing in Fortune Cookie sayings, is faced with the risk of its
intellectual property being compromised.
One of the most common vectors used by attackers to this data is
phishing emails which lure users into executing malicious programs on their
computers. To address this risk, GIAC’s
CIO established a tiger team to examine the following use cases:
·
Users receiving a phishing email with a
malicious attachment.
·
Users receiving a phishing email with a
malicious URL.
·
Drive-by attack resulting from a user visiting a
malicious web site.
1.1.
Current Environment
GIAC’s current detection and response processes require many
inefficient manual steps which are unnecessarily burning incident response
cycles. The current detection process
relies heavily on the end user notifying the security team of suspicious
emails. The Security Operation Center
(SOC) analyst needs to extract the suspicious attachment, upload it to the
sandbox, and wait for analysis to finish. However, research shows that only
three percent of users report possible phishing emails (Verizon, 2016). Because of this gap in the detection process,
the team focused on ways to streamline and automate previously documented
incident response steps.
The team also looked for ways to decrease the amount of
time it takes for an analyst to respond to a suspected incident. In the current process, the email administrators
notify the SOC analysts of the individuals who may have read or opened the
email. The SOC analyst would then take
whatever action was necessary. Per the
Verizon 2016 Data Breach Report (Verizon, 2016) 30% of people who receive a phishing
email open it. Only 12% of the
recipients opened the malicious attachment or clicked on the link. Quickly identifying the individuals who took
the phishing bait would significantly reduce the scope of the investigation and
time to resolution.
GIAC Enterprises recently implemented a pilot SIEM
utilizing AlienVault’s Open Source Security Information Management (OSSIM)
product to improve situational awareness and visibility by correlating log
files and security events. Based on our
team’s research and conversations with AlienVault, neither OSSIM nor
AlienVault’s commercial solution Unified Security Management (USM) is designed
to proactively examine files for malicious behavior. It can only detect the malicious activity
once the compromise has happened. To
protect GIAC’s intellectual property, a more proactive and automated solution
must be implemented to mitigate the risk posed by these use cases.
2.
Proposed Solution
Based on the scenario of a phishing email leading to
ransomware, the team focused its research efforts on points in the existing
process that could be performed proactively or automated to improve the
efficiency of the SOC Analyst’s time.
The proposed solution combines open source tools, Bro and Cuckoo, to
analyze incoming email attachments and escalate only the attachments that
deemed suspicious to the SOC Analyst.
According to AlienVault, “You cannot stop ransomware [...] detecting
[ransomware] within a timely fashion gives you the chance to respond
effectively.” (AlienVault, 2016). The
proposed solution also includes enhancements to GIAC’s incident response
procedures to handle potential incidents.
Figure 1 shows the workflow of the proof-of-concept built during this
project.
Figure 1: Proposed Solution Workflow
1) Monitor
network traffic (incoming SMTP traffic and outbound HTTP requests).
2) Parse
SMTP and HTTP traffic with Bro and extract all files (based on configured list
of MIME types) and URLs of interest.
3) Extracted
files are saved on the Bro server. A
service monitors for new files in a directory.
When a new file is detected, a script will copy the file to the Cuckoo
server for analysis.
4) Cuckoo
server has a directory that is being watched for new files to analyze. When a new file is detected in the directory,
Cuckoo analyzes the file and generates a text output.
5) A
script parses the Cuckoo output. If no
outbound network connectivity is detected, the file is considered benign and
discarded. If outbound network
connectivity is detected, then the file requires further analysis. An Analyst Report text file is created and
sent to the Bro server.
6) On
the Bro server, a script runs for each Analyst Report file which parses the Bro
logs for the details of the HTTP connection or the SMTP email (to/from/subject)
and appends a set of Powershell scripts to the Analyst Report file.
7) The
Powershell scripts can be used to search through the Exchange server mailboxes
based on:
a. Messages
that contain either the same sender, subject, or attachment.
b. Archive
and/or delete the message containing the suspect file.
8) Notify
SOC analyst of the new Analyst Report for further review and initiate the
incident response process if necessary.
9) Create
a ticket in OSSIM to track the analysis of the suspicious file or URL, and any
remediation effort.
2.1.
Streamlining Incident Response Process
To efficiently streamline the incident response process, the
team identified three sources of network data to include DNS logs, netflows,
and full packet capture. PassiveDNS logs DNS requests and responses. The nfdump suite of tools helps capture the netflow
data, which is a summary of network traffic. Tcpdump is used to collect full
packet captures.
3.
Use Case Validation
The team constructed a lab environment to conduct
simulated attacks. To test the first use case, a phishing email with a
malicious attachment, an email was sent with a word document that contained a
Visual Basic script that executed a malicious payload that connected back to
the attacker’s machine. The second and third use cases, a phishing email with a
malicious URL and drive-by attack, was tested by sending an email that
contained a link to a web site that compromised the browser, connected back to
the attacker, downloaded and executed a malicious payload.
The Analyst Report was generated due to the outbound
connection initiated by the word document and separately the drive-by attack.
Bro appended details from the original vector and the Analyst Report to help
with eradication portion of the incident response process. The eradication phase
was validated by using the Powershell scripts generated from the details
provided in the steps above. These scripts removed the malicious emails from
any users’ inboxes.
Given the indicators of compromise from the Analyst Report,
we quickly identified the systems that were compromised. This would support the incident response team
during triage and allow them to focus their efforts on those systems which pose
the most risk to the organization. During testing, full network traffic was
captured for analysis.
4.
Conclusion
This new workflow provides a much more comprehensive
solution to dealing both phishing emails and attachments and files downloaded
via HTTP. Bro and Cuckoo working
together showed promise in detecting potentially malicious files. Using the DNS logs, netflow data, and full
packet captures proved valuable in streamlining the identification of
compromised systems.
4.1.
Future Enhancements
There are several aspects within this proof-of-concept
that could be enhanced during future phases of this project. First, this proof-of-concept is currently
only able to rule out benign files based on the absence of outbound network
connectivity. If only 3% of suspect
files are currently being reported by end users, it is likely that promoting
this new process to production will substantially increase the SOC analyst’s
workload. Further research is needed to
improve the quality of detection capabilities in Cuckoo. One such approach may be YARA. YARA is a tool that could be integrated with
Cuckoo to identify and classify malware (YARA, 2016).
Integration with Exchange is another area where the
process could be further streamlined. Removing the manual process of the
identifying users that received the email via Powershell would be beneficial. Execution
of the Powershell scripts could be automated and the output included in the Analyst
Report.
The integration with OSSIM could also be enhanced to
provide the SOC analyst with additional visibility into the environment by
creating custom plugins and correlation directives with the log data from Bro,
Cuckoo, and Exchange. Creation of incident tickets could be automated to help
raise awareness to a possible incident.
Like all intrusion detection systems, this new process is
still limited to the traffic it can monitor.
Encrypted files, secure email, and HTTPS websites would require SSL/TLS
termination at the border for the network monitoring tools such as Bro and
nfdump to work.
References
AlienVault. (2016) Detect Ransomeware Before It’s
Too Late with AlienVault USM. Retrieved
October 13, 2016, from https://www.alienvault.com/forms/webcast-thank-you/detect-ransomware-before-its-too-late-with-alienvault-usm
Verizon. (2016) 2016 Data Breach Investigations
Report. Retrieved October 5, 2016, from www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf
YARA. (2016) YARA in
a nutshell. Retrieved October 7, 2016 from http://virustotal.github.io/yara/
Monday, November 14, 2016
Ken Hartman - Leadership Essay - Tryanny of the Urgent
I will not normally post SANS.EDU student work on my blog, but they are working on the web site right now and I wanted to show an example of a successful ISE 5600. I nominated this as an exemplar and it was accepted.
Reasons for nomination:
Reasons for nomination:
- Quality writing, the 94 on Grammarly needs to take in account the places Grammarly is not correct.
- Important topic. Granted I may be biased, but I read the Hummel book of the same title back in college and it helped shape my decision making process for life.
- Topic consistency. Many students get lost in this assignment by writing about transformational leadership in general instead of an aspect of transformational leadership.
Stephen
The Tyranny of the Urgent and the Transformational Security Leader
ISE 5600 Leadership Essay
Author: Kenneth G. Hartman, ken@kennethghartman.com
Advisor: Stephen Northcutt
Accepted: November 1, 2016
Abstract
In many companies, the information security team has minimal
resources and operates in a very reactive mode, moving from one crisis to
another. Without strong transformational leadership, information security teams
can become victims of the tyranny of the urgent. Recent cross-disciplinary
research in brain function and evolutionary psychology can serve as a powerful
motivation model for transformational leadership.
This type of leadership enables a security leader to construct
transformational experiences that elevate an organization’s security posture
while meeting the individual needs of colleagues and thus preventing burnout in
the process.
Introduction
Security
executives face unprecedented challenges as the landscape of information security
shifts via rapid developments in technology and the growing sophistication of
threat actors (LookingGlass Cyber
Solutions, 2016). In many companies, the information security team has minimal
resources and operates in a very reactive mode, moving from one crisis to
another (LookingGlass Cyber Solutions,
2016). However, not every urgent activity
is truly important or will have a lasting impact on the destiny of an
organization or its people. Charles E. Hummel (1967) coined the phrase “tyranny
of the urgent” to succinctly express this realization in a pamphlet he
authored, writing, “The urgent task calls for instant action…the momentary
appeal of these tasks is irresistible and important,
and they devour our energy” (p. 4).
How can a
security manager cope with the tyranny of the urgent? Managers must use principles of transformational leadership. James M. Burns (1978)
first articulated the notion of the transformational leader by contrasting it
to a transactional leader who grants and withholds rewards. Transformational
leaders develop followers into leaders through empowerment and aligning the
goals and objectives of the follower with those of the leader and the
organization (Bass & Riggio, 2008).
The
following sections aspire to create a compelling model for positive change in
the day-to-day operation of a security program that a transformational security
leader can start to employ immediately.
The Covey Time Management Matrix, discussed below, can be used to
differentiate between different types of urgent and important tasks. Burnout can occur when one attends to the
urgent tasks required by the organization at the expense of his or her needs. By using the matrix and insights from recent
research into human motivation, the transformational security leader can create
experiences that empower their followers to satisfy their drives in the process
of meeting the organization’s critical
needs.
Covey Time
Management Matrix
In his
classic work, First Things First, Stephen
Covey (1994) builds upon Hummel’s ideas
concerning the tyranny of the urgent with his Time Management Matrix, shown in
Figure 1.
Urgent
|
Not Urgent
|
|||
Important
|
Quadrant I
|
Quadrant II
|
||
●
|
Crisis
|
●
|
Preparation
|
|
●
|
Pressing problems
|
●
|
Prevention
|
|
●
|
Deadline-driven projects,
|
●
|
Values Clarification
|
|
meetings, preparations
|
●
|
Planning
|
||
●
|
Relationship building
|
|||
●
|
True re-creation
|
|||
●
|
Empowerment
|
|||
Not Important
|
Quadrant III
|
Quadrant IV
|
||
●
|
Interruptions, some
|
●
|
Trivia, busywork
|
|
phone calls
|
●
|
Junk mail
|
||
●
|
Some mail, some reports
|
●
|
Some phone calls
|
|
●
|
Some meetings
|
●
|
Time wasters
|
|
●
|
Many proximate
|
●
|
"Escape" activities
|
|
pressing matters
|
||||
●
|
Many popular activities
|
|||
© 1994 Covey Leadership Center,
Inc.
|
||||
Figure 1. Covey
Time Management Matrix
In this book, Covey (1994) elaborates
on the addictive nature of urgency:
We get a temporary high from
solving urgent and important crisis. Then when the importance isn’t there, the urgency fix
is so powerful, we are drawn to anything urgent, just to stay in motion.
People expect us to be busy, overworked. It’s
become a status symbol in our society—if we are busy, we’re important; if we’re not
busy, we’re almost embarrassed to admit
it…It’s also a good excuse for not dealing with
the first things in our lives (p. 4).
Covey explains that in Quadrant I, we use our expertise to solve pressing
business needs. He states that procrastinating
or neglecting Quadrant II activities may cause them to become urgent. Quadrant
III activities masquerade as important because of their urgency. These
activities are only important to someone else — if they are even important at all. The
Time Management Matrix allows one to evaluate how he or she is spending
precious time (Covey, 1994).
If a security professional is a victim of the tyranny of
the urgent, that person may neglect to create important
relationships, perform necessary strategic planning, or take actions that are needed to give their work meaning. Transformational security leaders recognize
the importance of Quadrant II activities for themselves and their teams.
Urgent Security Matters and Burnout
Security
professionals must be ready to respond to security incidents and the
never-ending stream of new vulnerabilities at a moment’s notice. On top of this
responsibility, they are also charged
with the tasks of remediating findings from compliance auditors and performing
application security reviews for teams that aggressively pursue opportunities
for business growth (Hartman, 2015). These urgent tasks generally fall into Quadrant I (Important and Urgent) of the Covey
Time Management Matrix. Unfortunately, sometimes these pressing demands fall
into Quadrant III (Urgent but Not Important) relative
to the individual security professional’s sense of purpose and meaning. These
activities may be critical to the survival of the business but can crowd out the individual’s personal and
professional self-care.
As a
profession, information security requires long hours and a constant need to
upgrade individual skills. The job is often thankless; yet, there is little
room for mistakes (Leite, 2011). Improving oneself is a Quadrant II activity,
which is frequently neglected due to the
tyranny of the urgent causing frustration to many information security
professionals.
These realities
in the information security field can lead to burnout, as claimed by panelists
at the 2012 RSA Conference. Information security can be an isolating profession
that, at times, seems at odds with the growth agenda of an organization. Joshua
Corman from Akamai Technologies stated, “We
spend so much time worrying about malware and woes in this industry that we
forget to take care of each other” (as cited in Goodchild, 2012). These sentiments make the inclusion of
transformational leadership in security management more critical than ever.
Transformational security leaders take care of their needs and the needs
of their followers—not just the pressing needs
of the organization.
Some
perceive that the security profession promotes paranoia, highlighting that
security agendas often adopt a negative
frame to justify projects while other parts of the organization improve
productivity and generate new business. Often, there is not a clear win for the
security professional, unlike there is for doctors,
trial lawyers, and firefighters who are also in high-stress occupations (Korolov, 2015).
Based on
his review of a broad mix of philosophical and religious literature, Covey
(1994) claimed that we all have four fundamental needs, “to live, to love, to
learn, to leave a legacy” (p. 45). Meeting these needs is clearly a Quadrant II (Important but not urgent) activity. When one fails to satisfy these personal needs, he or she is
deprived of a sense of purpose and will begin to experience symptoms typically
associated with burnout (Covey, 1994). These symptoms can include exhaustion,
cynicism, doubts about one’s ability to deliver results, and even rage in more
extreme cases (Goodchild, 2012) .
Transformational Leaders and Motivation
While
burnout and the tyranny of the urgent can create a bleak picture of the
information security industry, it creates a unique opportunity for a
transformational security leader to make a significant and positive difference.
Recent
cross-disciplinary research in brain function and evolutionary psychology confirms
Covey’s assertion regarding our four fundamental needs. This new research can
serve as a powerful motivational model to the cognizant security leader. A Harvard Business Review (HBR) article citing this brain research claims that humans are hardwired with four drives that influence behavior and emotions (Nohria, Groysberg, & Lee, 2008). Nohria et al. (2008) examined each of these
four drives using the following indicators: engagement, satisfaction,
commitment, and intention to quit. Given the current state of turnover and the shortage
of security professionals (Korolov, 2015),
these indicators should be of interest to the astute security leader attempting
to combat burnout on the security team. Furthermore, Nohria et al. (2008) claim
that their research revealed that an individual manager has significant
influence over the way employees satisfy the four hardwired drives that
underlie motivation, which include: The Drive to
Acquire, The Drive to Bond, the Drive to Comprehend, and the Drive to
Defend.
The
Drive to Acquire
Humans are all driven to acquire scarce resources, including
shelter, clothing, food, and money. The satisfaction we feel when meeting this
innate human drive seems to be based on one’s comparison with what others
possess. However, this drive cannot be fully satiated because humans always
want more. Nohria et al. (2008) point out that the drive to acquire is not
limited to physical goods, but also extends to experiences and events that
improve social status.
The
Drive to Bond
Like many
animals, humans have a drive to bond within groups and collectives. When this
need to bond with others is met, it
evokes positive emotions of love and caring. However, when the drive to bond is
unfulfilled, individuals feel loneliness, alienation, and lack of purpose.
Nohria et al. (2008) claim that this explains why motivation increases if
employees are proud to belong to an organization. It also explains why betrayal
by the group devastates morale.
The
Drive to Comprehend
There is a human need to make sense of the world, to
create meaning out of the events in our lives, and to produce theories and
rational explanations. People tend to get frustrated when things seem senseless
but are invigorated by working out the answers. The drive to comprehend
explains why employees are motivated by challenges and opportunities to learn
and grow. It also explains why employees with talent will change jobs if they
no longer feel stretched (Nohria et al., 2008).
The
Drive to Defend
Like many animals, humans have a fight-or-flight instinct,
but the drive to defend is more than the tendency to protect property and loved
ones from external threats through either defensive or aggressive behavior. The
drive to defend extends to defending one’s reputation and legacy. This drive also
includes the need to promote justice and to create a safe environment to allow
each other to express opinions and ideas. The drive to defend explains why
people resist change. When one has not met their need to defend properly, feelings of resentment, fear,
and other strong negative emotions will manifest. Conversely, when the drive to
defend is satisfied, one feels a sense of confidence and security (Nohria et al., 2008).
Creating Transformational Experiences
A security
leader equipped with insight about the Covey
Time Management Matrix and the nature of the four hardwired drives is in a
unique position to construct
transformational experiences that elevate an organization’s security posture while also meeting the individual needs
of his or her followers.
The fact
that so many security professionals face burnout is particularly troubling because
many motivated and skilled people are
initially attracted to the field of information security due to one more of the
following reasons:
·
The allure
of acquiring hacking skills, and
getting paid a competitive wage;
·
An
opportunity to secure and defend an
organization that is committed to them;
·
Networking (bonding)
with peers and the security celebrities who speak at security conferences; and
·
An interest in trying to comprehend the latest security research and threats. (Bird, 2013)
Pine and Gilmore’s (1999) book, Experience Economy, recognizes that economic activity has been
shifting away from goods and services toward transformational experiences. While
the thrust of their book is about creating transformational experiences for
customers, their insights are equally applicable to employees. Pine and Gilmore note that
clients seek out transformational experiences, like attending business
school or a martial arts program, to become different, changed, and transformed:
When you customize
an experience to make it just right for an individual—providing exactly what he or she needs right now—you cannot help changing that individual. When you customize an experience, you automatically turn it into a transformation.
(p. 165)
If a security leader wishes to
attract and retain motivated followers to help secure and defend the organization,
the leader should craft transformational experiences that create opportunities
for high performers to distinguish themselves and receive the deserved acclaim
and performance rewards. Although rewards should discriminate between high and poor performance, this should not come at the expense of collaboration and
teamwork. The security leader must foster an atmosphere of camaraderie and even
friendship out of recognition of everyone’s human need to bond. The
transformational security leader must craft experiences for followers that
encourage continuous learning and reward knowledge transfer back to the
organization, making it more secure in the process. Lastly, why not tap into
everyone’s natural drive to defend? Focus that need on securing the organization
rather than defending oneself from ad hominem attacks (Nohria et al., 2008). The transformational security leader must
allocate time to perform “important but
not urgent” (Quadrant II) and nurturing activities in an intentional manner, or they will be crowded out by the
crisis of the day.
Enjoying the Journey
Transformational
experiences are much like a journey. They are guided by a leader but are still very much an individual
process (Pine & Gilmore, 1999). Why
not enjoy the process? Mark it with milestones and take the time to celebrate the important landmarks. Recent
research shows that sharing experiences makes them more intense (Boothby, Clark, & Bargh, 2014) and reduces
feelings of isolation (Cooney, Gilbert, &
Wilson, 2014).
Lastly, security
leaders should not let the tyranny of the urgent prevent them from recognizing
that the security professionals they influence are some of the most committed,
adaptive, and driven people in their organization. Instead, the transformational security leader
should use the Covey Time Management Matrix to focus the commitment and drive
of their followers by crafting experiences that challenge individuals to meet
their innate needs to acquire, bond,
comprehend, and defend in such a way that the outcomes of these experiences
meet pressing organizational needs in the process.
References
Bass, B. M., & Riggio, R. E. (2008). Transformational leadership.
Mahwah, NJ: Lawrence Erlbaum Associates.
Bird, K. (2013). Expert advice on why you should work in
information security ... Now. Retrieved from
http://www.rasmussen.edu/degrees/technology/blog/expert-advice-why-work-in-information-security/
Boothby, E. J., Clark, M., & Bargh, J. A. (2014). Shared
experiences are amplified. Psychological Science, 25(12), 2209-2216.
Burns, J. M. (1978). Leadership. New York, NY: Harper
& Row.
Cooney, G., Gilbert, D. T., & Wilson, T. D. (2014). The
unforeseen costs of extraordinary experience. Psychological Science, 25(12), 2259-2265.
Covey, S. R. (1994). First things first. New York, NY:
Simon & Schuster.
Goodchild, J. (2012). RSA conference 2012: Stress and
burnout in infosec careers. Retrieved from http://www.csoonline.com/article/2131034/security-leadership/rsa-conference-2012--stress-and-burnout-in-infosec-careers.html
Hartman, K. G. (2015). What every tech startup should know
about security, privacy, and compliance. Retrieved from
https://www.sans.org/reading-room/whitepapers/compliance/tech-startup-about-security-privacy-compliance-35792
Hummel, C. E. (1967). Tyranny of the urgent! Downers
Grove, IL: InterVarsity Press.
International Organization of Standardization (ISO). (2013). Information
technology–Security techniques–Code of practice for information security
controls Switzerland. IEC 27002: 2013 (EN). Geneva, Switzerland: ISO/IEC.
Korolov, M. (2015). CSO burnout biggest factor in infosec
talent shortage. Retrieved from
http://www.csoonline.com/article/2977604/infosec-staffing/cso-burnout-biggest-factor-in-infosec-talent-shortage.html
Leite, A. D. (2011). 6 reasons why you should NOT work
with information security. Retrieved from
http://www.myinfosecjob.com/2011/08/6-reasons-why-you-should-not-work-with-information-security/
LookingGlass. (2016). Information security threat
landscape: Recent trends and 2016 outlook . Retrieved from
https://www.lookingglasscyber.com/wp-content/uploads/2016/04/LookingGlass-2016-Information-Security-Whitepaper.pdf
Nohria, N., Groysberg, B., & Lee, L. E. (2008). Employee
motivation. Harvard Business Review,
86(7/8), 78-84.
Pine, B., & Gilmore, J. H. (1999). The experience
economy: Work is theatre & every business a stage: Goods and services are
no longer enough. Boston, MA: Harvard Business School Press.
Subscribe to:
Posts (Atom)