In-Depth White Papers – Check back often for new information on the latest security issues and information.

	"ZoToB Worm: Day Zero Defense!" by Jeff Kopp, CISSP, MCP: In early August, the ZOTOB worm signalled a change in network security. It emerged and spread so rapidly that signature-based defenses couldn’t react in time. Jeff Kopp discusses how this happened and what you can do to elimate these threats on day zero. Get the complete paper here.
	"Sustainable Compliance" by Pat Slagle, PMP, CISA: Meeting and maintaining compliance with regulatory and business entities is both complex and expensive. Consider this - a new survey released in June of 2005 shows that a majority of firms surveyed (74%) must comply with more than 5 laws and regulations. And according to the SEC, more than $4 billion has been spent to date on SOX compliance alone. So, whether it's SOX, GLBA, PCI or HIPAA compliance you've achieved, don't waste the significant expense and effort expended. You can minimize the cost, effort and risk of non-compliance by establishing an effective, ongoing program that will support multiple requirements. Get the complete paper here.
	Compliance Project Plan by Pat Slagle, PMP, CISA: Many businesses are struggling with meeting various compliance regulations required by both government and commercial entities. And the financial and human resources required in meeting compliance can be enormous. So once you've positioned your business to meet compliance, don't become overconfident thinking your job is done - it can be very expensive later when the auditors arrive again! Proactive maintenance is required to keep from blowing out the budget to get back into compliance down the road. Our security experts have developed a project plan that you can use to maintain your hard earned compliance. Get this free project plan in either Microsoft Project or Adobe Acrobat formats.
	"Roadmap to Information Security" by Pat Slagle, PMP, CISA, and Cris DeWitt, CISSP: In response to current small/medium business security and compliance issues, In-Depth Security has developed a roadmap that will guide and support the planning, implementation and maintenance of information security initiatives. Get your free copy of the entire roadmap here.
	"Mapping Sarbanes-Oxley to Payment Card Industry Standards" by Pat Slagle, PMP, CISA, and Cris DeWitt, CISSP: In-Depth Security has developed a tool that maps the IT control objectives from Sarbanes-Oxley with control objectives defined by Visa/MasterCard and American Express. Click here for a complimentary preview of this valuable document. Order your copy of this tool in its entirety by contacting our sales department at 512.263.8240.
	"LowTech InfoSec" by John Collins, Director of Training Services, In-Depth Security:Companies today spend millions on talent and technology to protect their digital assets and intellectual property. And while trying to eliminate all human error regarding the protection of our digital assets is commendable, it's really PEOPLE who have the biggest impact on the success of technology measures. In this brief paper, John Collins, Education Director for the Austin ISSA Chapter, gives some tips on designing and maintaining a secure posture through communication and awareness training. Get the complete paper here.
	"Wireless Networking Security Tips" by Cris DeWitt, CISSP: Although not as secure as its wired equivalent, in some cases wireless networking is justified. It's these cases where an out of the box implementation can really "lower the shields" of your security posture. If you choose to implement wireless, plan on a little more administrative effort than its wired cousin. Get the rest here.
	"The Perfect Firewall" by Cris DeWitt, CISSP: With so many options available today, IT Managers have much to consider when deciding on what firewall works best for their environment and security strategy. Take a look at what our security experts have to say about the Perfect Firewall. Click here for the whitepaper.
	"Achieving SOX Compliance" by LURHQ: The Sarbanes-Oxley (SOX) Act was established in 2002 in response to the dozens of accounting scandals involving companies such as MCI and Enron. The purpose of this legislation is to establish greater accountability at the executive level for financial reporting and to remove many potential conflicts of interest between companies and their audit service providers. Information security plays an important role in Section 404: Management Assessment of Internal Controls. This section dictates that companies must have the proper controls in place to ensure the integrity of financial informationand be able to validate these controls during their annual audits. Click here for a short white paper on how our Managed Security Services can help organizations address Section 404, enabling clients to demonstrate provable security to auditors.
	"Protecting Your Information Assets" by Cris DeWitt, CISSP and Jeff Kopp, MCP: Securing your sensitive data, intellectual property or even your personal identity can be a daunting task. Every day more threats are announced, more vulnerabilities exposed and more solutions to evaluate. So what can you do to start protecting your organization? Our security experts have developed a checklist that will help guide you through the difficult process of securing your information assets. Get the full whitepaper and free checklist here.
	"9 Steps to Hackproofing Your Computer" by Cris DeWitt, CISSP: If you’ve accepted the fact that your computer and networks are being attacked, and you should, then you should begin to develop and implement some defense in depth for preventing these attacks. (read more)
	"Keeping the Hacker/Attacker off the Factory Floor/Network" by Cris DeWitt, CISSP : As access to manufacturing data extends deeper into the manufacturing environment, countermeasures must be implemented to preserve or improve information security within the walls of the factory. The malicious activities of a few or the oblivious activities of many jeopardize the productivity of the organization and as such, a “defense in depth” approach must be implemented. Like an onion. (read more)
	"Protecting Networks Against Spyware, Adware, “Grayware" by Fortinet: Grayware is a new term that is starting to appear on IT and security professionals' radar screens. Many end users are only vaguely aware of grayware and its potential impact on their systems. (read more)
	"SEMI 2004 Software Symposium Security Q&A" by Cris DeWitt, CISSP: The following questions were posed to the panel members prior to the SEMI Software Symposium. The In-Depth Security team reviewed the questions and answered them in preparation for the panel discussion. Not all of the questions were asked at the symposium, but all are important! (read more)