Since I have taken the role of a GIAC Gold adviser, I have seen many good papers pass by. Every now and then, some jump out as being clearly above average. This week has been a particularly good week and two new additions have joined the reading room.
Security Incident Handling in High Availability Environments by Algis Kibirkstis adopts the point of view of a telecommunications provider. Having done some data modeling work in large telephone exchanges myself, I have always been intrigued by the high level of requirements that this industry puts on itself. Kibirkstis provides an excellent overview of the concept of High Availability (carrier-grade reliability) and goes on to describe how the incident handling process takes place in these environments. The paper ends with a set of 8 concrete recommendations. The paper is available here.
Investigative Tree Models by Rodney Caudle ties in to my other fascination: how to use symbolic models to improve real-world situations. No, I am not talking about glossy fashion magazine models, but things like decision trees, graphs, etc. Caudle describes how to use attack trees to aid incident investigations. He takes the reader through the formal definitions of these models and clearly explains them by providing well-documented examples. The second part of the paper describes a full case study on how to use a tree model to obtain proof in an investigation into email abuse. The paper wraps up with a brief conclusion and a look forward at some possible future trends. The paper is available here.
More information about GIAC Gold certification can be found on the GIAC website.