Most Popular Services
Compliance Programs	Security Blanket	Security Strategy Architecture & Design
Application Vulnerability Testing	Penetration Testing	Security Services for Hosted Applications

White Papers

Technical White Papers in PDF format:

"Risk Assessment of Social Media"
Robert Shullich, SystemExperts Corporation

"Looking at the SANS 20 Critical Security Controls"
Brad C. Johnson, SystemExperts Corporation

"Using BitLocker As Part Of A Customer Data Protection Program: Part 1"
Philip C. Cox, SystemExperts Corporation

"Using BitLocker As Part Of A Customer Data Protection Program: Part 2"
Philip C. Cox, SystemExperts Corporation

"How To Use BitLocker To Go In Windows 7: A Primer"
Philip C. Cox, SystemExperts Corporation

"Your BitLocker To Go Active Directory Policy Options"
Philip C. Cox, SystemExperts Corporation

"Introduction To Windows Rights Management Services"
Philip C. Cox, SystemExperts Corporation

"IWindows 7 Backup and Restore"
Philip C. Cox, SystemExperts Corporation

"Top Cloud Identity Management Considerations"
Philip C. Cox, SystemExperts Corporation

"Access Management Services In The Cloud"
Philip C. Cox, SystemExperts Corporation

"IaaS Threats In The Cloud - Part 1"
Philip C. Cox, SystemExperts Corporation

"IaaS Threats In The Cloud - Part 2"
Philip C. Cox, SystemExperts Corporation

"IaaS Threats In The Cloud - Part 3"
Philip C. Cox, SystemExperts Corporation

"PaaS Threats In The Cloud"
Philip C. Cox, SystemExperts Corporation

"Virtual Desktop Threats"
Philip C. Cox, SystemExperts Corporation

"Is Your Application Cloud-Worthy?"
Philip C. Cox, SystemExperts Corporation

"ISSA Journal, September 2008"
Brad C. Johnson, SystemExperts Corporation

"Payment Card Industry Data Security Standard Compliance Overview"
Brad C. Johnson & Philip C. Cox, SystemExperts Corporation

"SHA1 Cryptographic Hash Update"
Landon Curt Noll, SystemExperts Corporation

"Internet Penetrations:
Thinking Like an Attacker"
Brad C. Johnson, SystemExperts Corporation

"Configuring Secure Linux Hosts"
Landon Curt Noll, SystemExperts Corporation

"Appreciating the Security Threats
Associated with your Handheld Device"
Brad C. Johnson and Richard E. Mackey, Jr.,
SystemExperts Corporation

"National Security Agency (NSA)
INFOSEC Assessment Methodology (IAM)"
Brad C. Johnson, SystemExperts Corporation

"The SSL Handshake"
Brad C. Johnson, Donald T. Davis, and Jonathan Gossels,
SystemExperts Corporation

"HIPAA Compliance"
Landon Curt Noll and Jonathan Gossels, SystemExperts Corporation

"A Better Way to Evaluate Large Code Sets
in Today's Fast-Paced Web Environment"
Brad C. Johnson, SystemExperts Corporation

"Intrusions and their Detection:
Addressing Common Hacker Exploits"
Brad C. Johnson, SystemExperts Corporation

"Wireless 802.11 LAN Security: Understanding the Key Issues"
Brad C. Johnson, SystemExperts Corporation

"Wireless 802.11 Security: Questions and Answers to Get Started"
Brad C. Johnson, SystemExperts Corporation

"Internet Penetration Testing: A Seasoned Perspective"
Brad C. Johnson, SystemExperts Corporation

"Hardening Windows 2000"
Philip C. Cox, SystemExperts Corporation

"How Web Spoofing Works"
Brad C. Johnson, SystemExperts Corporation

"More Than You Ever Wanted to Know About NT Login Authentication"
Philip C. Cox, SystemExperts Corporation and
Paul B. Hill, Massachusetts Institute of Technology

"Wardialing: Practical Advice to Understand Your Exposure"
Cheng Tang and Jonathan Gossels, SystemExperts Corporation

Executive Insight Series in PDF format:

"Managing Third Party Risk"
Richard Mackey, Jr.
SystemExperts Corporation

"Network Security Tools
and Their Limitations"
Brad C. Johnson
SystemExperts Corporation

"The Power of a Trusted Relationship"
Peter S. McLaughlin
SystemExperts Corporation

"Thinking About Protecting Data on Portable Devices"
Richard Mackey, Jr.
SystemExperts Corporation

"ISO 2700X:
A Cornerstone of True Security"
Jonathan G. Gossels & Richard Mackey, Jr.
SystemExperts Corporation

"Service Oriented Architectures:
Security Challenges"
Jonathan G. Gossels
SystemExperts Corporation

"Top Security Trends in 2005"
Jonathan G. Gossels
SystemExperts Corporation

"Internet Penetrations: Profiles of an Attacker"
Brad C. Johnson
SystemExperts Corporation

"Certifications: Where's the Beef?"
The ISSA Journal: September 2005
Brad C. Johnson &
Philip Cox
SystemExperts Corporation

"Identity Theft
and the Renewed Focus on Authentication"
Technical Support: August 2005
Jonathan G. Gossels
SystemExperts Corporation

"A Perspective on Practical Security"
Business Briefing: Data Management, Storage, & Security Review 2005
Jonathan G. Gossels
SystemExperts Corporation

"Top 10 Hot Topics in Security"
Jonathan G. Gossels
SystemExperts Corporation

"Identity Theft and the Renewed Focus on Authentication"
Jonathan G. Gossels
SystemExperts Corporation

"Understanding the FDIC's Report
On Account-Hijacking Identity Theft"
Jonathan G. Gossels and Richard E. Mackey,
SystemExperts Corporation

"Secure Electronic Voting:
A Challenge Ahead"
Jonathan G. Gossels, SystemExperts Corporation

"The National Security Agency's
IAM Assessment
Reviewing Your IT Information Assets"
Brad C. Johnson, SystemExperts Corporation

"Privacy: Our Two Cents"
Jonathan G. Gossels, Pete McLaughlin, and Dick Mackey, SystemExperts Corporation

"SAS70: The Emperor Has No Clothes"
Jonathan G. Gossels, SystemExperts Corporation

"ISO 17799: Pay Attention To This One"
Jonathan G. Gossels, SystemExperts Corporation

"Living With Insecurity: A Practical Philosophy"
Jonathan G. Gossels, SystemExperts Corporation

"Should You Care About Biometrics?"
Jonathan G. Gossels, SystemExperts Corporation and
Matthew Martin, JPMorgan-Chase

Cloud Security Resources:

"Is Your Application Cloud-Worthy?"
Most companies or organizations that investigate using the Cloud are driven by the desire to reduced costs or provide dynamic scalability. Some do it for both reasons.

"IaaS Threats in the Cloud - Part 1"
This is part 1 of a 3 part Tech Tip on likely threats in Public Cloud Infrastructure as a Service (IaaS) Cloud.

"IaaS Threats in the Cloud - Part 2"
In this Tip, we’ll be covering the second biggest threat I see to IaaS: Vulnerabilities in the remote management solutions (VPNs, Remote Desktop, Remote Shell, and Web Console UIs).

"IaaS Threats in the Cloud - Part 3"
This tip will focus on exposures in the Domain Name System (DNS) and how this affects Infrastructure as a Service.

"PaaS Threats in the Cloud"
In PaaS, control (and security) of the application is moved to the consumer, and the provider secures the underlying cloud infrastructure (i.e., firewalls, servers, operating systems, etc).

"SaaS Threats in the Cloud"
This Tech Tip will focus on the top three threats I see to Software as a Service (SaaS) consumers. We’ll be talking about the threats you can mitigate, not those that you rely on your provider to mitigate.

"Virtual Desktop Threats"
This Tech Tip is focused on identifying the most common security issues that solution providers run into when deploying virtual desktops for customers and some practical ways to solve them.