Communications and Network Security

4 Communications and Network Security Copyright Doug Knehr

Click on the above link for a condensed view (not all links opened) of my deep research and expertise in security engineering covering the following areas:

secure network architecture and design
IP networking

Directory services

domain name service (DNS)
light weight director he Access protocol LDAP
network basic input output system (net bios)
Network information service (NIS)
common Internet file system (CIF S)/server message block (SMB)
network file system(NFS)
simple Mail transfer protocol(SMTP) and enhanced simple Mail transfer protocol (E SMTP)
File transfer protocol
transfer modes
Anonymous FTP
Trivial file transfer protocol (TFT P
Hyper text transfer protocol (HTTP
HTTP proxy – anonymizing proxies
open proxy servers
content filtering
HTTP tunneling
implications of multi-layer protocols

Converged Protocols

defining IP convergence
Wireless Security Issues open system authentication
Cryptography used to maintain communications security

Securing Network Components
secure communication channels
Network attacks


Security Engineering

3 Security Engineering Copyright Doug Knehr

Click on the above link for a condensed view (not all links opened) of my deep research and expertise in security engineering covering the following areas:

Information Security Architecture
information systems security evaluation models
security capabilities of information systems
vulnerabilities and security architectures
Technology and process integration
Single Point of Failure SPOF
Client-based vulnerabilities
Consider the following options when defining mobile device security architecture
Server-based vulnerabilities
Data flow control
Database security
Software and System Vuylnerailities and Threats
Vulnerabilities in Mobile Systems
Vulnerabilities in Embedded Devices and Cyber Physical Systems
Cryptography – Application and Use
Site and facility design considerations
Site planning
design and implement facility security
Implementation and operation of facilities security
Physical Security

Asset Security

2 – Asset Security Copyright Doug Knehr

Click on the above link for a condensed view (not all links opened) of my deep research and expertise in asset security covering the following areas:

Data Mgmnt – Determine and Maintain Ownership
Data Policy

Data ownership
Data Custodianship
Data Quality
Data Documentation
Sample Data Documentation Practices
Data Standards
Longevity & Use
Classifying Information & Supporting Assets
Asset Management
Protecting Privacy
Ensuring Appropriate Retention

COPYRIGHT Douglas S. Knehr Esq.,MBA, CIPM, CIPP, CISSP  (in Training)

Doug at DougKnehr . com

Security and Risk Management

1 Security & Risk Mgmnt Copyright Doug Knehr

Click on the above link for a condensed view (not all links opened) of my deep research and expertise in Security and Risk Management covering the following areas:

1.Security and Risk Management

Critical Areas
Data Breaches
Conducting a Business Impact Analysis (BIA)
Continuous improvement
Threat Modeling
Determining potential attacks
Performing a Reduction Analysis
Technologies and processes used to remediate threats
Integrating security risk considerations into acquisitions strategy and practice
Third-Party assessments
Minimum security requirements
Service-Level requirements
Appropriate levels of awareness, training, and education within an organization
Periodic reviews for content relevancy”
Security Principles
Security & Risk Governance
Industry best practices (i.e., NIST, ITIL, ISO 27000, COSO, and COBIT). ”
Mechanisms for the board of directors and management to have the proper oversight to manage the risk to the enterprise to an acceptable level.”
Purpose of governance
Board of directors should:
Be informed about information security
Set direction to drive policy and strategy
Provide resources to security efforts
Assign management responsibilities
Set priorities
Support changes required
Define cultural values related to risk assessment
Obtain assurance from internal or external auditors
Insist that security investments are made measurable and reported on for program effectiveness.”

Security Mgmnt
Interrelationship of Security & Risk Mgmnt
Common Business Issues Affecting Security Risk mgmnt
Governance Committees –
Governance Committees – A governance committee is responsible for recruiting and maintaining the governance board for an organization. ”

Security Roles and Responsibilities
Security Activities
How its done
Implementing Metrics
“Security Council”
Review and Audit the Security Program”
Establish Control Frameworks for Governance
Global Legal and Regulatory Issues
Develop and Implement Security Policy
Business Continuity (BC) & Disaster Recovery (DR) Requirements
Personnel security
Risk Mgmnt Concept
Risk Assessment Process (NIST – National Institute of Standards and Technology)
Security & Audit Frameworks
ID threats and vulnerabilities
Risk assessment analysis
Risk Mitigation
Risk Acceptance
Counter Measures
Type of controls
Access Control Types
Control assessment/ monitoring measurement
Tangible and intangible Asset Valuation
Continuous Improvement
Risk Mgmnt Frameworks
Create a risk inventory of risks and counter measures
Threat Modeling
enables informed decision making on application security risk
procedure to id objectives and vulnerabilities and then define countermeasures to the threats
Determining Potential attacks and reduction analysis
Technologies and processes to reduce threats
Acquisitions Strategy
Security Education Training & Awareness
Formal Training
Creating security awareness course
Creating culture of awareness
Job Training
Performance Metrics

COPYRIGHT Douglas S. Knehr Esq.,MBA, CIPM, CIPP, CISSP  (in Training)

Doug at DougKnehr . com

Welcome. International Data Protection =Information Security + Data Privacy + Governance

Please do stay in touch with me. Enter your contact info:



Email: Please reach me thru linked in

US Citizen



CISSP  – Certified Information Security System Professional 2015

FIP – Fellow of Information Privacy-2017

CIPM –  Certified Information Privacy Manager 2014

CIPP /US – Certified Information Privacy Professional  2014


JD-Juris Doctor-Stetson College of Law FL 1999

MBA        Master of Business Administration (Finance) – Rutgers Graduate School of Management NJ 1994

BS            Bachelor of Science in Business Economics – Rutgers University Cook College NJ 1992

Strengths:  Information Security/Cyber Security, Data Privacy, Data Protection, Litigation. I am a SME at  GRC aspects of cross border Information Security and Data Privacy. I am a full member CISSP (Cyber Security) , FIP (Fellow of Information Privacy), CIPM (Certified Information Privacy Manager), and CIPP/US (Certified Information Privacy Professional).

In House Consulting: I have consulted to the United States SIFMUs (Systemically Important Financial Market Utility to the United States) guiding CISO, CPO and GC departments. I have also consulted for a 27000+ person international organization with a 23 country footprint building out a 2nd Data Protection department.

I have operationalized information security as CISO and created governance for a $193 billion financial conglomerate with 6 major entities.

Cyber Security Tooling & Monitoring: Knowing how to implement cyber security monitoring tools lawfully in an international environment requires a global understanding of data protection.

GDPR and GRC: Possessing deep cyber security, information security and data privacy expertise, I am a GRC, GDPR and data protection guru. I’ve built and worked on multiple data protection programs affecting more than 30,000 employees across  23 countries

I welcome your call: Please reach me on 609-635-2226 or email