Red Tape

Contributed by Jerrette McCrimmon

Contributed by Stephen Jenkins
This paper will emphasize a list of recommendations for establishing an efficient information security network within the ABCD Company. Along with the provided list of recommendations an explanation on how to conform to the requirements of the Sarbanes-Oxley Act.  A part of making sure that these security regulations are being met is by using the principle of separation of duties.   This paper will indicate how implementing policies physical security, logical security, access control, and network security applications can provide the necessary information security for ABCD Company to meet the necessary confidentiality, integrity and availability of the company information systems.
 
 
This document is in PDF format. To view it click here.

Contributed by David Balaban
One can easily find weak points and vulnerabilities virtually everywhere: our bodies are vulnerable to viruses and weak in front of the eternity, and there’s a lot of weak points in our memory and our mind. All the software solutions we create are also imperfect. In this article, I will try to address matters related to the ethics of the vulnerability research and pentesing.
 
This document is in PDF format. To view it click here.

Contributed by James S. McKinney

Contributed by Dietrich Lehr

Information has always been a vital part of any business. Today, information is shared globally in an instant and able to be accessed remotely. This has brought about the need for a method of ensuring that this information can be protected securely and unauthorized access and data loss is mitigated. There are several organizations in existence today that have sought to create a set of universal standards that can be tailored and applied to a company, regardless of size, in pursuit of information security. This paper will examine the International Organization for Standardization 27001 standard that exist today to assist companies in creating their own information security management systems. I will also examine digital commercial solutions that are designed to accelerate and automate the implementation of information security management systems used to secure information assets in the workplace.