Red Tape


Information Security Management in a Regulation Driven World

Contributed by Christina Freeman

This paper will explore the positive aspects and the challenges to managing information security in a world that is full of regulatory requirements. While the United States has the most requirements, such as Sarbanes Oxley, Payment Card Industry Data Security Standard, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, etc., providing direction for the management of information security in the US, there are many other regulations that affect other countries as well, sometimes in contrast to US requirements. In many other countries there are, at the very least, some type of privacy or personal information protection regulation. In addition to examining these regulatory requirements, I will analyze how these regulatory requirements affect information security management as a whole and how global organizations handle the different regulations in which compliance is required.


Security Code Review- Identifying Web Vulnerabilities

Contributed by Kiran Maraju. Revived from the old site.

This paper gives an introduction of security code review inspections, and provides details about web application security vulnerabilities identification in the source code. This paper gives the details of the inspections to perform on the Java/J2EE source code. This paper explains the process of identifying vulnerable code and remediation details. This paper illustrates the specific locations of code flows to be checked to identify web application vulnerabilities.

This document is in PDF format. To view it click here.


How Acceptable Use Policies Coincide with HIPPA Requirements

Contributed by Jody Rouse and restored from the old Infosecwriters archives.

Use of the Internet and networked computers are resources available to many workers in today’s work environment. Many of these resources allow the user to transmit confidential data especially within the health care field. However, many of these resources are not required or related to the worker’s job. One solution to this problem is to develop an Acceptable Use Policy (AUP) that outlines the permissible parameters of employee computer use. To combat the transference of health care data through inappropriate means and the use of private health care data in a non-private way, a new act was passed. This act is called the Health Insurance Portability and Accountability Act (HIPAA). This paper will define AUP, HIPAA requirements and how AUPs coincide with HIPAA requirements.


Information Security Policy for Small Business

Security Policy

Contributed by Bruce D Waugh in 2008 and pulled from the old Infosecwriters archives.

Information security policy, while being one of the most important steps in helping to secure an information system, is also one of the most frequently overlooked and misunderstood in small businesses. Performing the steps necessary to create strong, effective, and more importantly, enforceable policy are usually perceived to be beyond the resources of most small businesses. Yet with the pervasiveness of small business, these information systems can become unwitting tools for attackers and provide a stepping stone for larger attacks on enterprise networks.

By understanding the pertinent issues in creating and maintaining effective policy, small businesses can create workable rules by first understanding the psychology of their workers, the Information landscape in which they operate, and the value of the information being protected.


Best Practices to Minimize Risks for Online Gaming

Contributed by Emily Walters.

Online gaming is a market that is growing as more multiplayer, internet based games are released. With this growing market comes a growing risk for the consumers. While games are being given more features that are unique, it is opening up possibilities for security risks. It is the people who play video games responsibility to stay informed, be aware, do research, and comply with a benevolent gaming social experience. Unfortunately, not all gamers want to have a safe and fun environment for all to enjoy. Some of these people want to create problems for the companies providing the gaming service, or people who enjoy the game. So, what practices can gamers use to minimize security risks for online gaming?


Subscribe to RSS - Red Tape