Red Tape


Security Code Review- Identifying Web Vulnerabilities

Contributed by Kiran Maraju. Revived from the old site.

This paper gives an introduction of security code review inspections, and provides details about web application security vulnerabilities identification in the source code. This paper gives the details of the inspections to perform on the Java/J2EE source code. This paper explains the process of identifying vulnerable code and remediation details. This paper illustrates the specific locations of code flows to be checked to identify web application vulnerabilities.

This document is in PDF format. To view it click here.


How Acceptable Use Policies Coincide with HIPPA Requirements

Contributed by Jody Rouse and restored from the old Infosecwriters archives.

Use of the Internet and networked computers are resources available to many workers in today’s work environment. Many of these resources allow the user to transmit confidential data especially within the health care field. However, many of these resources are not required or related to the worker’s job. One solution to this problem is to develop an Acceptable Use Policy (AUP) that outlines the permissible parameters of employee computer use. To combat the transference of health care data through inappropriate means and the use of private health care data in a non-private way, a new act was passed. This act is called the Health Insurance Portability and Accountability Act (HIPAA). This paper will define AUP, HIPAA requirements and how AUPs coincide with HIPAA requirements.


Information Security Policy for Small Business

Security Policy

Contributed by Bruce D Waugh in 2008 and pulled from the old Infosecwriters archives.

Information security policy, while being one of the most important steps in helping to secure an information system, is also one of the most frequently overlooked and misunderstood in small businesses. Performing the steps necessary to create strong, effective, and more importantly, enforceable policy are usually perceived to be beyond the resources of most small businesses. Yet with the pervasiveness of small business, these information systems can become unwitting tools for attackers and provide a stepping stone for larger attacks on enterprise networks.

By understanding the pertinent issues in creating and maintaining effective policy, small businesses can create workable rules by first understanding the psychology of their workers, the Information landscape in which they operate, and the value of the information being protected.


Best Practices to Minimize Risks for Online Gaming

Contributed by Emily Walters.

Online gaming is a market that is growing as more multiplayer, internet based games are released. With this growing market comes a growing risk for the consumers. While games are being given more features that are unique, it is opening up possibilities for security risks. It is the people who play video games responsibility to stay informed, be aware, do research, and comply with a benevolent gaming social experience. Unfortunately, not all gamers want to have a safe and fun environment for all to enjoy. Some of these people want to create problems for the companies providing the gaming service, or people who enjoy the game. So, what practices can gamers use to minimize security risks for online gaming?


The Information Security Management System in Healthcare Computer Networks

Contributed by Ming-Li Tabor

Sony Pictures Entertainment got cyber attacked and was requested to cancel the film, The Interview. The security of the network was vulnerable to the attack. In the health care sector, patients’ medical and personal information are electronic records, which are vulnerable to hackers. The purpose of research is to increase the awareness and translate the importance of information security. The organizations of health care should ensure the confidentiality, integrity, and availability of the health care personal information. The information security management system includes policies which are related to information security and risks. The contents include security management and risk assessment, security controls, plans, and procedures, physical security, human factors security, security auditing, and computer security models.


Subscribe to RSS - Red Tape