Red Tape


PCI and Why it is Important

Contributed by Michael Mozingo

Millions of credit and debit card transactions are completed daily. Credit and debit card usage is steadily increasing, and with it, so is the treat of fraud. With the increase of payment card fraud, it is important for the merchants who accept these types of payments to have a common standard in place to provide security in keeping card holder information safe. This is where the Payment Card Industry, Payment Card Industry Security Standards Council (PCI SSC) and the Payment Card Industry Data Security Standards (PCI DSS) come into play.

This document is in PDF format. To view it click here.


Risk Management for Healthcare Systems

Contributed by Lamaris Davis

The responsibility of risk management in healthcare systems falls on multiple individuals within any given organization. It’s well known that most hospitals and healthcare systems do not have a completely practicable risk management system that spans across an entire organization and operational structure for the delivery of key services. Ensuring the security of protected health information (PHI) in your health IT system requires that you institute measures to guard against unauthorized use or disclosure of PHI. A risk management plan should have five key parts which are administrative safeguards, technical safeguards, physical safeguards, organizational standards, and policies and procedures. For any single risk, a combination of safeguards may be necessary because there are multiple potential vulnerabilities that exist that could negatively affect healthcare systems, according to the American Society for Healthcare Risk Management.


Incident Response Planning In Industrial Control Systems

Contributed by Bill Clark

This paper discusses what Incident Response (IR) Planning is, what Industrial Control Systems (ICS) are, and how IR Planning pertains to ICS security. IR Planning is the process of preparing for any type of adverse event, also known as an incident, which can cause a process degradation or failure in a system. A system can be hardware, software, or a combination of both. An event can be man-made or natural in origin. An ICS is a combination of hardware and software processes that use extreme precision to automate or control most of today’s manufacturing product lines, water and power utility production plants, and transportation systems for people and products. For ICS applications and data, availability is the first priority.  

This document is in PDF format. To view it click here.


Better Passwords and Policies

Contributed by David Patten

Everyday press releases cover information security breaches from many top companies. Often these breaches include releasing the passwords that were stolen. Sadly, these passwords are usually trivial to crack which leads to further exploitation. Simple passwords are a problem that is created by both human nature and by poor password policies and training. This paper will look at the tools used to crack passwords, the passwords users create, password policies, and look at some creative and innovate solutions to the password problem.

This document is in PDF format. To view it click here.


Privacy and Government Surveillance

Contributed by David W. Mitchell

Federal government’s broad powers to act for public safety and national security are limited by the First Amendment and Fourth Amendment. The 9/11 attack have open the doors on warrantless surveillance programs. The mass collection of sensitive information has been challenged by many as an invasion of privacy. Snowden’s release of sensitive information has brought to light the true challenges between government surveillance and privacy. There is a true need to balance government surveillance and privacy in order to protect America. Lawmakers are starting to recognize this with the introduction of new laws to tackle and balance privacy with government surveillance. These improved laws must be introduced on a national level.

This document is in PDF format. To view it click here.


Subscribe to RSS - Red Tape