Red Tape

Wed
09
Dec

Advanced Persistent Threats: What Are They and Why Do I care

Contributed by Bryant Rossil

My term paper will focus on the protection of the enterprise against the business directed cybercrimes, Advanced Persistent Threats (APT). This paper will define what an APT is and some of the behaviors and characteristics associated with this sophisticated attack which are unlike the attacks businesses face daily. Showing how an APT works will also be present in this paper which will detail some of the ways APTs find there way into corporate systems. I will then focus on the detection of APTs and how an information security team can monitor these stealth attacks that can last an indefinite amount of time depending on the attackers goal. Lastly, I will cover the methods in which the business can deter these cyber attacks and the multiple ways to protect the company’s assets from these criminal operators.

This document is in PDF format. To view it click here.

Mon
07
Dec

Information Security Career Planning: Education, Training and the Role of Professional Certifications (Part 2)

Contributed by Ken Newman

PART 2 of 2: Regardless of options, there are some key elements that should be present in any form of education in order to provide lasting value to the information security professional. This article does not discuss technical details, although they are acknowledged as core to almost all levels of security professionals. Instead, the article focuses on those areas that create a “breadth” of softer skills in order to produce a more well-rounded and marketable individual.

This document is in PDF format. To view it click here.

Fri
27
Nov

Effective Controls for Attaining Continuous Application Security Throughout

Contributed by Caleb Sima and Vincent Liu

Given the choice, every organization would want secure Web sites and applications from the Web application development phase all the way through the software development life cycle. But why is that such a challenge to attain? The answer is in the processes (or lack thereof) that they have in place.

Fri
27
Nov

The Effect of Compliance on Database Integrity, Security and Administration

Contributed by Patti Jessup

The dawn of the 21st century saw advances in technology that allowed consumers and businesses to communicate and complete routine and complex transactions using a new vehicle – the internet. This new medium quickly became the status quo for millions of consumers to procure everything from mortgage loans to prescription refills. However, every cloud has a silver lining and a dark side. The dark side quickly materialized in the form of corporate mismanagement scandals, identity theft and privacy violations. New compliance regulations began to take shape in an effort to mitigate these issues. These regulations touch every aspect of a business from financial reporting to firewall configurations.

This document is in PDF format. To view it click here.

Thu
19
Nov

Best Practices, Procedures and Methods for Access Control Management

Contributed by Michael Haythorn

Controlling access to information and information systems is a fundamental responsibility of information security professionals. The basic need to consume data creates a requirement to provide control over the access necessary to use that data. It is this subject-object interaction that introduces risk that must be mitigated through methodological policy creation and enforcement. Access controls are managed through the provision of rules to grant/deny subjects who intend to access certain objects. These rules can be defined and enforced through a number of means to create a manageable layered control process. The overarching goal of access control is to facilitate the mitigation of risk to the object.

This document is in PDF format. To view it click here.

Pages

Subscribe to RSS - Red Tape