Red Tape

Fri
27
Nov

Effective Controls for Attaining Continuous Application Security Throughout

Contributed by Caleb Sima and Vincent Liu

Given the choice, every organization would want secure Web sites and applications from the Web application development phase all the way through the software development life cycle. But why is that such a challenge to attain? The answer is in the processes (or lack thereof) that they have in place.

Fri
27
Nov

The Effect of Compliance on Database Integrity, Security and Administration

Contributed by Patti Jessup

The dawn of the 21st century saw advances in technology that allowed consumers and businesses to communicate and complete routine and complex transactions using a new vehicle – the internet. This new medium quickly became the status quo for millions of consumers to procure everything from mortgage loans to prescription refills. However, every cloud has a silver lining and a dark side. The dark side quickly materialized in the form of corporate mismanagement scandals, identity theft and privacy violations. New compliance regulations began to take shape in an effort to mitigate these issues. These regulations touch every aspect of a business from financial reporting to firewall configurations.

This document is in PDF format. To view it click here.

Thu
19
Nov

Best Practices, Procedures and Methods for Access Control Management

Contributed by Michael Haythorn

Controlling access to information and information systems is a fundamental responsibility of information security professionals. The basic need to consume data creates a requirement to provide control over the access necessary to use that data. It is this subject-object interaction that introduces risk that must be mitigated through methodological policy creation and enforcement. Access controls are managed through the provision of rules to grant/deny subjects who intend to access certain objects. These rules can be defined and enforced through a number of means to create a manageable layered control process. The overarching goal of access control is to facilitate the mitigation of risk to the object.

This document is in PDF format. To view it click here.

Tue
10
Nov

DICOM Security in Healthcare IT

Contributed by Ryan Daley

Mon
09
Nov

Disgruntled employees and Intellectual Property Protection

Contributed by Dan Morrill

The greatest knowledge is knowing what intellectual property you own, and where it is located on the network. The next greatest knowledge to know is what controls, technology and processes stand between that data and both insiders and outsiders. The way that intellectual property theft happens can come along a number of various tangents. However, the disgruntled employee is fast becoming the avenue of choice for loosing intellectual property. There is at least one excellent example, in the Sony DRM root kit that could provide a viable avenue for the disgruntled employee to take advantage of the network, and its computing systems.

This document is in PDF format. To view it click here.

Pages

Subscribe to RSS - Red Tape