Red Tape

Contributed by Michael Haythorn

Controlling access to information and information systems is a fundamental responsibility of information security professionals. The basic need to consume data creates a requirement to provide control over the access necessary to use that data. It is this subject-object interaction that introduces risk that must be mitigated through methodological policy creation and enforcement. Access controls are managed through the provision of rules to grant/deny subjects who intend to access certain objects. These rules can be defined and enforced through a number of means to create a manageable layered control process. The overarching goal of access control is to facilitate the mitigation of risk to the object.

This document is in PDF format. To view it click here.

Contributed by Ryan Daley

Contributed by Dan Morrill

The greatest knowledge is knowing what intellectual property you own, and where it is located on the network. The next greatest knowledge to know is what controls, technology and processes stand between that data and both insiders and outsiders. The way that intellectual property theft happens can come along a number of various tangents. However, the disgruntled employee is fast becoming the avenue of choice for loosing intellectual property. There is at least one excellent example, in the Sony DRM root kit that could provide a viable avenue for the disgruntled employee to take advantage of the network, and its computing systems.

This document is in PDF format. To view it click here.

Contributed by John W. McClain

Contributed by Shannon Hensley

On Dec. 19, 2013 the following message was released from Target Stores: “We wanted to make you aware of unauthorized access to Target payment card data. The unauthorized access may impact guests who made credit or debit card purchases in our U.S. stores from Nov. 27 to Dec. 15, 2013. Your trust is a top priority for Target, and we deeply regret the inconvenience this may cause. The privacy and protection of our guests’ information is a matter we take very seriously and we have worked swiftly to resolve the incident."

This document is in PDF format. To view it click here.