Red Tape


System Audit: Looking for Ways to Control Security Issues

Contributed by John W. McClain


PCI Compliance: Is it Enough?

Contributed by Shannon Hensley

On Dec. 19, 2013 the following message was released from Target Stores: “We wanted to make you aware of unauthorized access to Target payment card data. The unauthorized access may impact guests who made credit or debit card purchases in our U.S. stores from Nov. 27 to Dec. 15, 2013. Your trust is a top priority for Target, and we deeply regret the inconvenience this may cause. The privacy and protection of our guests’ information is a matter we take very seriously and we have worked swiftly to resolve the incident."

This document is in PDF format. To view it click here.


Desktop Security Policy Enforcement - How to secure your corporate mobile devices

Contributed by Jason S. Meyer


Incorporating Cyber Risks into the Enterprise Risk Management Strategy

Contributed by Rodney F. Davis

Once the overall Objectives, Goals, Strategy, and Measures (OGSM) have been established for a firm or organization as part of the strategic planning process, the real work commences to begin monitoring the progress towards OGSM along with the intent of maintaining a competitive economic edge and increased profitability. During this monitoring, risks are deferred, mitigated, transferred, or tolerated\accepted based on the risk appetite of the firm and the overall Enterprise Risk Management Strategy.

This document is in PDF format. To view it click here.


Risk Management in Information Security

Contributed by Jack Webb

Protecting assets and valuable data is the goal of information security. In order to initiate the necessary measures, there are many areas under information security management that must be considered. One of these is risk management. Under risk management, management must identify the different types of risks whether they are negative or positive. This allows management to assess each risk and then prioritize them based on a predetermined guideline that assists in implementation or possible corrective actions. Based on assessments, management can determine what measures to place which could prevent or at least mitigate possible consequences. There are predetermined steps and principles that assist management in drafting a tailored risk management policies. This also includes well established risk management guidelines that are meant to set standards within information security management.


Subscribe to RSS - Red Tape