Red Tape


PCI Compliance: Is it Enough?

Contributed by Shannon Hensley

On Dec. 19, 2013 the following message was released from Target Stores: “We wanted to make you aware of unauthorized access to Target payment card data. The unauthorized access may impact guests who made credit or debit card purchases in our U.S. stores from Nov. 27 to Dec. 15, 2013. Your trust is a top priority for Target, and we deeply regret the inconvenience this may cause. The privacy and protection of our guests’ information is a matter we take very seriously and we have worked swiftly to resolve the incident."

This document is in PDF format. To view it click here.


Desktop Security Policy Enforcement - How to secure your corporate mobile devices

Contributed by Jason S. Meyer


Incorporating Cyber Risks into the Enterprise Risk Management Strategy

Contributed by Rodney F. Davis

Once the overall Objectives, Goals, Strategy, and Measures (OGSM) have been established for a firm or organization as part of the strategic planning process, the real work commences to begin monitoring the progress towards OGSM along with the intent of maintaining a competitive economic edge and increased profitability. During this monitoring, risks are deferred, mitigated, transferred, or tolerated\accepted based on the risk appetite of the firm and the overall Enterprise Risk Management Strategy.

This document is in PDF format. To view it click here.


Risk Management in Information Security

Contributed by Jack Webb

Protecting assets and valuable data is the goal of information security. In order to initiate the necessary measures, there are many areas under information security management that must be considered. One of these is risk management. Under risk management, management must identify the different types of risks whether they are negative or positive. This allows management to assess each risk and then prioritize them based on a predetermined guideline that assists in implementation or possible corrective actions. Based on assessments, management can determine what measures to place which could prevent or at least mitigate possible consequences. There are predetermined steps and principles that assist management in drafting a tailored risk management policies. This also includes well established risk management guidelines that are meant to set standards within information security management.


Is the PCI Data Security Standard Enough?

Contributed by Christina M. Freeman

This paper will present the researched facts on Payment Card Industry Data Security Standard or PCI DSS as developed by the PCI Council. It will provide the history of the standard, present a foundation of the standards requirements while providing an analysis of the challenges organizations must face to be compliant. It will explore why organization should comply and how compliance has helped protect customer payment card data, contrasted with the additional rules merchants must follow. Discussion surrounding industry best practice for ensuring compliance. Finally, in light of the recent security data breaches, is the PCI standard enough to prevent data breaches and keep information secure? How have the requirements laid out in the standard helped protect the customer?

This document is in PDF format. To view it click here.


Subscribe to RSS - Red Tape