Red Tape

Contributed by Christina M. Freeman

This paper will present the researched facts on Payment Card Industry Data Security Standard or PCI DSS as developed by the PCI Council. It will provide the history of the standard, present a foundation of the standards requirements while providing an analysis of the challenges organizations must face to be compliant. It will explore why organization should comply and how compliance has helped protect customer payment card data, contrasted with the additional rules merchants must follow. Discussion surrounding industry best practice for ensuring compliance. Finally, in light of the recent security data breaches, is the PCI standard enough to prevent data breaches and keep information secure? How have the requirements laid out in the standard helped protect the customer?

This document is in PDF format. To view it click here.

Contributed by Rahul Ravella

In this day and age, business compete with each other ruthlessly to get a better edge over their competitor to sell their product. These businesses have some guidelines. One of the guidelines is to guard the business’s information and the information of their customers from the prying eyes of the hackers and their rivals. In order to do this, it is very important to implement an information security management answer that provides enough security for different types of data that is in the business that could be either digitally stored or contracts or written down documents on paper. (leod1, 2011)

This document is in PDF format. To view it click here.

Contributed by Michael Haythorn

Assessing risk is a fundamental responsibility of information security professionals. The basic need to provide products or services creates a requirement to have assets. With assets comes the need protect them from the potential for loss. Conducting a risk assessment is an essential step for organizations in order to ensure than proper controls are in place to protect assets that are critical to business functions. Risk assessment can be a very complex task, one that requires multiple methodologies and resources to perform quantitative and qualitative analysis based on factual evidence as well as subjective opinion. Ultimately the organization bears the responsibility for accurate analysis and control measures.

This document is in PDF format. To view it click here.

Contributed by Cornell Walker

Today the computer has impacted almost every facet of our lives and has become a major means of communication. One of the areas which has seen the most impact is how we maintain and store data. This data is stored in the form of logs, files, spreadsheets, or email to name a few. And along with the means to store this data, we have developed many techniques to retrieve this data.. Once retrieve, this data can be used to restore information, show a history, or used as evidence to arrive at a conclusion – even if the conclusion is within our courts. This paper takes a brief look at a new science that has developed as a result of the way we now store and maintain that data; “computer forensics,” and how this new science has impacted court decision and rulings regarding computer records. The areas of concern are: cleanliness of the evidence and how does the court define “computer records.”

Contributed by Steve Purser

Of all the skills that the modern security manager must possess, good communications is arguably the most basic. Most of us have seen innovative ideas fail at some time or other because they weren’t communicated in the right way and many of us have watched our own projects flounder for similar reasons. Speaking as part of a generation that was taught to fight for what it believes in, it is easy to appreciate how enthusiasm and the will to succeed can quickly become a handicap if not managed correctly. As a practicing security manager I continually meet people who are good at arguing their case, but it is far more difficult to find people who have the patience to listen to other points of view and to adapt their game plan accordingly.

This document is in PDF format. To view it click here.