Red Tape

Contributed by Rodney F. Davis

Once the overall Objectives, Goals, Strategy, and Measures (OGSM) have been established for a firm or organization as part of the strategic planning process, the real work commences to begin monitoring the progress towards OGSM along with the intent of maintaining a competitive economic edge and increased profitability. During this monitoring, risks are deferred, mitigated, transferred, or tolerated\accepted based on the risk appetite of the firm and the overall Enterprise Risk Management Strategy.

This document is in PDF format. To view it click here.

Contributed by Jack Webb

Protecting assets and valuable data is the goal of information security. In order to initiate the necessary measures, there are many areas under information security management that must be considered. One of these is risk management. Under risk management, management must identify the different types of risks whether they are negative or positive. This allows management to assess each risk and then prioritize them based on a predetermined guideline that assists in implementation or possible corrective actions. Based on assessments, management can determine what measures to place which could prevent or at least mitigate possible consequences. There are predetermined steps and principles that assist management in drafting a tailored risk management policies. This also includes well established risk management guidelines that are meant to set standards within information security management.

Contributed by Christina M. Freeman

This paper will present the researched facts on Payment Card Industry Data Security Standard or PCI DSS as developed by the PCI Council. It will provide the history of the standard, present a foundation of the standards requirements while providing an analysis of the challenges organizations must face to be compliant. It will explore why organization should comply and how compliance has helped protect customer payment card data, contrasted with the additional rules merchants must follow. Discussion surrounding industry best practice for ensuring compliance. Finally, in light of the recent security data breaches, is the PCI standard enough to prevent data breaches and keep information secure? How have the requirements laid out in the standard helped protect the customer?

This document is in PDF format. To view it click here.

Contributed by Rahul Ravella

In this day and age, business compete with each other ruthlessly to get a better edge over their competitor to sell their product. These businesses have some guidelines. One of the guidelines is to guard the business’s information and the information of their customers from the prying eyes of the hackers and their rivals. In order to do this, it is very important to implement an information security management answer that provides enough security for different types of data that is in the business that could be either digitally stored or contracts or written down documents on paper. (leod1, 2011)

This document is in PDF format. To view it click here.

Contributed by Michael Haythorn

Assessing risk is a fundamental responsibility of information security professionals. The basic need to provide products or services creates a requirement to have assets. With assets comes the need protect them from the potential for loss. Conducting a risk assessment is an essential step for organizations in order to ensure than proper controls are in place to protect assets that are critical to business functions. Risk assessment can be a very complex task, one that requires multiple methodologies and resources to perform quantitative and qualitative analysis based on factual evidence as well as subjective opinion. Ultimately the organization bears the responsibility for accurate analysis and control measures.

This document is in PDF format. To view it click here.