Red Tape

Contributed by Jack Webb

Protecting assets and valuable data is the goal of information security. In order to initiate the necessary measures, there are many areas under information security management that must be considered. One of these is risk management. Under risk management, management must identify the different types of risks whether they are negative or positive. This allows management to assess each risk and then prioritize them based on a predetermined guideline that assists in implementation or possible corrective actions. Based on assessments, management can determine what measures to place which could prevent or at least mitigate possible consequences. There are predetermined steps and principles that assist management in drafting a tailored risk management policies. This also includes well established risk management guidelines that are meant to set standards within information security management.

Contributed by Christina M. Freeman

This paper will present the researched facts on Payment Card Industry Data Security Standard or PCI DSS as developed by the PCI Council. It will provide the history of the standard, present a foundation of the standards requirements while providing an analysis of the challenges organizations must face to be compliant. It will explore why organization should comply and how compliance has helped protect customer payment card data, contrasted with the additional rules merchants must follow. Discussion surrounding industry best practice for ensuring compliance. Finally, in light of the recent security data breaches, is the PCI standard enough to prevent data breaches and keep information secure? How have the requirements laid out in the standard helped protect the customer?

This document is in PDF format. To view it click here.

Contributed by Rahul Ravella

In this day and age, business compete with each other ruthlessly to get a better edge over their competitor to sell their product. These businesses have some guidelines. One of the guidelines is to guard the business’s information and the information of their customers from the prying eyes of the hackers and their rivals. In order to do this, it is very important to implement an information security management answer that provides enough security for different types of data that is in the business that could be either digitally stored or contracts or written down documents on paper. (leod1, 2011)

This document is in PDF format. To view it click here.

Contributed by Michael Haythorn

Assessing risk is a fundamental responsibility of information security professionals. The basic need to provide products or services creates a requirement to have assets. With assets comes the need protect them from the potential for loss. Conducting a risk assessment is an essential step for organizations in order to ensure than proper controls are in place to protect assets that are critical to business functions. Risk assessment can be a very complex task, one that requires multiple methodologies and resources to perform quantitative and qualitative analysis based on factual evidence as well as subjective opinion. Ultimately the organization bears the responsibility for accurate analysis and control measures.

This document is in PDF format. To view it click here.

Contributed by Cornell Walker

Today the computer has impacted almost every facet of our lives and has become a major means of communication. One of the areas which has seen the most impact is how we maintain and store data. This data is stored in the form of logs, files, spreadsheets, or email to name a few. And along with the means to store this data, we have developed many techniques to retrieve this data.. Once retrieve, this data can be used to restore information, show a history, or used as evidence to arrive at a conclusion – even if the conclusion is within our courts. This paper takes a brief look at a new science that has developed as a result of the way we now store and maintain that data; “computer forensics,” and how this new science has impacted court decision and rulings regarding computer records. The areas of concern are: cleanliness of the evidence and how does the court define “computer records.”