Red Tape


The Journey from Unmanaged to a Managed Risk Management Program

Contributed by Kevin Thompson
Over the five years my organization has pursued becoming more organized in their information security program. To develop an effective program, the organization must start with the basics. Identify and categorize all company assets to effectively apply desired controls later in this process. Next, you must identify reoccurring maintenance windows and communicate with the asset owners to ensure maintenance awareness. Identify and configure security applications that will apply remediations. Identify and decommission all stale assets to eliminate unnecessary risk in the environment. Once all the previously mentioned steps are complete the security management program is at the beginning stages to become an effective tool to lower risk in the environment.
This document is in PDF format. To view it click here.


Assistive Technologies, Risk, Legal & Ethical Considerations

Contributed by Matthew Hester


Risk Management: What is it, Why is it Important, and How to do it?

Contributed by Richard Parker


Developing a Security Awareness Program

Contributed by Mark Heckle
In today’s environment, technology has become a way of doing business. Because of technology, information security has become a necessary factor in how we use technology in our companies. There are certainly ways to help protect the technology with additional hardware and software, but the human component plays a vital role in reducing security risks. It is necessary to make the employees more security aware by developing security awareness programs. This research will show how to develop a security awareness program for your organization. It will also present ways to engage employees in such a plan for your organization. The security awareness program is the first step in protecting your organization from such events as ransomware, phishing attacks, spam, and many more.
This document is in PDF format. To view it click here.


The Effectiveness of Governance and Regulatory Bodies in Protecting Information Security

Contributed by James Robinson
Appropriate and proper understanding and of IT security should be considered an essential and pertinent requirement within any modern business amongst its executives and employees. But, as we have seen throughout recent news, this has not been the case for many companies. This text explores the effectives of governance and regulations as it relates to protecting our information security. This text focuses on the different organizations’ businesses have implemented with hopes of increasing security standards. The articles, figures and tables used in this paper will further elaborate the importance of these organizations and practices within companies.
This document is in PDF format. To view it click here.


Subscribe to RSS - Red Tape